Generating Test Users

In setting up an Active Directory environment, you often need test users that are part of test groups and test Organizational Units. In a post at TechExams, Slowhand presents a script that will take a csv file containing names and departments of some dummy users, then creates an OU structure based on a couple of questions.  The users will be created based on the names in the file, and each user will be added into a group with the name of their department.  

Because I always subscribe to the theory of overkill, I used this site to generate a much longer list of names.  Tell it to generate 50 names, and then once they are generated, scroll down to the bottom and click List in text area, then you can copy/paste them out into a text file.  Run it as many times as you wish to generate longer lists. Don't forget to replace the space in between the first and last name with a comma, and then add another comma after the last name, followed by a department. They can all be the same department if you don't care to separate them.

Somehow this post was eaten, so I've rewritten it.

Building the Domain

Edit: This post has been updated with a new walkthrough as I changed my mind on a few things.   Most notably, I'll be working with a new isolated domain rather than a child domain off of my production domain.

In this post, I'll go through the steps of building an Active Directory domain.  I'll assume you already have Windows Server installed, a host name set and a static IP address assigned to the network interface.  Here, I'm using Windows Server 2016 Technical Preview 4, just because I want to kick the tires on the lastest bits.  The process should be pretty much the same in any other Technical Preview build or Server 2012/2012R2 but has changed vastly from Windows Server 2008R2 and earlier.  Server Manager is vastly different, and the dcpromo command is only there to process an answer file at this point, everything is done via Server Manager.

This is going to be a long post with a lot of screen shots.

When you log into the server, you'll see Server Manager pop up.  In the main field, you'll see common steps numbered from 1 - 5. We're looking for number 2, Add roles and features.

Next, it asks if you want to perform a role-based/feature-based installation, or a remote desktop services installation. Leave the default selected.

Next, you will be asked to select which server you wish to install roles or features on.  One of the nice additions to Server 2012 is the ability to manage multiple servers from a common instance of Server Manger. You can add additional servers to be managed in, and from here install roles and features on other servers in your environment. And if you install the latest Windows Management Framework for Server 2008 or Server 2008R2, you can manage those (although more limited) from Server 2012/2012R2 as well.

In this case, we're don't have a domain set up yet, so the local host should be the only server appearing on the list. Click Next.

Next, you'll want to tick the box next to Active Directory Domain Services.  A box will then pop up labeled Add Roles and Features wizard that informs you of any additional prerequisite roles and features for what you just selected for installation.  Click Add Feature to install these additional options.

Once you have Active Directory selected, do the same for DNS Server.  DNS is an integral part of Active Directory and simply cannot be left out. I've read conflicting reports on whether or not non-Windows DNS Servers can be used, but I've never gotten it working with recent versions of Windows Server if it is indeed still possible.  I'm not really studying advanced Windows Server topics, so I never kept at it.  Has anyone gotten it to work?

Select any other roles you care to install as well.

Here you can select various features to install if your server isn't going to be limited to a domain controller, but I'm not adding anything that hasn't already been automatically selected so I'm just clicking Next again.

Next you'll see this informational box on ADDS.  Feel free to read it, or don't, your call. Click Next.

Another similar box for DNS.  Again, read it or don't and click next.

Here is the final confirmation of what you've chosen to install, and a checkbox at the top selecting whether or not you want the server to reboot if required once the installation has completed, if necessary. Obviously for a production machine that is performing other tasks, you'll want to hold off until a scheduled maintenance window, but in the lab go ahead and let it reboot. Click Install when you're ready to let it begin.  Interestingly enough, this server didn't reboot after installing the Active Directory bits. 

One you let it begin, it's going to take some time to complete, especially if this is in a virtual machine so go ahead and grab a sandwich.

Once the roles and features have finished installing, note the yellow exclamation mark at the top of Server Manger trying to get your attention. If you click that, you'll see the following box indicating that your server is ready to be promoted to a domain controller. Click on "Promote this server to a domain controller" to begin.

The first thing that comes up will ask you about the environment. I'm building a new domain here and naming it firewallninja.info (clever, eh?), so I selected Add a new forest and entered the name.  Fill in the boxes appropriately for you, and then click next.  A bit of a wait here, and a command prompt comes and goes without warning. 

Next it will ask you some questions regarding this domain controller. The first is the FFL and DFL of the domain. Since this is a lab domain, I'm going to select the highest avaiable to ensure I have all the latest/greatest bits to experiment with.  We need to check off DNS and Global Catalog since its the first domain controller in the domain.  Finally, give it a DSRM password that you'll be able to remember. Or not, because in the lab you'll probably be better off just rolling back to a snapshot of this server than trying to fix an problem of the magnitude necessary to use Directory Service Restore Mode.

Next is the DNS Options. Nothing to change here as it is the first domain controller for the domain.

Next is the Additional Options, which consists of nothing more than the NetBIOS domain name. Whatever comes up as the default is fine because who uses NetBIOS anymore?

Next is the directory paths for various parts of Active Directory. Spread the love around to multiple spindels in production, but the defaults are fine in the lab.

Finally we have a summary of all the options selected. If this were a domain controller for an existing domain, you could click view script to get a PowerShell script to run on any additional servers you want to promote to domain controllers.  Click Next again.

Prerequisites will be checked here. There shouldn't be anything stopping you from proceeding at this point, but it will tell you if there is. The one warning is letting you know about a default cryptography option that is not best practice, but chosen for compatibility reasons.  This can be fixed in group policy later if you care to lock this setting down.

Click Install to begin the promotion.

The process will run for some time, and the server will reboot once it's done. The local administrator will be converted to the domain administrator once the process has completed.  There are no local user accounts on a domain controller.

FreeCCNAWorkbook.com in Packet Tracer - Section 4

In this previous post, I began to look into working through the Free CCNA Workbook in Packet Tracer.  I had worked through the first three sections, and found that while there were some unsupported commands here and there, there was not anything missing that I would consider to be a show stopper so far.  So moving along, I have worked through Section 4 tonight and here's what I found. For reference, I am using the latest version of Packet Tracer for Linux available from the NetAcad website at the time of this writing, which is version 6.2.  Your results may vary on the Windows version, but I doubt it.

FreeCCNAWorkbook.com in Packet Tracer Through Section 3

I had a discussion with somebody on line a while back on the feasibility of working through the labs at freeccnaworkbook.com using Cisco Packet Tracer. After a little back and forth and a lot of thought on the matter, I decided to give it a try rather than continue to speculate. Since I haven't used the program in years, I logged into my NetAcad account and downloaded the latest version (6.2.0.0052) and installed it on my desktop. And no, I will not provide you with a copy, so don't bother asking.

Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.

I encountered this problem today on a server running SCVMM 2012. I found a lot of things online suggesting a lot of different possible solutions, but none of them worked for me. Most of the possible solutions involved configuration errors with authentication, but this has worked fine for some time, and only today started giving this problem. Besides that, this server hosts the databases for a number of other apps, and none of those stopped working today, so after a quick check over the SQL Server settings I was left scratching my head.

Yast2 Modules Not Loading in OpenSUSE Leap

I finally upgraded my system from 13.2 to Leap 42.1. There were a few problems along the way, but overall it was a smooth upgrade. I remembered to remove the nVidia drivers, but forgot to disable the nVidia repository so it installed a driver that no longer supports my trusty 8600GT. After figuring that out, networking wasn't working but just needed quickly reconfigured, same for sound. But the one thing that was stumping me was yast2 failing to load any module in GUI mode. No matter which I loaded, I would get the error:



Run command: /sbin/yast2 sound &
terminate called after throwing an instance of 'YUIPluginException'
 what():  Couldn't load plug-in qt
YaST got signal 6 at file /usr/share/YaST2/modules/Wizard.rb:782
 sender PID: 3605
/sbin/yast2: line 440:  3605 Aborted                 $ybindir/y2base $module "$@" "$SELECTED_GUI" $Y2_GEOMETRY $Y2

A quick visit to Google resulted in multiple posts stating that yast2-gtk was needed but isn't getting installed. I use KDE but let's give that a try. zypper in yast2-gtk and nothing changes. So let's try zypper in yast2-qt. This results in libyui-qt6 providing yast2-qt is already installed. I forget why now, but I did a rpm -qa | grep libyui and saw libyui6, libyui-qt-pkg6, etc. So logic would dictate at this point I need libyui-qt7 as well, so I installed that and bingo, it installed a couple of libraries and the sound module now loads. Software management started to load, but then threw up an error that qt-pkg could not be loaded. So zypper in libyui-qt-pkg7 (another package that I had the corresponding version 6 of I overlooked the first time) and I appear to be back in business.

Hope this helps someone. There's a lot of posts stating you need newer version of one package or another, but none that really specify exactly what to install.

AlwaysOn Availability Groups and User Accounts

I recently built a AlwaysOn Availablity Group for my companies database server on SQL Server 2012. With three databases for mission critical applications running on the database server, we needed a little more protection than a weekly backup that we can restore.  So I took two fresh servers, installed Windows Server 2012 Standard and SQL Server 2012 Enterprise on each and found this link, which is a great place to start when building an AlwaysOn Availability group.  There's a couple points that were either missing or noted so briefly that I missed them, but it pretty much covers everything from end to end.  There's also an ebook called "High Availability Solutions" downloadable from Microsoft with a lot more information and detail.

Exchange Server component Mailbox role: Mailbox service failed.

The short version of this story is READ THE LOGS!  Now here's the long version.

I was trying to install Exchange 2013 in my lab environment and kept running into this error consistently. I scoured the Internet and tried everything that was suggested for anything even similar, with no success. At one point I even scrapped the VM and built a new Server 2012R2 VM from scratch, and the same thing happened. The Exchange setup wizard would fail at about 97% into the Mailbox role installation with the following output. It's not all here, because its ultimately wasn't of much use.

Contacting server and signing in...

Apparently Office 365 has this neat feature where your password expires but it doesn't want you to know. This morning I logged into my computer, grabbed my first cup of coffee of the day and sat down.  About 30 minutes later I got an email informing me that I was not signed into Lync.  And sure enough, the client is sitting there still saying "Contacting server and signing in..."

Free CCNA Resources 2.0

Do you want to become a CCNA with little or no cost out of pocket beyond taking the exam(s)? Between my own attempt at the CCNA and my association with forums and blogs where we eat, sleep and breathe Cisco networking, I have collected a number of free resources that I have collected together here in once place in hopes that it will be of help. I'll try to keep this list up to date as I find new material. Feel free to add a link in the comments or let me know if a link no longer works. Most importantly, PLEASE let me know if I was fooled and listed something here that is less than reputable. Happy Studying!

The exam hasn't changed real drastically from the 640-802 version, some tweaks but nothing drastic. So don't be scared away from anything written specifically to that exam.