Mindeasy

Configuring Mail Relay Settings in Imail V11

Fri, 10 Jul 2009 23:00:18 +0000

When building an email server we must always make sure we are not OPEN RELAYS. If you build a server that is an open relay you will soon discover that users not of you own are using your server to send an army of spam. You will also learn that your server is blacklisted, and depending on the damage and how long it has been compromised may need a new IP and Hostname, due to the original being on so many blacklists its not worth trying to get off all of them.

IPSWITCH has made an alternative to Microsoft popular Exchange server called Imail. The current version of Imail is version 11.

To secure the IMAIL server you must first get into the SMTP server settings.
1. From the Imail console Click Services –> Select Imail SMTP Server –> Configure Services

Configuring Relay settings in Imail server

2. Once you are in the Configuration options You will see Relay for. This is where you set the Relay type.

configuring Imail relay settings

Imail has 5 relay types, No Relay, Address, Local users, Local hosts, Anyone.

No Relay is what it says no relay, the server will not send mail for anyone.

Addresses setting will allow certain IP or whole IP subnet to send email from the server. E.g Your internal network is 192.168.2.0, then you could set addresses and set that IP range, this will allow Imail to relay for any one on the 192.168.2.0 network.

Local Users – you can create local user accounts on the server but this is time consuming.

Local hosts – which will allow local hosts.

Anyone – this is a NONO this will allow anyone anywhere to relay mail from your server only use this for testing purposes.

How to move the Schema Master Role

Fri, 10 Jul 2009 18:14:18 +0000

Moving the Schema Master roles does not happen often but there are times when we need to do it. The Windows 2000/2003 server with Schema Master role, manages all updates and additions to the schema and then replicates those changes to other Domain controllers. Only the server with the Schema Master role can actually write to the Schema. Think of the Schema as a big dictionary, it tells Active Directory what every object means and what it does.

To move the Schema master follow the setups below.

Part 1. First you will need to register the Schmmgmt.dll
a) Click Start and then go to RUN
b) Type regsvr32 schmmgmt.dll and click ok
c) You should see a message that says

Message after successful registration Schmmgmt.dll

Part 2
1.Click Start, click Run, type mmc in the Open box, and then click OK.
2. On the File, menu click Add/Remove Snap-in.
3. Click Add.

Adding a MMC Snap-in

Selecting the Active Directory Schema Snap-in

4. In the console tree, right-click Active Directory Schema, and then click Change Domain Controller.
5. Click Specify Name, type the name of the domain controller that will be the new role holder, and then click OK.

Changing Domain Servers

6. In the console tree, right-click Active Directory Schema, and then click Operations Master.
7. Click Change.
8. Click OK to confirm that you want to transfer the role, and then click Close.

This is how you change the Schema master Role to a new server.

The importance of SPF records

Thu, 09 Jul 2009 06:24:17 +0000

What is a SPF record? Well it is a DNS entry that is used to help combat SPAM and email spoofing. It does this by adding information to DNS about which servers are allowed to send email for that Domain.
A SPF record is a custom record call txt in windows DNS. There are many tools that can help you automatically create a SPF record. At the end of this article I will list a great one.

Configure SPF to combat SPAM

The way SPF combats SPAM and domain Spoofing is when an email is sent from XYZ domain the receiving server or mail gateway (if configured to do SPF checking) does a SPF check. Once it gets the SPF details it gets the information on which IP or servers may send mail for XYZ Domain. Now if the email was spoofed it would show a different IP or server name then what the SPF records state and the receiving mail gateway or mail server will drop the email.

The link below goes to a SPF creation wizard created by Microsoft.

http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

The link below goes to a SPF validation tool

http://www.kitterman.com/spf/validate.html

Belkin Wireless G router

Thu, 09 Jul 2009 04:40:31 +0000

When looking for a home router, keeping it easy is key. Like so many home based routers if you plug it in it will automatically work.
But for some people who want to log into the router and change some setting such as setting up security on wireless or forwarding a port the management interface on the router is key. The Belkin

Belkin Wireless G Router

G router’s Interface is, lets say very ugly. Yes all the buttons are there, but unlike some other home routers the help and explanation of what a setting does is not very prominent or clear.

Belkin Interface

As pictured above the interface is pretty much nothing great, but the most importnat part that is really missing is the help next to each section. Now there is a help button but it lists everything so you need to read through it to find what you need.

All in all if you want a OK router that just works, then this is fine, but there are others made by D-link, and Linksys that are in the same price point and are much better.

Spector 360

Thu, 09 Jul 2009 00:26:47 +0000

Employee monitoring has been around for a long time, from video surveillance, to check in/out systems. With the digital era, these methods only go so far. Files can be stolen, people may be wasting time surfing the net or looking at inappropriate sites. A level of monitoring on a employee is needed. Where I work now, we deployed a program call Spector 360 by Spectorsoft. The need arose as we suspected certain employees of stealing company assets such as confidential files etc. Of course we had no real proof, thus needed a solution to covertly collect data on the employee so we had proof and thus take legal action. I installed a demo of Spector 360 and was amazed at how much data it collected. It collected what sites where visited for how long, what people were searching online, all email activity, application usage, file transfer information, chat logs, keystrokes, even desktop snap shots each second, etc. I could even setup keyword alerts.

Everything Spector records

Spector 360 installs an agent on the remote machine. The agent is not found in program files and the actual process is named something completely different thus not to tip off the employee being monitored. The agent reports back to the Spector 360 server. From the Dashboard on the server you you can view and monitor every aspect of your employees actions on company machines.

Spector 360 Dashboard

From within the dash board you can hammer down on an individual employee, and see all actions of that employee, or find out information such as most visited site and by whom, employee you sent most emails, etc

Spector 360 quick view

I have looked at a few different monitoring systems but non of them have come close to giving me so much flexibility and ease then Spector 360, I definitely recommend this if you are looking for an employee monitoring suite.

NetGear Ready NAS Review

Wed, 08 Jul 2009 19:50:31 +0000

Well Last year I was looking for a Nas appliance to store backups on, and I found the Netgear Ready Nas 1100. I have been using this appliance for about 1 year and I can say it is great.

The ready Nas comes in either bare bones where you add the drives or it comes in 1, 2, 3 , 4 Tera bye configurations. The drives that come with the Ready Nas are Segate. The Ready Nas was evaluated on 4 principle areas, ease of management, performance/Reliability and feature set.

Ease of Management – The Nas is almost plug an play. Simply connect it to your network and it will get a DHCP address and then use the RAIDar utility that ships with it to do the initial configuration. Once that is complete you can fully manage the Ready Nas from the HTTPS GUI. The GUI is easy to use, understand and has email alerting. Creating shares and assigning them permissions is very easy especially if you have configured the AD integration. Over all this appliance is very user friendly and time saving.

Feature Set – The Ready Nas has Active Directory integration. This made my situation very easy since I do have over 250 users on my network. The Read Nas simply connected to active directory and pulled the user accounts over along with all security group, It extended my active Directory structure and made my life easy.
The Ready Nas 1100 also has a built in print server, retrospect backup installed and integrated, Streaming services, and ftp. I don’t really use any of the extra features other then FTP Since I strictly use this appliance as a backup location.

Performance and Reliability – I have noticed that the Ready Nas is sluggish in its web GUI, It is not overly bad just more of an annoyance. The Ready Nas comes with 4 SATA Segate drives (7200 rpm). The drives are meant for capacity not speed. It you are using it as a backup or file server it will be fine. The drives are automatically put in a raid 5 when all the drive bays are full. A really nice thing about the Nas is if you have 4 – 750 gig drives and you upgrade one to 1 Tera byte, the Nas automatically adjusts the free space to give more and maintains its raid 5 array. This process though is a bit slow when it is initializing the drive it can take up to 5 hours depending on how much data you have. The Nas also comes with redundant Network cards, and has 3 built in fans. Once email alerting is configured the Nas will email any failures or abnormalities it detects. Another way to monitor health is to log on to the GUI and click Status -> Health. It will give a breakdown of all the components.

All in All this is a solid appliance that has being working for me without any issues for a year. It fulfills all my backup needs and has AD integration.

Changing Terminal Services Listening Port

Mon, 06 Jul 2009 19:43:38 +0000

From time to time we all may want to change the default Terminal services listening port from 3389 to something else. This works for Windows XP and Server 2003. It is very easy to do just follow the below instructions.

1. Run Regedt32 and go to:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

2. Find the “PortNumber” subkey (3389). Modify the port number in Hex and save the new value.

After this is done To access this server from another machine using RDP make sure you type in the remote computers IP:portnumber E.G 192.168.1.23:50501

Windows Network Load Balancing Servce (NLBS) Setup

Tue, 19 May 2009 23:51:59 +0000

Like so many sys admins, there comes a time when your one little web server no longer cuts the mustard. The server is continuously being hammered by requests and it just can’t keep up. Sure you can scale up and get a bigger beefier machine, but even it will one day fail from the load. Why not spread the load out between multiple servers. This way you can have less costly servers servicing requests and it also relieves single point of failure. If one web server were to DIE, the others will soldier on.

So now that you got a brief lesson why how NLB Service can help you, here’s the best part, It’s FREE. Microsoft has included this great clustering service for free, and it actually works.

I currently run 14 servers using NLB; 32 is the limit for NLB so keep that in mind. It also can be managed centrally, so that is also great. Now with all the fluff out of the way lets get down to setting it up. Read my article on why NLB Rocks its called NLB Rocks

Step 1.
Go to the properties of the Network Adapter on the server and click Network Load Balancing and click OK. If service is not in the list go to Install and select Network Load Balancing.

Step 2
Go to Administrative Tools –> Network Load Balancing Agent

Step 3
Once in the manager click Cluster and select NEW

Step 4
Here is where it will ask for the Cluster IP Information. This is the Virtual IP that will be shared between servers. I will enter some sample data to continue. For the full Internet name you can leave this is as default or if you are only going to be serving one web domain off this cluster type in the name if you like, but this setting doesn’t affect NLB. Keep Unicast enabled for simplification. I don’t recommend the allow remote control for security reasons. Click next to continue

Step 5
Here you can specify more virtual IP’s that the servers in this cluster will load balance. This is useful if you have multiple Web domains in IIS. That way all the web domains are being load balanced. I will not add any now, but we can always add them later.

Step 6
The next part is port rules. It is important to make sure you only add the ports you want, the default is everything. These are the ports the NLB Service will respond too.

Step 7
For web servers generally 80 and 443 are needed. Specify the port range, and select the affinity. Affinity is how the request gets handled. If single affinity is selected that means when a person connects to you web server on a port lets say 80 to browse a page, the person will stay on that server. The persons web session connection will stay with that server only. This is very important for SSL. SSL needs to be single affinity or it will not work. If no affinity is selected, when a person browses a page on one server, and then searches for a product, a different server may respond to him. Thus any server in the cluster will respond to the client.

Step 8
Once you have added the ports the next screen will look like this. Click next to continue

Step 9

This step we need to add the server we are doing the work on as a member of the cluster. Add the IP of the server in the host field. If the server has multiple Network cards add the IP on the network adapter with NLB installed on it.

Step 10
Accept the defaults and click finish

And we are done. We have susscefully added one client to the Network load balancing service, but one client is useless we need at least two for this to work. To add a client we simply go back to the manager and connect to the cluster. Once connected to the cluster go to cluster and add host.

I hope this helped you setup you NLB cluster. Please leave feed back.

How to Backup Windows DNS

Mon, 18 May 2009 17:17:01 +0000

Well I currently run two standalone Windows server 2003 DNS servers. I needed a way to backup and restore all the settings if one off my DNS servers failed. The servers are not Active Directory Integrated. I found a script by Dean Wells. It works wonderfully.

The Script will be at the end of the post.

To backup use the EXPORT command. See image below off the command.

Now you are done, Keep the folder you exported all your DNS settings safe. To import jsut do the reverse, and use the command IMPORT and the folder your created.

Here is the script you need. Call it dnsdump.bat

:: DNSdump Version 2.0 – Dean Wells, MSEtechnology – July 2003

:: PURPOSE – Dumps local server’s DNS service configuration and zone content. Once dumped, the content
::           can be imported on any other Windows 2000/2003 based DNS server [includes cross OS dumps]

:: DNSdump V2.0 is INCOMPATIBLE with the current public release

:: Supports Windows 2000/2003 members or DCs including Active Directory integrated zones. Application
:: partitions are supported

:: Requires Administrative credentials on local machine. If the DNS server is also a Domain Controller,
:: Domain Administrative credemtials are required in order to export or import Active Directory integrated
:: DNS zones

:: Active Directory integrated zones exported from the domain NC will be translated to the local domain
:: NC in the event of a cross domain export/import. Further behavioral details documented in syntax help

@echo off
setlocal ENABLEDELAYEDEXPANSION

:: Prepare the display
echo.

:: Define environment
set TOOLNAME=DNSdump
set KNOWNPATH=25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
set INSTALLROOT=%SystemRoot%\System32\DNS
set DUMP=%~f2
set STDOUT=nul
set STDERR=nul
set WORKING=0
set ERROR=
set domainDN=
set domainDNS=
set SUPPORTEDBUILDS=2195 3790

:: Check local server meets necessary requirements for successful operation

:: Derive operating system version and validate support
for /f “tokens=3 delims=.]” %%v in (’ver’) do set BUILD=%%v
for %%s in (%SUPPORTEDBUILDS%) do (
if not “%%s”==”%BUILD%” (
  if “!ERROR!”==”" set ERROR=1
) else (
  set ERROR=0
)
)
if not “%ERROR%”==”0″ (
call :ERROR unsupported operating system version, build “%BUILD%”
goto :END
)

:: Check for sufficient arguments
if “%2″==”" (
call :ERROR insufficient arguments
call :SYNTAX
goto :END
)

:: Correct and/or report any errors in the dump directory argument
set DUMP=%DUMP:”=%
set TDUMP=%DUMP: =%
if not “%TDUMP%”==”%DUMP%” (
call :ERROR dump path CANNOT contain spaces, “%DUMP%”
goto :END
)

:: Locate critical executables, error and terminate if not found
for %%e in (net.exe findstr.exe ldifde.exe regedit.exe) do (
set where=”%%~$PATH:e”
if “!where!”==”"”" (
  call :ERROR critical executable, “%%e”, could not be located
  goto :END
)
)

:: Determine if DNS service is installed on local machine
regedit /E:A “%TEMP%\DNS-Service.TMP” HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS
if not exist “%TEMP%\DNS-Service.TMP” (
call :ERROR DNS service does not appear to be installed on “%COMPUTERNAME%”
goto :END
)

:: Check local credentials
net user “%username%” | findstr /i “Administrators” 1>%STDOUT% 2>%STDERR%
if errorlevel 1 (
net user “%username%” | findstr /i /c:”Domain Admins” 1>%STDOUT% 2>%STDERR%
if errorlevel 1 (
  call :ERROR security context is insufficient, administrative credentials required
  goto :END
)
)

:: Determine if local machine is member or Domain Controller
regedit /E:A “%TEMP%\DCorMember.TMP” “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions”
if not exist “%TEMP%\DCorMember.TMP” (
call :ERROR unable to determine machine configuration [DC or member]
goto :END
)
for /f “tokens=2 delims==” %%t in (’type “%TEMP%\DCorMember.TMP” ^| findstr “ProductType”‘) do (
if /i “%%t”==”"LanmanNT”" (set TYPE=DC) else (set TYPE=MEMBER)
)

:: Get DNS domain name of local machine
if “%TYPE%”==”DC” (
regedit /E:A “%TEMP%\NTDS-Service.TMP” HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters
if not exist “%TEMP%\NTDS-Service.TMP” (
  call :ERROR Directory Service configuration could not be determined
  goto :END
)
for /f “tokens=1* delims==” %%s in (’type “%TEMP%\NTDS-Service.TMP” ^| findstr “sysvol”‘) do (
  set SYSVOL=%%t
  set SYSVOL=!SYSVOL:\\=\!
  for /f “tokens=2 delims=>” %%d in (’dir !SYSVOL! /ad ^| findstr “JUNCTION”‘) do (
   set domainDNS=%%d
   set domainDNS=!domainDNS: =!
  )
)
if “!domainDNS!”==”" (
  call :ERROR Directory Service configuration could not be determined
  goto :END
)
call ERIVEDN “!domainDNS!”
set domainDN=!partDN!
)

:: Begin script body

:: Determine mode of operation
if /i “%1″==”IMPORT” (
set MODE=IMPORT
) else (
if /i “%1″==”EXPORT” (
  set MODE=EXPORT
) else (
  call :ERROR invalid mode specified, “%1″
  call :SYNTAX
  goto :END
)
)

:: React to derived mode and create/verify dump directory structure
if “%MODE%”==”EXPORT” (
if exist “%DUMP%” (
  call :ERROR dump directory already exists, “%DUMP%”
  goto :END
) else (
  md “%DUMP%” 2>%STDERR%
  if errorlevel 1 (
   call :ERROR unable to create dump directory, “%DUMP%”
   goto :END
  )
  md “%DUMP%\InstallRoot” 2>%STDERR%
  if errorlevel 1 (
   call :ERROR unable to create directory, “%DUMP%\InstallRoot”
   goto :END
  )
  md “%DUMP%\Logs” 2>%STDERR%
  if errorlevel 1 (
   call :ERROR unable to create log directory, “%DUMP%\Logs”
   goto :END
  )
)
) else (
if not exist “%DUMP%” (
  call :ERROR specified dump directory NOT found, “%DUMP%”
  goto :END
)
)

:: Define custom DNS service installation root if supplied
if not “%3″==”" (
set INSTALLROOT=%~f3
if not exist “%INSTALLROOT%” (
  call :ERROR DNS installation root, “%INSTALLROOT%”, is invalid
  goto :END
)
) else (

:: Query DNS service registry key for install root … if non-standard, error
for /f “delims=: tokens=2″ %%i in (’type “%TEMP%\DNS-Service.TMP” ^| findstr /i “ImagePath”‘) do set ACTUALPATH=%%i
if not “%KNOWNPATH%”==”!ACTUALPATH!” (
  call :ERROR non-standard DNS installation root, specify zone file path
  set ERROR=2
  goto :END
)
if not exist %INSTALLROOT% (
  md %INSTALLROOT%
  if errorlevel 1 (
   call :ERROR unable to create DNS installation root, “%INSTALLROOT%”
   goto :END
  )
)
)

:: Export only the non locally critical DNS service registry keys to dump directory
if “%MODE%”==”EXPORT” (
regedit /E:A “%DUMP%\DNS-Service-LegacyZones.REG” HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Zones
regedit /E:A “%TEMP%\DNS-Service-Parameters.TMP” HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Parameters
if not exist “%TEMP%\DNS-Service-Parameters.TMP” (
  call :ERROR unable to retrieve DNS service configuration
  set ERROR=2
  goto :END
)
type “%TEMP%\DNS-Service-Parameters.TMP” | findstr /v /i “PreviousLocalHostname” >”%DUMP%\DNS-Service-Parameters.REG”
if not exist “%DUMP%\DNS-Service-Parameters.REG” (
  call :ERROR unable to retrieve DNS service configuration
  set ERROR=2
  goto :END
)
)

:: Set working directory and indicate state
pushd “%DUMP%” 1>%STDOUT% 2>%STDERR%
echo %TOOLNAME% – Ready to proceed, configuration as follows -
echo.
echo    * Security context is “%USERDOMAIN%\%USERNAME%”
echo    * Mode of operation is “%MODE%”

if “%TYPE%”==”DC” (
echo    * Domain Controller detected
echo    * Active Directory domain name is “%domainDNS%”
set /p nul=   * Active Directory integrated zones WILL be %MODE%ED if “%BUILD%” GTR “2195″ (
  echo – NDNC’s supported
) else (
  echo – NDNC’s NOT supported
)
) else (
echo    * Non Domain Controller detected
echo    * Active Directory integrated zones UNAVAILABLE
)

echo    * DNS installation root is “%INSTALLROOT%”
echo    * %TOOLNAME% directory is “%DUMP%”
echo.
echo STATUS – Task progress …
echo.

:: Set WORKING to TRUE and jump to mode
set WORKING=1
goto :%MODE%

:: Should never get here – FATAL ERROR
call :ERROR a fatal unknown error occurred
set ERROR=2
goto :END

:: Define procedures

:IMPORT

:: Check the import directory for valid dump configuration
if not exist “%DUMP%\DNS-Service-Parameters.REG” (
call :ERROR unable to retrieve DNS service configuration
goto :END
)
if not exist “%DUMP%\DNS-Software.REG” (
echo    – legacy “Zones” configuration detected … LEGACY USED
)

:: Stop the DNS service
echo    – stopping DNS service
net stop dns 2>&1 | findstr /i /c:”not exist” 1>%STDOUT% 2>%STDERR%
if not errorlevel 1 (
call :ERROR unable to stop DNS service
)

:: Create .REG file to remove existing registry based DNS service configuration
echo    – removing existing DNS service configuration
echo REGEDIT4>%TEMP%\KillKeys.REG
echo.>>%TEMP%\KillKeys.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters]>>%TEMP%\KillKeys.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Zones]>>%TEMP%\KillKeys.REG

:: Execute the removal
if exist %TEMP%\KillKeys.REG (
regedit /s %TEMP%\KillKeys.REG
) else (
call :ERROR existing configuration could NOT be removed
)

:: Delete the temporary registry file
del %TEMP%\KillKeys.REG 1>%STDOUT% 2>%STDERR%

:: Import the registry data
echo    – reconfiguring DNS service
for %%r in (”%DUMP%\DNS-Service-Parameters.REG” “%DUMP%\DNS-Software.REG” “%DUMP%\DNS-Service-LegacyZones.REG”) do (
if exist %%r (
  regedit /s %%r
) else (
  if not “%%r”==”"%DUMP%\DNS-Service-LegacyZones.REG”" (
   call :ERROR unable to reconfigure DNS service registry settings
  )
)
)

:: Restore the DNS config./zone files
echo    – restoring DNS service configuration files to “%INSTALLROOT%”
xcopy “%DUMP%\InstallRoot\*.*” “%INSTALLROOT%” /h /y 1>%STDOUT% 2>%STDERR%
if errorlevel 1 (
call :ERROR unable to export configuration files to “%INSTALLROOT%”
goto :END
)

:: Restore the Active Directory integrated zones
:: Check the type (DC or member), if member skip, if DC import all files with extension .ADzones
if “%TYPE%”==”DC” if exist “%DUMP%\*.ADzones” (
echo    – importing Active Directory integrated DNS zones from;
echo.
for /f %%z in (’dir /b “%DUMP%\*.ADzones”‘) do (
  set tmpPART=%%~nz
  if /i “!tmpPART:~0,9!”==”CN=System” (
   call :NCIMPORT !tmpPART!
  ) else (
   if not “%BUILD%” GTR “2195″ (
    echo       * !tmpPART!
    echo          – unsupported partition detected … IGNORED
    set ERROR=1
   ) else (
    call :NCIMPORT !tmpPART!
   )
  )
echo.
)
)

:: Start the DNS service
echo    – restarting DNS service
net start dns 2>&1 | findstr “invalid” 1>%STDOUT% 2>%STDERR%
if not errorlevel 1 (
call :ERROR unable to start DNS service
)

:: Determine level of success
echo.
if “%ERROR%”==”1″ (
echo STATUS – Import partially completed … ERRORS OCCURRED
) else (
echo STATUS – DNS service configuration completed
)

goto :END

:: Handles export of DNS configuration and zone content
:EXPORT

echo    – exporting DNS service configuration

if not exist “%DUMP%\DNS-Service-Parameters.REG” (
call :ERROR unable to retrieve DNS service configuration
goto :END
)

:: Construct partition information
echo “%domainDNS%”>”%DUMP%\PartitionFQDN.DAT”

regedit /E:A “%DUMP%\DNS-Software.REG” “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS Server”

:: Alert user to legacy storage of zone configuration
:: Else clause derives partitions in which zones exist and assumes domain NC as potential candidate
if not exist “%DUMP%\DNS-Software.REG” (
echo    – legacy “Zones” key located … LEGACY CONFIGURATION USED
) else (
for /f “tokens=2 delims==” %%z in (’type “%DUMP%\DNS-Software.REG” ^| findstr “DirectoryPartition”‘) do (
  echo %%z>>”%DUMP%\PartitionFQDN.DAT”
)
)

:: Copy existing DNS install root
echo    – exporting DNS service file structure from “%INSTALLROOT%”
copy “%INSTALLROOT%\*.*” “%DUMP%\InstallRoot” /y 1>%STDOUT% 2>%STDERR%
if errorlevel 1 (
call :ERROR unable to backup DNS installation root, “%INSTALLROOT%”
set ERROR=2
goto :END
)

:: Exports Active Directory integrated zones if running on a DC
:: Removes objectGUID references in order to permit import
if “%TYPE%”==”DC” (
echo    – exporting Active Directory integrated Zones from;
echo.
if not exist “%DUMP%\PartitionFQDN.DAT” (
  call :ERROR unable to derive partitions containing DNS zones
)
for /f “tokens=*” %%d in (’type “%DUMP%\PartitionFQDN.DAT”‘) do (
  call ERIVEDN %%d
  ldifde -s localhost -d “CN=MicrosoftDNS,!partDN!” -f “%DUMP%\!partDN!.ADtmpZones” -j “%DUMP%\Logs” | findstr /i /c:”No Entries found” 1>%STDOUT% 2>%STDERR%
  if not errorlevel 1 (
   set ERROR=1
   echo       * !partDN! – UNHANDLED ERRORS
  ) else (
   echo       * !partDN!
  )
  echo          – preparing zones for import
  echo.
  type “%DUMP%\!partDN!.ADtmpZones” | findstr /v “objectGUID” >”%DUMP%\!partDN!.ADzones”
  del “%DUMP%\!partDN!.ADtmpZones” 2>%STDERR%
  call :LOGS %!partDN!
)
)

:: Determine level of success
echo.
if not “%ERROR%”==”0″ (
echo STATUS – Export partially completed … ERRORS OCCURRED
) else (
echo STATUS – Export completed successfully
)
goto :END

:: End script body

:: Define procedures and error/syntax routines

:: Receives a fully qualified domain name as argument 1 and converts it to a distinguished name
ERIVEDN
set partDN=%*
set partDN=%partDN:~1,-1%
set partDN=.%partDN%
set partDN=%partDN:.=,DC=%
set partDN=%partDN:~1%
if /i “%domainDN%”==”%partDN%” (
set partDN=CN=System,%partDN%
)
goto :EOF

:: Import supplied naming context and handle logged output
:NCIMPORT

:: Translate DN references for domain NC integrated zones such that a zone exported from a DC in one domain
:: can be imported into the domain NC of a DC in another
if /i “%tmpPART:~0,9%”==”CN=System” (
if not “%tmpPART:~10%”==”%domainDN%” (
  set APPEND=-c %tmpPART:~10% %domainDN%
  set logDN=CN=System,%domainDN%
) else (
  set APPEND=
  set logDN=%*
)
) else (
set APPEND=
set logDN=%*
)

ldifde -s localhost -i -k -f “%*.ADzones” -j “%DUMP%\Logs” %APPEND% | findstr /i “error” 1>%STDOUT% 2>%STDERR%
if not errorlevel 1 (
echo       * %* … UNHANDLED ERRORS
set ERROR=1
) else (
echo       * %*
)

if not “%APPEND%”==”" (
echo          – cross domain EXPORT/IMPORT detected, domain DN’s translated
echo            … “%tmpPART:~10%” to “%domainDN%”
)

call :LOGS %logDN%
goto :EOF

:: Rename logged entries for each partition exported or imported in order preserve each log
:LOGS
del “%DUMP%\Logs\*-%MODE%.LOG” 1>%STDOUT% 2>%STDERR%
del “%DUMP%\Logs\*-%MODE%.ERR” 1>%STDOUT% 2>%STDERR%
ren “%DUMP%\Logs\ldif.log” “[%*]-%MODE%.LOG” 1>%STDOUT% 2>%STDERR%
ren “%DUMP%\Logs\ldif.err” “[%*]-%MODE%.ERR” 1>%STDOUT% 2>%STDERR%
goto :EOF

:: Displays errors
:ERROR
if “%WORKING%”==”1″ (
echo    – FAILED … %*
) else (
echo ERROR – %*
)
set ERROR=1
goto :EOF

:: Provides assistance with syntax
:SYNTAX
echo.
echo SYNTAX – %TOOLNAME% [IMPORT^|EXPORT] [dump directory] ^
echo.
echo   * [IMPORT] imports a %TOOLNAME% exported DNS service configuration
echo   * [EXPORT] exports the existing DNS service configuration
echo   * [dump directory] is a local, writable directory path
echo   * [install root] is the local absolute path used by the DNS service
echo.
echo   * %TOOLNAME% requires -
echo     – administrative credentials
echo     – local execution on the DNS server
echo     – Microsoft Windows 2000/2003 server family, builds %SUPPORTEDBUILDS%
echo.
echo   * %TOOLNAME% provides import and export of -
echo     – DNS service configuration
echo     – Active Directory integrated zones and zone configuration
echo     – standard zone files and zone configuration
echo.
echo   * %TOOLNAME% feature notes -
echo     – existing Active Directory zones will NOT be overwritten during IMPORT
echo     – manually erase existing zones IF an authoritative import IS REQUIRED
echo     – ALL zone configuration options WILL be overwritten during IMPORT
echo     – non Active Directory integrated zones WILL be overwritten during IMPORT
echo     – existing DNS service configuration WILL be overwritten during IMPORT
echo     – DNS service WILL be restarted during IMPORT
echo     – detailed logs are preserved beneath the specified DUMP path
goto :EOF

:END

:: Restore previous working directory
popd

:: Clean up
del “%TEMP%\DNS-Service.TMP” 1>%STDOUT% 2>%STDERR%
del “%TEMP%\DNS-Service-Parameters.TMP” 1>%STDOUT% 2>%STDERR%
del “%TEMP%\NTDS-Service.TMP” 1>%STDOUT% 2>%STDERR%
del “%TEMP%\DCorMember.TMP” 1>%STDOUT% 2>%STDERR%

if “%ERROR%”==”2″ (
if “%MODE%”==”EXPORT” (
  del “%DUMP%\InstallRoot” /f /y 1>%STDOUT% 2>%STDERR%
  rd “%DUMP%\InstallRoot” 1>%STDOUT% 2>%STDERR%
  del “%DUMP%\Logs” /f /y 1>%STDOUT% 2>%STDERR%
  rd “%DUMP%\Logs” 1>%STDOUT% 2>%STDERR%
  del “%DUMP%” /f /q 1>%STDOUT% 2>%STDERR%
  rd “%DUMP%” 1>%STDOUT% 2>%STDERR%
)
)

Can’t uninstall that program? This Tool will help

Mon, 18 May 2009 05:09:33 +0000

Ever had a situation, where a machine was put in front off you and you where told this program doesn’t work? Well You are in IT so you obviously have and if not you are still in school. I had this happen to me when our CEO adobe acrobat was not working. Well I thought I will just un-install the program and reinstall. I soon found out Adobe would not uninstall and I could not install Acrobat until the old one was gone. Now reinstalling his machine was out off the question so I googled and found this tool. The Microsoft Window Installer Cleanup Utility. It pretty much un-installs any MSI on your system. Below is the link to where to get it and a nice description. This tool has saved my life a few times.

http://support.microsoft.com/kb/290301