AD Groups explained

Posted on by

http://www.computerperformance.co.uk/Litmus/universal_groups.htm

Domain Local Groups (These used to be plain Local groups).

Think of domain local groups as great hosts, literally anyone can be a member, users, Global groups, Universal groups, even computers can join a domain local group. Local groups are bad travellers and only operate in their own domain.

Best practice is to use local groups to assign permissions to resources like databases and printers.
Global Groups

These are great travellers, they can wander the entire Forest. The key point is that global groups are poor hosts and can only contain members from their own domain.

Best practice is to make global group your default group, and for starters, make a group to represent each of your departments.
Universal Groups

Another question for you, why is it sometimes the radio button against create Universal group is greyed out? The answer is when the Domain is in mixed mode you cannot create universal groups (NT 4.0 BDC’s would not understand them). You need to ‘raise domain level to Windows 2000 native before you benefit from universal groups. Think of universal groups as the ultimate container for nesting groups. They are good hosts and great travellers.

Best practice is make it rule to only include global groups inside Universal groups, no individual groups.
Global Catalog Implications

As you would expect, domain local and global groups are listed in the global catalog, however the individual members are not listed. So changes in global group membership have zero impact on global catalog replication traffic.

Universal groups on the other hand, not only are listed in the global catalog but also the individual users or nested groups are also listed. Now you can see that adding users to a universal group will generate replication traffic. That is why Guy says only put global groups inside universal groups, the individual members inside the global groups are not replicated.

In Windows 2000 the situation is that one change of membership to a universal group causes the whole list to be replicated, thankfully that changed in Server 2003, now only incremental changes are replicated not the whole list.

ESXi Thin/Flat Drive Types

Posted on by

Taking a VM from VMWare Workstation 7 use the vmware Converter (Downloaded from their site for free). For me, I wanted my VMs to have an expanding disk, this is how all my Workstation VMs are setup. So their limit might be 100GB, but I know I prop won’t use that and don’t want to waste the space. I want them to expand up to the 100GB when needed.

When you convert the VMs to import them into ESXi though, by default it imports the VMs with the drives set to Flat. So if you set provision to 100GB, it will make the drive 100GB on the ESXi. I found out after I’d converted, annoying. So pick Thin as seen in screenshot below and it will create an expanding disk as well. Flat gives better performance but this is just a test lab so doesn’t matter about that.

Convertor

Exchange 2010 Prerequisites

Posted on by

http://technet.microsoft.com/en-us/library/bb691354.aspx

This example is for a server that will have the typical installation of the Client Access, Hub Transport, and Mailbox server roles:

You can add the below in the Add-Windows Feature wizard or just paste the code below in a PowerShell window and it does just the same.

Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy -Restart

Cain and Abel-MAC scan

Posted on by

Running Windows 7 64bit Ultimate and attempting a MAC scan via WIFI and getting this issue

C&A Error

Looks to be an issue with Cain and Abel according to this thread

http://oxid.netsons.org/phpBB3/viewtopic.php?f=8&t=4222

So to fix it edit the registry as this

That’s pretty strange… you are running Cain with administrative privileges right? If so, you can try editing the value directly in the registry. It’s located under HKEY_CURRENT_USER/Software/Cain/Settings within your registry. ensure Spoofing is set to 0.

Logmein in and RDP

Posted on by

If you install logmein on a machine via RDP, when you then attempt to connect to it remotely (if it hasn’t been rebooted) you’ll get

This terminal server display is inactive” message.

If you’re using the free version you’re screwed and will have to wait for the PC to be rebooted.

If you’re using the Pro version or the Pro trial version then you should have Computer Management options on the right. Just reboot the machine and all should be OK. Haven’t found a work around if you installed the free version. This thread may shed some light though.

http://community.logmein.com/t5/Free-Pro-User-to-User-Support/This-terminal-server-display-is-inactive/td-p/20701

If you install logmein using

mstsc /admin

Apparently it works fine, but haven’t tested.