Installing SCDPM 2010 with local SQL

System Center Data Protection Manager (DPM) 2010 is a server-based application that enables disk-based and tape-based data protection and recovery for computers in and across Active Directory domains. DPM performs replication, synchronization, and recovery point creation to provide reliable protection and rapid recovery of data both by system administrators and by end-users.

DPM is designed to be installed on servers that are running Windows Server 2008 R2 or Windows Server 2008.

Remark: The DPM must be installed on a computer running the 64-bit version.

DPM uses replication, the Volume Shadow Copy Service (VSS) infrastructure, and a policy-driven engine to provide businesses of all sizes with nearly continuous protection and rapid, reliable data recovery.

DPM is the new standard for Windows backup and recovery – delivering seamless data protection for Microsoft application and file servers by using integrated disk and tape media.

DPM 2010 provides the following features:

• Disk-based data protection and recovery
• Command-line scripting using Windows PowerShell
• Enterprise deployment methods for distributing the System Center Data Protection Manager agent
• Enterprise monitoring with Microsoft Center Operations Manager
• Tape-based backup and archive solutions
• Disaster recovery solutions, which provides bare-metal recovery of servers and desktop running windows

DPM provides protection of the following items:

• File data from volumes shares, and folders.
• Application data, such as Microsoft Exchange Mailbox Database, Microsoft SQL Server databases, Windows SharePoint Services farms, and Microsoft Virtual Server and its virtual machines.
• File for workstations running Windows XP Professional SP2 and all Windows Vista except Home.
• File and application data on clustered servers
• System state for protected file and application servers

Remark: DPM could not be installed on which the Application role is installed, the Exchange Server. a node of cluster and System Center Operations Manager Server. It could only be installed on a Single-Purpose server used solely as a backup server.

1. At the server, log in as Domain Administrator.
2. Insert the DPM 2010 x64 DVD.

Figure 1: SCDPM 2010 menu

3. Click "Install Data Protection Manager".

4. Check "I accept the license terms and conditions", click "OK".

Figure 2: Installing required components

5. At welcome screen, click "Next".

6. After prerequisites check, click "Next".

Figure 3: prerequisites check

Remark: At DPM 2010, it will install "Single Instance Store Filter" automatically for Windows Server 2008 R2.

7. Click "Restart".

8. Click "Yes".

9. At the server, run the DPM 2010 "Setup.exe" again.

10. Click "Install Data Protection Manager".

11. Check "I accept the license terms and conditions", click "OK".

12. At welcome screen, click "Next".

13. After prerequisites check, click "Next".

14. Fill in the user name and company, click "Next".

15. Select "Use the dedicated MSDPM2010 instance of SQL Server...".

Figure 4: The SQL server settings

Remark: At production environments, using SQL server 2008 standard or enterprise is better.

16. Click "Next".

Figure 5: Provide a password for SQL server

17. Provide a password for SQL server, click "Next".

18. Select "I do not want to use Microsoft Update", click "Next".

19. Select "No, remind me later", click "Next".

20. Click "Install". The installation may take 20 minutes to finish.

Figure 6: The required software was installed

21. When the installation finished, click "Close".

22. Restart the server.

Reference:

DPM 2010 Product Overview and Roadmap

http://technet.microsoft.com/en-us/library/ff399149.aspx

DPM features

http://technet.microsoft.com/en-us/library/ff399284.aspx

This posting is provided “AS IS” with no warranties, and confers no rights!

Simplify the Outlook Web Access URL

Assuming the Client Access Server role is installed in Windows Server 2008 or Windows Server 2008 R2.

1. At Client Access Server, log in as Domain Administrator.
2. Launch "IIS Manager", expand "<Server Name> > Sites > Default Web Sites".
3. At right pane, double-click "HTTP Redirect".
4. Check "Redirect requests to this destination".
5. Type "https://<FQDN>/owa".
6. Check "Only redirect requests to content in this directory (not subdirectories)".
7. Next to "Status codes", select "Found (302)".

Figure 1: HTTP Redirect setting

9. Click "Apply".

10. Restart the IIS service.

This posting is provided “AS IS” with no warranties, and confers no rights!

Set the Forms-Based Authentication Private and Public Computer Cookie Time-out Value

You can modify the Public and Private time-out value of OWA by Registry Editor.

1. At Exchange Server with Client Access Server role, log in as Domain Administrator.
2. Launch "Registry Editor", navigate to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlerSet\Services\MSExchange OWA".
3. Right-click "MSExchange OWA", select "New > DWORD (32-bit) Value".
4. Type "PrivateTimeout", press [Enter].
5. Double-click "PrivateTimeout".
6. Select "Decimal", next to "Value data", type a new value.

Remark: A value is in minutes between 1 nd 43,200 for a maximum of 30 days.

7. Click "OK".
8. Right-click "MSExchange OWA", select "New > DWORD (32-bit) Value".
9. Type "PublicTimeout", press [Enter].
10. Double-click "PublicTimeout".
11. Select "Decimal", next to "Value data", type a new value.
12. Click "OK".

Figure 1: The registry value of Public and Private timeout

13. Launch "Exchange Management Shell", enter "Restart-Service MSExchangeFBA".

Remark: You can use the following cmdlets to configure abive settings:

Set-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\MSExchange OWA' -name PublicTimeout -value <amout of time> -typpe dword

Set-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\MSExchange OWA' -name PrivateTimeout -value <amout of time> -typpe dword

Reference:

http://technet.microsoft.com/en-us/library/bb124819.aspx

http://technet.microsoft.com/en-us/library/bb124787.aspx

This posting is provided “AS IS” with no warranties, and confers no rights!

Configure offline domain join

Offline domain join is a new process that computers that run Windows 7 or Windows Server 2008 R2 can use to join a domain without contacting a domain controller. This makes it possible to join computers to a domain in locations where there is no connectivity to a corporate network.

Prerequisites

To perform an offline domain join, you must have the rights that are necessary to join workstations to the domain. Members of the Domain Admins group have these rights by default. If you are not a member of the Domain Admins group, a member of the Domain Admins group must complete one of the following actions to enable you to join workstations to the domain:

Use Group Policy to grant you the required user rights. This method allows you to create computers in the default Computers container and in any organizational unit (OU) that is created later (if no Deny access control entries (ACEs) are added).

Edit the access control list (ACL) of the default Computers container for the domain to delegate the correct permissions to you.

Create an OU and edit the ACL on that OU to grant you the "Create child – Allow" permission. Pass the "/machineOU" parameter to the "djoin /provision" command.

1. At Domain Controller, log in as Domain Administrator.
2. Launch "Command Prompt", enter "djoin /provision /domain <domain name> /machine <computer name> /savefile <filename.txt>

Figure 1: djoin command

3. Copy the "djoin.txt" to a workstation C drive djoin folder.

4. At workstation, log in as local administrator.

5. Click "Start", right-click "Computer", select "Properties".

Figure 2: Computer name, domain, and workgroup settings

The workstation isn't changed the computer and join the domain.

6. Disconnect the network cable on this workstation.

Figure 3: Disconnect the network cable

7. Launch "Command Prompt" with Administrator right, enter "djoin /requestoej /loadfile <filename.txt> /localos /windowspath C:\Windows".

Figure 4: join the domain

8. Click "Start", right-click "Computer", select "Properties".



Figure 5: Updated the computer name

9. Restart the workstation.

10. Connect the network cable, log in as Domain Administrator.

11. Launch "Command Prompt", enter "whoami".

Figure 6: Verify the user account

Now, the workstation has been joined to the domain and log in as Domain Administrator.

Reference:

Offline Domain Join (Djoin.exe) Step-by-step guide

http://technet.microsoft.com/sv-se/library/offline-domain-join-djoin-step-by-step(WS.10).aspx

This posting is provided “AS IS” with no warranties, and confers no rights!

Increase Exchange 2010 default move request

By default, Exchange 2010 support moves 2 mailboxes at the same time. To modify this default settings, you have to navigate to "<Exchange Installation Path>\Program Files\Microsoft\Exchange Server\V14\Bin". Using Notepad opens "MSExchangeMailboxReplication.exe.config" file.

Remark: This file is saved in Client Access Role servers.

1. Navigate to the "MRSConfiguration" session.

Figure 1: MRSConfiguration

2. Modify the following items to increase move request.

MaxActiveMovesPerSourceMDB = "50"

MaxActiveMovesPerTargetMDB = "50"

MaxActiveMovesPerSourceServer = "200"

MaxActiveMovesPerTargetServer = "200"

MaxTotalMovesPerMRS = "400"

Figure 2: Updated MRSConfiguration

3. Save and Close the "MSExchangeMailboxReplication.exe.config".

4. Launch "Exchange Management Shell", enter "Restart-Service MSExchangeMailboxReplication".

Now, the Exchange 2010 server can moves 50 mailboxes from source mailbox database to target mailbox database, and moves 200 mailboxes from source server to target server.

Reference:
http://technet.microsoft.com/en-us/library/ff963524.aspx

This posting is provided “AS IS” with no warranties, and confers no rights!

Active Directory Recycle Bin

Enable Active Directory Recycle Bin
Active Directory Recycle Bin is a new feature on Windows Server 2008 R2, it can help administrator to recover the Active Directory deleted item.

As a before, when administrator delete an item on Active Directory, the administrator need to restore the system state backup. It will make a downtime for restore.

Remark: By default, Active Directory Recycle Bin in Windows Server 2008 R2 is disabled. To enable it, you must first raise the forest functional level of your AD DS or AD LDS environment to Windows Server 2008 R2. which in turn requires all forest domain controllers or all servers that host instances of AD LDS configuration sets to be running Windows Server 2008 R2. After setting the forest functional level of your environment to Windows Server 2008 R2, you can use the instructions in this guide to enable Active Directory Recycle Bin.

1. At Domain Controller, log in as Domain Administrator.
2. Click "Start", enter "dsac".
3. Select "<Domain> (local), next to "Tasks", click "Raise the forest functional level".

Figure 1: Raise Forest Functional Level

4. Click "OK" three times.

5. Click "Start > Administrative Tools > Active Directory Module for Windows PowerShell".

6. Enter the following cmdlet to enable Active Directory Recycle Bin:

Enable-ADOptionalFeature -Identity 'CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=<Domain>,DC=com' -Scope ForestOrConfigurationSet -Target '<Domain Name>' -Confurm:$false

Figure 2: Enable Active Directory Recycle Bin

Remark: After enabling Active Directory Recycle Bin, you can't disable it.

7. Back to "Active Directory Administrative Center", create an OU and name it as Engineer (uncheck protect from acidential deletion).

8. Create a user account and name it as Susan in Engineer OU (uncheck protect from acidential deletion).

Recover the deleted user account

1. Still in "Active Directory Administrative Center", delete the Susan's user account.

2. Go to "Active Directory Module for Windows PowerShell", enter the following cmdlet:

Get-ADObject -SearchBase "CN=Deleted Objects,DC=<Domain>,DC=com" -ldapFilter:"(msDs-lastknownRDN=Susan Tam)" -IncludeDeletedObjects -Properties lastKnownParent

Figure 3: Verify the account status

This cmdlet is used to showing the deleted user information and status.

Remark: You can input * at (msDs-lastKnownRDN=*), it shows all deleted users.

Figure 4: Verify all deleted users account

3. Enter the following cmdlet to restore Susan's account.

Get-ADObject -ldapFilter:"(msDs-LastKnownRDN=Susan Tam)" -includeDeletedObjects | Restore-ADObject

Figure 5: Restore Susan's account

4. Back to "Active Directory Administrative Center", refresh "Engineer" OU.

Figure 6: Engineer OU

Susan's account was restored.

Recover the deleted OU

1. Still in "Active Directory Administrative Center", delete the "Engineer" OU.

2. Go to "Active Directory Module for Windows PowerShell", enter the following cmdlet:

Get-ADObject -SearchBase "CN=Deleted Objects,DC=<Domain>,DC=com" -ldapFilter:"(msDs-lastknownRDN=Engineer)" -IncludeDeletedObjects -Properties lastKnownParent

Figure 7: Verify the OU status

3. Enter the following cmdlet to restore Engineer OU:

Restore-ADObject -Identity <ObjectGUID>

Figure 8: Restore Engineer OU

4. Back to "Active Directory Administrative Center", refresh "<Domain>".

Figure 9: Engineer OU

As a result, the Engineer OU was recovered, but the users account doesn't restore. You have to restore the users account by above cmdlet.

Reference:

Active Directory Recycle Bin Step-by-Step Guide

http://technet.microsoft.com/en-us/library/dd392261(WS.10).aspx

This posting is provided “AS IS” with no warranties, and confers no rights!

Domain rename with Exchange server 2003 (Part 3)

If you would like to read the other parts of Domain rename with Exchange Server 2003, please go to:

Part 1: Domain rename with Exchange server 2003
Part 2: Domain rename with Exchange server 2003

Perform domain rename
1. At WS1, log in as Contoso Domain Administrator.
2. Launch "Command Prompt", enter "rendom /list".

Figure 12: rendom /list

Using "rendom /list" generates the naming contexts in the forest into a file.

3. Enter "copy Domainlist.xml Domainlist-save.xml".

Figure 13: Copy the Domainlist.xml

4. Enter "notepad domainlist.xml".

Figure 14: Before modifying Domainlist.xml contents

5. I need to modify the following application directory partitions

DomainDNSZones.Contoso.com

ForestDNSZones.Contoso.com

NetBios Name

Before Editing:
<?xml version ="1.0"?>

<Forest>

    <Domain>

         <!-- PartitionType:Application -->

         <Guid>f9bb573e-99ae-40c6-9488-af941aedc41a2</Guid>

         <DNSname>ForestDnsZones.Contoso.com</DNSname>

         <NetBiosName></NetBiosName>

         <DcName></DcName>

    </Domain>

    <Domain>

         <!-- PartitionType:Application -->

         <Guid>a1509593-ac8e-4639-bb55-623273d198f4</Guid>

         <DNSname>DomainDnsZones.Contoso.com</DNSname>

         <NetBiosName></NetBiosName>

         <DcName></DcName>

    </Domain>

    <Domain>

          <!-- ForestRoot -->

          <Guid>555c22d8-7e5b-4ecd-b620-e859a71ef42c</Guid>

          <DNSname>Contoso.com</DNSname>

          <NetBiosName>CONTOSO</NetBiosName>

          <DcName></DcName>

    </Domain>

</Forest>

After Editiing:
<?xml version ="1.0"?>

<Forest>

    <Domain>

         <!-- PartitionType:Application -->

         <Guid> f9bb573e-99ae-40c6-9488-af941aedc41a2</Guid>

         <DNSname>ForestDnsZones.fabrikam.com</DNSname>

         <NetBiosName></NetBiosName>

         <DcName></DcName>

    </Domain>

    <Domain>

         <!-- PartitionType:Application -->

         <Guid> a1509593-ac8e-4639-bb55-623273d198f4</Guid>

         <DNSname>DomainDnsZones.fabrikam.com</DNSname>

         <NetBiosName></NetBiosName>

         <DcName></DcName>

     </Domain>

     <Domain>

         <!-- ForestRoot -->

         <Guid>555c22d8-7e5b-4ecd-b620-e859a71ef42c </Guid>

         <DNSname>fabrikam.com</DNSname>

         <NetBiosName>FABRIKAM</NetBiosName>

         <DcName></DcName>

     </Domain>

</Forest>

Figure 15: After modifying Domainlist.xml contents

6. Save and close the "Domainlist.xml".

7. At "Command Prompt", enter "rendom /showforest".

Figure 16: rendom /showforest

Using "rendom /showforest" reviews the new forest description in domainlist.xml.

8. Enter "rendom /upload".

Figure 17: rendom /upload

Using "rendom /upload" uploads the configuration of the domainlist.xml to the Domain Naming Master.

9. Enter "notepad dclist.xml".

Figure 18: Domain rename initial state

All domain controllers in this forest have been initialized to the initial state.

10. Back to "Command Prompt", enter "notepad DNSRecords.txt".

Figure 19: DNSRecords contents

These DNS records are uploaded to the Domain Naming Master DNS server.

11. Close "DNSRecords.txt" and "dclist.xml".

12. At "Command Prompt", enter "adsiedit.msc".

13. Right-click "ADSI Edit", select "Connect to".

14. Next to "Select a well known Naming Context", select "Configuration".

15. Next to "Select or type a domain or server", type "dc1.contoso.com".

16. Click "OK".

17. Expand "Configuration [DC1.contoso.com] > CN=Configuration,DC=Contoso,DC=com > CN=Partitions".

18. Right-click "CN=Partitions", select "Properties".

19. Select "msDS-UpdateScript", click "Edit".

20. Ensure the NTDSAscript opType="renamedomain".

Figure 20: msDS-UpdateScript attribute

21. Click "Cancel" twice.

22. Close "ADSI Edit".

23. Back to "Command Prompt", enter "Dsquery server -hasfsmo name".

Figure 21: Dsquery server -hasfsmo name

Remark: "Dsquery server -hasfsmo name" helps you to find the Domain Naming Master server.

24. Enter "repadmin /syncall /AedPq DC1".

Figure 22: Replicate all Active Directory partitions

25. Go to DC1, log in as Contoso Domain Administrator.

26. Click "Start > Run", enter "dnsmgmt.msc".

27. Expand "DC1 > Forward Lookup Zones > _msdcs.fabrikam.com".

28. Verify the "dc" and "gc" domain whether the domains were uploaded.

29. If the domains are not uploaded, perform step 30 - 33.

30. Right-click "_msdcs.fabrikam.com", select "New Domain".

31. Type "gc", click "OK".

32. Right-click "_msdcs.fabrikam.com", select "New Domain".

33. Type "dc", click "OK".

Figure 23: _msdcs.fabrikam.com zones data

The "_msdcs.fabrikam.com" will generate the sub-domains automatically.

34. Back to the "Command Prompt" of WS1, enter "rendom /prepare".

Figure 24: rendom /prepare

Remark: Ensure the firewall isn't enabled when "rendom /prepare" is running.

35. Enter "notepad Dclist.xml".

Figure 25: Domain rename prepared state

All domain controllers in this forest have been changed to the "Prepared" state.

Remark: Ensure all domain controllers in "Prepared" state before running next step.

36. Close Notepad.

37. At "Command Prompt", enter "rendom /execute".

Figure 26: rendom /execute

38. All domain controllers will reboot automatically.

Figure 27: A domain controller is being restart

39. Still in "Command Prompt", enter "notepad Dclist.xml".

Figure 28: Domain rename done state

All domain controllers in this forest have been changed to the "Done" state.

Remark: If, on the other hand, a fatal or irrecoverable error is encountered on a DC while attempting to execute the domain rename instructions, the corresponding state for the domain controller entry in the state file will be uploaded to read <State>Error</State>. For the Error state, the error code is written to the last error field <LastError></LastError> and a corresponding error message is written to the <FatalErrorMsg></FatalErrorMsg> field.

If you determine that an error that has caused a DC to reach the Error state in the dclist.xml file is actually a recoverable error and you feel that forward progress cab be made on that DC by retrying the execution of the domain rename instructions, you can force the "rendom /execute" command to retry issuing the RPC to that DC (instead of skipping it) as described below.

1) In the "dclists.xml", locate the <Retry></Retry> field in the domain controller entry for the DC that you believe should be retried.

2) Edit the "dclist.xml" file such that the filed reads <Retry>yes</Retry> for that entry.

3) Type "rendom /execute" and press [Enter].

40. After all domain controllers restart finished, at DC1, log in as Fabrikam Domain Administrator.

41. Launch "Command Prompt", enter "repadmin /syncall /AedP".

42. Enter "repadmin /syncall /Aed".

43. Restart the WS1 2 times.

44. At WS1, log in as Fabrikam Domain Administrator.

45. Click "Start", right-click "My Computer", select "Properties".

46. Select "Computer Name" tab, verify the Domain and Computer name.

Figure 29: The computer name of WS1

47. Click "Cancel".

48. Launch "Command Prompt", enter "xdr-fixup /s:Domainlist-save.xml /e:Domain;ist.xml /trace:Tracefile /changes:changescript.ldf /restore:restorescript.ldf"

Figure 30: XDR-Fixup

Using "XDR-fixup" generates the files for updating Exchange configuration.

49. At WS1, immediately log off and log in as Fabrikam Domain Administrator.

50. Launch "Command Prompt", enter "ldifed -i -f changescript.ldf"

Figure 31: Apply the changes to the Active Directory

51. Restart all Exchange Servers 2 times.

52. Back to the "Command Prompt" of WS1, enter "rendom /end".

Figure 32: rendom /end

53. Enter "gpfixup /olddns:Contoso.com /newdns:fabrikam.com /oldnb:Contoso /newnb:fabrikam /dc:dc1.fabrikam.com 2>&1 > gpfixup.log.

Figure 33: Fix the group policy for new domains

Remark: /dc:DcDnsName must be the PDC emulator of the domain controller.

Remark: The command line parameters /oldnb and /newnb are only required if the NetBIOS name of the domain changed, otherwise, these parameters can be omitted from the command line for Gpfixup.

54. Enter "Repadmin /syncall /AedPq dc1.fabrikam.com dc=fabrikam,dc=com".

Figure 34: Replicate all domain partitions to other domain controllers

55. Reboot all workstations and member servers twice with the domain renamed.

56. When all member servers and workstations restart finished, enter "rendom /clean".

Figure 35: rendom /clean

57. Restart all domain controllers in this forest.

Cleanup after domain rename

1. At DC1, log in as Fabrikam Domain Administrator.

2. Launch "DNS Manager", expand "DC1 > Forward Lookup Zones".

3. Right-click "Contoso.com", select "Delete".

4. Click "Yes" twice.

5. Right-click "_msdcs.contoso.com", select "Delete".

6. Click "Yes" twice.

7. Close "DNS Manager".

8. Click "Start", right-click "My Computer", select "Properties".

9. Select "Computer Name" tab, click "Change".

10. Click "OK".

11. Click "More".

Figure 36: Primary DNS suffix of this computer

12. Next to "Primary DNS suffix of this computer", type "fabrikam.com".

13. Click "OK" four times.

14. Restart the domain controller.

Remark: You may need to change the primary dns suffix in other domain controllers.

15. At DC1, log in as Domain Administrator.

16. Launch "Group Policy Management Console", you may get the following error:

Figure 37: Group Policy Management Console error

17. Select "Remove this domain from the console", click "OK".

18. At "Group Policy Management Console", right-click "Group Policy Management", select "Add Forest".

19. Next to "Domain", type "fabrikam.com".

20. Click "OK".

Figure 38: Fabrikam.com's Group Policy Management

21. Expand "Forest: fabrikam.com > Domains > fabrikam.com > Group Policy Objects".

22. Right-click "DNS suffix rename", select "Delete".

23. Click "OK".

24. Close "Group Policy Management Console".

25. Launch "ADSI Edit", expand "Domain [dc1.fabrikam.com] > DC=fabrikam,DC=com".

26. Right-click "DC=fabrikam,DC=com", select "Properties".

27. On the "Attribute Editor" tab, select "msDS-AllowedDNSSuffixes", click "Edit".

28. Remove the value "fabrikam.com", click "OK" twice.

29. Close "ADSI Edit".

This is the end of Domain rename with Exchange server 2003

Reference:

Information about configuring Active Directory domains by using single-label DNS names

http://support.microsoft.com/kb/300684/en-us

What is Domain Rename

http://technet.microsoft.com/en-us/library/cc781575(WS.10).aspx

How Domain Rename works

http://technet.microsoft.com/en-us/library/cc738208(WS.10).aspx

Domain Rename - Rename a Windows 2003 Forest with Exchange 2003 installed

http://www.msexchange.org/tutorials/Domain-Rename.html

This posting is provided “AS IS” with no warranties, and confers no rights!