Quick and dirty way to transfer or recover FSMO roles

Here are the basic steps you can use to transfer or recover FSMO roles during or after migration;

Without going into detail about how this process works, or what it does, If you have just migrated a new Server and are ready to make it the live master for the forrest and domain, simply open up a command prompt (CMD) and enter the following lines in one after the other;

transfer or recover FSMO roles

Ntdsutil
Roles
Connections
Connect to server *New Server Name*
Q
Seize infrastructure master
Seize naming master
(if success – continue to the below)
Seize PDC
(Server “*Server Name*” knows about 5 roles)
Seize RID master
Sieze schema master
Q

Finito. (<– dont type that!)

Why do we need to transfer FSMO Roles, or what are they anyway!?

Because an Active Directory role is not bound to a single DC, it is referred to as a Flexible Single Master Operation (FSMO) role. Currently in Windows there are five FSMO roles:

Schema master
Domain naming master
RID master
PDC emulator
Infrastructure master

And that is your FSMO roles all transferred over using simple command line. Please keep your eyes peeled for further posts looking deeper into each of the FSMO Roles,

Set server to automatically update time

If you have ever been in the situation where a time server or an old server will just not keep in sync, perhaps due to a CMOS battery error, or simply old hardware, then this cmdlet is for you.

Here is how to set a server to automatically update time;

automatically update time

Open up a command prompt and copy/paste the below:

w32tm /config /manualpeerlist:”0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org”,0x8 /syncfromflags:MANUAL
w32tm /config /update
net stop w32time
net start w32time
w32tm /resync /nowait

All that this is now doing is setting the clock to update automatically from a web time server, the servers we are using are the public pool 1, 2 and 3 at ntp.org
We stop and start the time services, and then tell it to resync with the new settings.

Resolve Logmein Error 4320 (Method 2)

 

 

 

Another way to resolve Logmein Error 4320 

As discussed in my previous article on this logmein issue, this error code is most commonly found in a domain environment, or where there may be some form of user lockdown, and may even occur on a multi user non domain PC.

Basically, it is meant to protect the users PC from being accessed by someone other than the logged in user who installed logmein in the first place.

  1. First off, lets open up the logmein Control Panel (Right-Click on the logmein icon in the taskbar, or open from the start menu)
    Add users logmin
  2. Next we are going to select ‘Options’
    Add users logmin
  3. Then ‘Preferences’
    logmein properties
  4. Select the ‘Security tab’
    logmein properties
  5. Click on ‘Show Details’
    Error 4320
  6. Click on  Browse and select the correct user you want to add to allow access to the PC. You can choose from a list either by selecting the local PC name, or if you are on a domain, then the domain name that the PC is registered with.
    Logmein Error 4320
  7. Click OK to close all windows, Turn off Logmein then turn it back on,
  8. You are good to go!

 

Preventative measures could be taken however, When installing logmein, if you do so whilst logged in as a local admin for the PC, this seems to resolve the issue. Please note, this is only for the LOCAL admin for the PC, a domain admin account will most likely not work, and provide the same Logmein error 4320 as discussed above.

Resolve Logmein Error 4320 (Method 1)

How to resolve Logmein Error 4320 

Whilst setting up logmein for remote access in a pretty locked down domain environment, I have noticed that quite frequently we would get an ‘admin error 4320’ on the remote users PC.

Now the official logmein site would suggest adding users within the logmein interface, which we will cover in ‘Method 2’ however I have found a quicker workaround that works 9 out of 10 times is by simply always running the program as administrator.

  1. Place the Logmein icon either on your desktop or navigate to the program folder path usually “C:\Program Files (x86)\LogMeIn Ignition”
  2. Right click on the icon and select ‘Properties
  3. Once in Properties select the ‘Compatibility’ tab at the top
  4. At the bottom under ‘Privilege level’ tick the ‘Run this program as Administrator’ box*.
    How do I resolve Error 4320
  5. If you have more than 1 user on the PC, select ‘Change settings for all users’
  6. Again tick the ‘Run this program as Administrator’ box
    Logmein Error 4320
  7. OK out of both windows, If logmein is running. Close it again and re-open it, now using an Administrative logon.

Your Logmein error 4320 should now be resolved. if not see the link below

Logmein Error 4320 Method 2

*If the ‘Privilege level’ box is greyed out, be sure that you are logged on as an administrative user, or log off and back on as one in order to continue.

Which Exchange services to restart without needing a server reboot

Here is which exchange services to restart in order to completely refresh an on-site exchange installation

1) Microsoft Exchange Active Directory Topology Service (this will toggle all the core AD Exchange services minus the below)

2) Microsoft Exchange Information Store

3)Microsoft Exchange System Attendant

exchange services

With all that complete you should be all ready to go and continue trouble shooting/upgrading/modifying whatever it was you need to work on. Hopefully though if you hd any issues, this should have resolved them for you.

Top 5 Obvious but little known useful cmdlets and IT support tricks

As an IT technician, I am often adding new quick tricks to my mental shorcuts list, here are my current top 5:

  1. Need to log onto a domain as the local PC admin but don’t know the PC name?
    Simply use ” .\” at the start of the admin username to log on as a local PC user.
  2. Powershell if PC has trust relationship
    Test-ComputerSecureChannel –Server *dc name* -Verbose
  3.  shutdown /i (-i ) remote shutdown
  4. Create big dummy file:
    Cd \sysinternalssuite
    Contig -n 2gbEmptyFile.txt 20000000
  5. For Spooler Crashes, first try below to clear all jobs
    net stop spooler
    pause
    del /S /F “C:\Windows\System32\spool\PRINTERS\*”
    net start spooler
    pause

::end