Syncing Windows Time service to an external source

It is important to have the Windows Time Service on a DC on the network pointing to an external NTP source to keep time in sync.

There is an article here which tells you how:

https://support.microsoft.com/en-us/help/816042/how-to-configure-an-authoritative-time-server-in-windows-server

I’ve condensed it here to a reg file you can create and run.

Copy the following code into a text document, name it time.reg and run it on a DC.

Then restart the time service with the command:

net stop w32time && net start w32time

Give it a few seconds and the clock should correct itself.

If it is a virtual machine make sure that the Hyper Visor isn’t pushing time out to it, as the server will take that as priority. For example on Hyper-V go to the VM Settings, and Integration Services and un-tick Time synchronization.

The registry file

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer]
“Enabled”=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters]
“NtpServer”=”0.europe.pool.ntp.org,0x1 1.europe.pool.ntp.org”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\SpecialPollInterval]
“SpecialPollInterval”=dword:900
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config]
“MaxPosPhaseCorrection”=dword:00000e10
“MaxNegativePhaseCorrection”=dword:00000e10

 

Migrating from NTFRS to DFSR replication of Sysvol

DFSR replication of sysvol is much more reliable, and NTFRS is being deprecated after Windows Server 2016.

This is how to migrate to DFSR. The information here is gleamed from :

https://blogs.technet.microsoft.com/filecab/2014/06/25/streamlined-migration-of-frs-to-dfsr-sysvol/

and the long version:

https://technet.microsoft.com/en-us/library/dd640019%28v=WS.10%29.aspx?f=255&MSPPError=-2147217396

Check forest functional level using domain.msc and raise if below 2008.

Force a replication with:

Repadmin /syncall /force /APed

this is optional, but will speed things up, and you can use this replication to check for errors.

Check event log for errors, especially the File Replication Service logs.

Repadmin /replsummary

Check that replication is working.

Dcdiag /e /test:sysvolcheck /test:advertising

Fix any errors.

Next the migration.

dfsrmig /setglobalstate 1

Run

dfsrmig /getmigrationstate

Do not proceed further until it tells you that “All domain controllers have migrated successfully to the Global state.”

dfsrmig /setglobalstate 2

Again check it with

dfsrmig /getmigrationstate

And make sure all DCs have migrated.

Finally

dfsrmig /setglobalstate 3

And it is finished when

dfsrmig /getglobalstate

tells you that all DCs have migrated successfully.

You can apparently go straight to state 3, but it doesn’t take long to go the full route, so better taking a little time.

 

Windows update CAB file build up

We’ve had a spate of PCs filling up their disks recently, and it seems to stem from a bug in Windows update.

The issue occurs because an accumulated update log file grows, and generates a series of CAB files “cab_xxx_x” in the temp folder (normally c:\windows\temp).

The issue isn’t new, I found references to it dating back to 2012. It seems to be a bug with Windows Update on Windows 7 and Windows Server 2008 R2.

If you just delete the CAB files they will come back. The solution seems to be to do the run the following commands:

net stop wuauserv 
net stop trustedinstaller

rmdir /s c:\windows\softwaredistribution
del c:\windows\temp\*.* /s /f /q

net start wuauserv
net start trustedinstaller

If you don’t stop the services first you may not be able to delete the files.

Next step is to run Windows update. Windows 7 and 2008 R2 have a huge number of updates to do from a fresh install, which is why this log file builds up. Deleting the files resets the log, but if there are still too many to do the issue may come back.

I set up a monitor on SolarWinds N-Central to check all our clients temp folder sizes and to run the above as a script if it was over 15GB. That should prevent any space issues on-going.

Alternatively just upgrade to Windows 10 and Server 2016 – they don’t have this problem.

Using Office 365 as your SMTP server on a 3CX PBX

If you want to use Office 365 as your SMTP email server for a 3CX PBX you are best setting up a Connector on the Exchange Online account. I am assuming that your PBX is on the end of a static IP address.

First configure your 3CX server. Under Email and settings set the mail server to match your MX record. This usual follows the format domain.mail.protection.outlook.com where domain is your email domain with hyphens instead of dots.

Set a reply to address on the same domain. I always use pbx @ sfax.co.uk, it doesn’t go anywhere, I don’t expect anyone to reply to it.

You don’t need a username or password or to enable SSL/TLS as we will set up a connector to receive the email.

Next log on to your Office 365 portal as an administrator, and open your Exchange Admin Center. From there pick connectors under mail flow.

Create a new Connector.

Pick from: Your organization’s email server

To: Office 365

Give it an appropriate name:

Next select By Verifying that the IP address of the sending server matches one of these addresses that belong to your organization

Click the plus to add an IP address and enter your PBX’s internet IP address

Save the connector and you are good to go.

http://3cx.co.uk

http://portal.office.com

Manually syncing Azure AD

When Azure Connect is setup the quickest way to fire off a manual sync is through powershell.

For a full sync (new accounts etc):

import-module adsync
Start-ADSyncSyncCycle -PolicyType Initial

For a incremental sync (faster but not as thorough):

import-module adsync
Start-ADSyncSyncCycle -PolicyType delta

I normally save these as .ps1 files on the desktop of the server to I can quickly run them.

Moving FSMO Roles with Powershell

Another article about a command that I can never remember the syntax when I need it.

The information here is from: https://social.technet.microsoft.com/wiki/contents/articles/6736.move-transfering-or-seizing-fsmo-roles-with-ad-powershell-command-to-another-domain-controller.aspx

To transfer all roles use:

Move-ADDirectoryServerOperationMasterRole -Identity “Target-DC” -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator

To seize the roles append -Force.

You can also substitute the role names with numbers, making a more manageable:

Move-ADDirectoryServerOperationMasterRole -Identity “Target-DC” -OperationMasterRole 0,1,2,3,4 -Force

Much easier to remember than trying to remember which bit of the gui does which role.

Older servers use ntdsutil.exe:

https://support.microsoft.com/en-gb/help/255504/using-ntdsutil.exe-to-transfer-or-seize-fsmo-roles-to-a-domain-controller

Gamma SIP Trunks on 3CX

Love using Gamma SIP trunks on 3CX, but it does annoy me that the built in SIP provisioning template doesn’t work well out to the box. I’m probably being finickity, but it would be nice if the templates just asked you what they need to work and put it where it should be.

So here is how we set up Gamma trunks.

3CX Gamma SIP trunk settings
3CX Gamma SIP trunk settings

First part is done for you out of the template. Use the Registrar server from the SBC section on the Gamma portal. They do have several, so don’t assume all your clients are the same.

3CX SIP trunk Authentication settings
3CX SIP trunk Authentication settings

Note format of Authentication ID. This is the main number that Gamma assign to the SIP trunk. We use E.164 format, not sure if changing that would change the format of this. Gamma authenticate using IP, but still need this to be correct.

3CX SIP Trunk Routing
3CX SIP Trunk Routing

Main trunk number is the main CLI that Gamma have given you routing is obviously your own.

SIP trunk default Caller ID
SIP trunk default Caller ID

We use CLI Flexibilty on most of our Gamma trunks which allows us to define the outgoing CLI that we present. Useful if, like us, you are using a non-geographic number, or are migrating to Gamma and want to use your existing numbers whilst they port.

We define our default caller ID here. This is the default, you can define individual ones under a users extension settings.

P-Asserted Identity settings in Outbound Parameters
P-Asserted Identity settings in Outbound Parameters

I’ve truncated most of the image because the template is correct, but to use CLI Flexibility you have to present a P-Asserted Identity to Gamma. This passes your authentication DDI as the From part of the SIP conversation will show the CLI you set above.

This is on 3CX v15, but the settings are the same for previous versions.

http://www.gamma.co.uk/partners/

3CX Logo

Using subst to map a drive to help restore from a volume shadow copy

I needed to copy only missing files from a volume shadow copy back to a clients share after clearing out crypto malware encrypted files, and I found a new favourite command:
subst drive1: drive2:path
Substitutes a path for a drive letter, for example:
subst x: c:\users\adam\desktop

maps x: to my desktop in my profile.

Where this came in particular handy for me we using robocopy to restore files an folders out of a volume shadow copy (previous version).

I wanted to run robocopy a: b: /xc /xn /xo /s which only copies missing files, and does not copy existing files – regardless of age or difference, to extract missing files from the shadow copy.

So first I found the path to the file by right clicking on a file in the shadow copy and copying the location then running subst:

subst x: "\\localhost\C$\@GMT-2016.10.24-14.01.30\Server Shares\Company"

I could then run my robocopy from the x: drive.

Finished off with subst x: /d to remove the drive mapping.

Useful write up here:

https://chaoliu12.wordpress.com/2013/02/11/restore-files-from-shadow-copy/

And subst technet article here:

https://technet.microsoft.com/en-gb/library/bb491006.aspx

Extracting useful user information from Exchange 2010 with Powershell

Finishing a migration to Office 365 and want to send the client a list of remaining user mailboxes that need moving (or deleting!).

get-mailbox and get-mailboxstatistics both have their uses, but I really needed to use something that combined them both.

I found the solution at https://www.experts-exchange.com/questions/28399371/Combining-Get-Mail-Get-Mailboxstatistics-To-Pull-UsageLocation-LastLogonTime.html

And adapted it to my own means:

Get-Mailbox -ResultSize Unlimited | sort-object | Select-Object Name, primarysmtpaddress, @{n="Mailbox Size";e = {$MBXstat = Get-MailboxStatistics $_.name; $MBXstat.TotalItemSize}}, @{n="LastLogonTime";e = {$MBXstat = Get-MailboxStatistics $_.name; $MBXstat.LastLogonTime}} | Export-Csv C:\temp\LastLogonTime.csv

This outputs the User name, Primary SMTP Address from get-mailbox and Mailbox size (formatted to MB) and last logon time from get-mailboxstatistics.