Comparing attributes of objects in Active Directory

This is more a Microsoft Word tip rather than an Active Directory tip. In essence, it shows one of the many methods to compare values of all attributes of two different objects in Active Directory, or of the same object in a "before-after" comparison scenario – to track changes.

In this example, we will try to do a before-after analysis of a single user object to track changes that have happened to the attributes of the same user object.

First, I dump the LDF file for the user that I want to track changes for, before I make the changes using the LDIFDE tool.

LDIFDE -f user_before.ldf -d "CN=User Jones,OU=Test Users,DC=Domain,DC=local

Then, I make the changes to the attributes. In this case, I am moving the user’s mailbox from an Exchange 2003 server to an Exchange 2007 mailbox server.

Once again, I dump the LDF for the same user after I’ve done the operation.

LDIFDE -f user_after.ldf -d "CN=User Jones,OU=Test Users,DC=Domain,DC=local

Now I have two LDF files, which I want to compare. Microsoft Word has a pretty cool compare feature that shows you what exactly has changed in red. Also, you get to see both the files in two small windows and the changes in a separate window, and they all scroll together!

Simply open (or paste) the two files in Microsoft Word as separate documents. Then, open up the Review toolbar tab, and choose the Compare option.

Here’s a screenshot.

DPM 2007 error 31008 when creating Protection Group

I was trying to create a protection group in System Center Data Protection Manager 2007 to protect SharePoint Server 2007.

I followed the protected computer prerequisites documentation and made sure the following were done:

1. Installed KB940349 on the SharePoint front end server.
2. Installed KB941422 – Update for WSUS 3.0. After installing this KB, I had to run the SharePoint Configuration Wizard.
3. Start the VSS Writer service on the WSS server as per this article.
4. Make sure the back end SQL Servers are running SQL Server 2005 with Service Pack 2.

I followed all these steps as per the prerequisites document. However, I still got the following error:

This item cannot be protected because some prerequisite software is missing. Ensure that all prerequisite software is installed and then protect this item (ID: 31008). Click Help to view the list of prerequisite software for the selected item.

The problem was solved when KB940349 was installed on the backend SQL Server as well. All servers were restarted after installing this update. Then I went to the Management tab on the DPM 2007 console and selected Refresh Information from the Actions pane.

On returning to the Create Protection Group wizard, the error was gone.

10 bad email habits

EHLO!

This is a list of ten bad email habits that I’ve come across. Take a look and see if you find yourself doing some or all of these.

If you’re like me, and you can’t stand the sight of ol’ SMTP being abused, I’ve included some tips on how to teach the abuser a lesson . This is just my list of email habits, feel free to add more by posting comments.

1. Misusing the CC field – Type 1
   Some people think that if they CC somebody’s boss on every email message requesting action, they can get a quicker response. For something that’s really critical or important, this is good. But CCing the boss on every diminutive email request is just too much. Too many such “CC” e-mails to the sender’s manager is annoying for the manager too, and the manager might eventually stop reading emails from you (or even worse, administer a quick issue of the DEL key) every time you send a message. Your email eventually loses importance might get ignored even when it really is urgent. In the IT world, we can even see users doing this for things as trivial as getting access to a shared folder on the file server.

   What can I do?
   If you are the recipient, do not give the sender an impression that you are expediting on the sender’s low-priority request just because your boss is CC’d on it. Give priority to those other low-priority requests that have been directly sent to you by others and action them first (even if they came after the abuser’s email). If you can afford to do it, action this particular email request at the end of the day. When you reply to this sender, do not CC your boss.

2. Misusing the CC field – Type 2
   And there are some other senders, who mark a CC to every son of Adam whenever they send an email message. If the motive of the email is to advertise about an achievement of the sender (often in a subtle way), this is perhaps done to show the world that the sender is worth his salary. If the motive of the email is to point out a fault concerning one of the recipients, then this most likely shows arrogance on part of the sender.

   What can I do?
   If the motive of the email is to communicate something which does not directly concern you – it is best to ignore it – if you can’t take it any longer, pick up the phone, and ask the sender nicely to stop marking you on such emails. If several of the recipients do the same thing, the sender will gradually come to terms with the idea. If the motive of the email is genuine and if you need to respond to it, make sure you remove all the unnecessary recipients after hitting ‘Reply to all’. This will reduce the number of recipients in the remaining part of the thread, and most likely prove a point to the sender.

3. BCC
   The BCC field is a mistake. It shouldn’t have been there in the first place.
   Users, be aware that, upon request of the management, your email administrator can and will be able to determine whom you are marking on BCC.
4. Responding when you are angry/frustrated
   This can make things very ugly. There is no worse feeling than wishing that you had never sent an email – two hours later. Think twice before typing an email. This is going to be a permanent record in the pages of history. Think of email like a gun. Once you pull the trigger (hit Send), there is no turning back.

   What can I do?
   Do not hit ‘Reply’ as soon as you finish reading a provocative e-mail. Sit back, relax, take a deep breath and reply later when you are ‘yourself’ again.

5. Using email instead of the phone
   Using the phone for minor things can be faster than sending an email. Some people tend to think that sending an email increases the priority of the matter. However, in the real world, people are not always glued to their Outlook and may not (or choose not to) see your message till you call them .

   What can I do?
   Accept the fact that email is not a replacement for the telephone. Period.

6. Read receipts
   A read receipt is a cool feature designed with a purpose – it tells the sender when and if you have read the message. So, use it! Some people (usually managers) do not like to send read receipts when they receive email. The justification might be “who is this guy to ask me if read my email?!”. On the other hand, some people configure Outlook to always ask for a read receipt on every email they send. That’s a terrible waste of a good email feature.

   What can I do?
   Respond positively to all read receipts. Avoid configuring Outlook to automatically request read receipts for every email you send. It is annoying!

7. Overdoing the Out-of-Office reply
   Out-of-Office reply messages are really cool too. They let the sender know that you’re not in town so they need not expect an immediate reply. It can also be used to direct the sender to contact someone else. However, some people use the Out-of-Office to write essays to explain at great lengths what they are up to and what’s missing in the organization because they are gone. I guess this is done by some users to show the boss (and everyone else) that they are taking care of a lot of responsibilities – the work of four men, etc. Oh please!

   Example of a good Out-of-Office message:

   Dear Sender,

   I will be out of office from May 27th, 2008 to June 26, 2008 and I will be having limited access to my email during this period. For any urgent matters, please contact Mr. Humpty Dumpty on 050-123-456 or email him on hdumpty@mycompany.com

   Regards,
   Yankee Doodle
   
   Example of a bad Out-of-Office message:

   Dear Sender,

   I will be on vacation at a beach resort in Hawaii from May 27th, 2008 to June 26, 2008. I will be having limited access to my email during this period.
   Please contact the following people during my absence:

   For matters concerning cabbage and cauliflower, please contact Jack Thompson.
   For reporting rotten cauliflower, please contact Charlie Brown.
   For issues related to onions and garlic, please contact John Smith.
   For issues related to onions without leaves, please contact Charlie Brown.
   For issues related to onion skin, please contact Jack Thompson.
   For anything related to vegetables, please contact John Smith.
   For queries related to legumes, please contact Charlie Brown.
   Anything else related to food that grows on plants, please contact Jack Thompson

   Regards,
   Show-Off Jones

   What is this? An IVR system? The sender could have also added one more line – “If you are confused, wait till I come back, because I’m THE MAN“.

8. Empty Meeting Requests
   If you send a meeting request, you are requesting time from other people – which is valuable. Make sure you have a darn good reason for throwing a meeting and mention it in your request. Write a brief note on the meeting – use the OARRs rule: Objective, Agenda, Roles and Responsibilities. There’s nothing more ridiculous than receiving an empty meeting request and you end up reaching the venue wondering what the whole meeting is about. And when you reach there, you find other attendees in your very same, clueless, sorry situation.
9. Using c
   razy shortcuts and too many smileys
   Using abbreviations like ASAP, FYI, FYA are well-accepted and good. Avoid using words like ‘coz’, ‘bcz’, ‘pls’, ‘thx’, ‘thnx’, ‘LOL’, etc. These might be good to use in a chat session, but not in a formal email message. Also make sure your email is well-punctuated and easy to read. Do not use more than one smiley per formal message. Read your mail once to see if it makes sense and run a spell check before hitting ‘Send’.
10. Sending chain mail
    Sending a few impressive emails is good and keeps cheer in the workplace. It also helps build conversation at the water cooler and in the coffee room. But please don’t overdo it. Do not keep sending every trash that you receive from the internet – especially the ones that ask you to ‘send this message to 500 people in 3 days otherwise your momma’s gonna die’.

Hope you enjoyed this post. Let me know if you have come across more email habits by posting a message below.

Great free tool for checking ISA Server access policies

Here’s a great tool that lets you find out if a particular user’s access to a resource is affected by ISA and by what rule:
http://sync-io.net/ISAAccessChk.aspx

As with all third party tools, Microsoft does not provide you with support for this tool.

How to understand an Exchange Server 2007 NDR

Here’s one for users and IT support personnel who sometimes have problems understanding what exactly an email non-delivery report (NDR) is trying to convey. Messaging experts, please excuse.

In Exchange Server, all NDRs returned to the sender appear to come from the local Exchange Server of your organization and not from the remote recipient’s mail server – even if the problem is at the receiving end. If the mail is received at the remote server and an error occurs during further re-routing/relaying, then the NDR might not appear to come from your organization’s Exchange Server. The NDR is formatted in an easy-to-read email message by the Exchange server in your organization and is sent back to the sender.

So, how easy is it to understand an NDR?

At first sight of the new, well-designed NDR of Exchange Server 2007, most users and non-email administrators tend to think that the problem is always on the local Exchange Server. To add to the confusion the NDR contains the words “Sent by Microsoft Exchange Server 2007″ and “Generating server: “.

Here are some tips:

• The text marked in blue is not what’s important. It will always show YOUR organizations edge transport server – unless the error occurred at a subsequent mail re-routing operation at the destination.
• Pay attention to the part that I’ve marked in red. The part labeled (1) is more important. It gives you an overview of what’s wrong – but need not always give you the full picture.
• The part labeled (2) is the server on which the error occurred. If this doesn’t look like one of the servers inside your organization, the problem is most likely not at your end.
• The part labeled (3) is the error reported by the server mentioned in (2).
• Part (4) shows the flow of the message between various servers both within and outside your organization. All it takes is a little effort to understand what’s going on.
• Trust your email servers . Don’t always think the problem is at your end, even if it looks like your server is reporting the error. Make an earnest attempt and apply some educated logic to figure out where the problem lies.

The more users you train on how to read NDRs the lesser helpdesk calls you will get. I’ve seen that sometimes very simple NDRs like the following get escalated all the way to the email administrator as an “email problem”:

Your message did not reach some or all of the intended recipients.

Subject: RE: Acquisition of Yahoo Sent: 4/15/2008 11:09 PM
The following recipient(s) could not be reached:
shijaz@2hotmail.com on 4/15/2008 11:09 PM The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.

The solution? Teach the user how to type an email address correctly .

POP3 vs. Outlook Anywhere (Exchange RPC over HTTP)

Frequently Asked Questions about being an MVP

How to make an SPF record

Sender Policy Framework (SPF) is a mechanism used to help prevent spam. Basically, an SPF record is a record in your organization’s DNS server that announces to the world the IP adddreses from which you normally send out email.

Hence, if another server receives email supposedly from your SMTP domain, the server first checks if the session was established from one of the IP addresses you listed in your SPF record. If not, the message is mostly likely spam.

So how do you define an SPF record. This can get a little tricky. But Microsoft has a wizard that lets you create an SPF record easily. Check it out:

http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

Product Activation for Windows Server Core

Windows Server 2008 Server Core has no GUI. So how do you do the Product Activation for Server Core? How do you check if activation was successful? This post tells all.

To activate Windows:

cscript C:\Windows\System32\slmgr.vbs -ato

To get lots of useful information about the activation:

cscript C:\Windows\System32\slmgr.vbs -dlv

To find out how much time you’ve got (to activate, of course):

cscript C:\Windows\System32\slmgr.vbs -xpr

Output displayed will tell you when the grace period will end.

Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.
Initial grace period ends 4/20/2008 11:23:28 PM

If you are already activated, -xpr switch will tell you that, too

Welcome to the dark side.

Did you know

… that a Microsoft Product Key never contains a the letters I, O and the numbers 0 (zero) and 1 (one). This is probably done to prevent users from getting confused!