How to Transfer FSMO Roles

 Prerequisites:

  • make sure the user your logged in as a domin administrator that is a schema dministrator

 Transferring the RID Master, PDC Emulator, and Infrastructure Masters via GUI

To Transfer the Domain-Specific RID Master, PDC Emulator, and Infrastructure Master FSMO Roles:
  1. Open the Active Directory Users and Computers snap-in from the Administrative Tools folder.
  2. If you are NOT logged onto the target domain controller, in the snap-in, right-click the icon next to
    Active Directory Users and Computers and press Connect to Domain Controller.
  3. Select the domain controller that will be the new role holder, the target, and press OK.
  4. Right-click the Active Directory Users and Computers icon again and press Operation Masters.
  5. Select the appropriate tab for the role you wish to transfer and press the Change button.
  6. Press OK to confirm the change.
  7. Press OK all the way out.
Transferring the Domain Naming Master via GUI

To Transfer the Domain Naming Master Role:
  1. Open the Active Directory Domains and Trusts snap-in from the Administrative Tools folder.
  2. If you are NOT logged onto the target domain controller, in the snap-in, right-click the icon next to
    Active Directory Domains and Trusts and press Connect to Domain Controller.
  3. Select the domain controller that will be the new role holder and press OK.
  4. Right-click the Active Directory Domains and Trusts icon again and press Operation Masters.
  5. Press the Change button.
  6. Press OK to confirm the change.
  7. Press OK all the way out.
Transferring the Schema Master via GUI

To Transfer the Schema Master Role:
  1. Register the Schmmgmt.dll library by pressing Start > RUN and typing:
regsvr32 schmmgmt.dll
  1. Press OK. You should receive a success confirmation.
  2. From the Run command open an MMC Console by typing MMC.
  3. On the Console menu, press Add/Remove Snap-in.
  4. Press Add. Select Active Directory Schema.
  5. Press Add and press Close. Press OK.
  6. If you are NOT logged onto the target domain controller, in the snap-in, right-click the Active Directory Schema icon in the Console Root and press Change Domain Controller.
  7. Press Specify …. and type the name of the new role holder. Press OK.
  8. Right-click right-click the Active Directory Schema icon again and press Operation Masters.
  9. Press the Change button.
  10. Press OK all the way out.
Transferring the FSMO Roles via Ntdsutil

To transfer the FSMO roles from the Ntdsutil command: 
Note: Using the Ntdsutil utility incorrectly may result in partial or complete loss of Active Directory functionality.
  1. On any domain controller, click Start, click Run, type Ntdsutil in the Open box, and then click OK.
Microsoft Windows [Version 5.2.3790] (C) Copyright 1985-2003 Microsoft Corp.
C:WINDOWS>ntdsutil ntdsutil:
  1. Type roles, and then press ENTER.
ntdsutil: roles fsmo maintenance:
Note: To see a list of available commands at any of the prompts in the Ntdsutil tool, type ?, and then press ENTER.
  1. Type connections, and then press ENTER.
fsmo maintenance: connections server connections:
  1. Type connect to server , where is the name of the server you want to use, and then press ENTER.
server connections: connect to server server100 Binding to server100 ...
Connected to server100 using credentials of locally logged on user. server connections:
  1. At the server connections: prompt, type q, and then press ENTER again.
server connections: q fsmo maintenance:
  1. Type transfer . where is the role you want to transfer.
Options are:

Transfer domain naming master 
Transfer infrastructure master 
Transfer PDC 
Transfer RID master 
Transfer schema master
  1. You then see a warning popup asking if you want to perform the transfer. Select Yes to continue.
  2. Then after you transfer the roles, type q and press ENTER until you quit Ntdsutil.exe.
  3. Restart the server and make sure you update your backup.

How to Install Windows 2012 OS on ESXi5

                       Unable to Install Windows 2012 OS on ESXi5

  • You might face issues while installing Windows 2012 Operating system on ESXi 5.0.

    and see an error on the screen " Your PC ran into a problem and needs to restart. We're just collecting some error info and

     then we'll restart for you".

    Hmmmmmmm.. What happen to my ESX, do it support Windows 2012 installation or not .
  • No worries , sure ! it will support but need a patch to be installed on ESXI 5.0 and then proceed with installation.

    Let us see what is the required patch.
     
  • Download the patch "ESXi500-201112001.zip" for ESXi 5.0 for the below web site.

    http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=2007680
  • Now upload this Patch "ESXi500-201112001.zip" to the datastore of ESX.


  •  Locate path to your patch file and insert the path in the below command and initiate it.

esxcli software vib install -d //vmfs/volumes/4fe219e4-abbfe325-de54-6c626d54121a/isoimages/ESXi500-201112001.zip


  •  Once the installation is completed you will get the installation result where you can see the message " The update completed successfully, but the system needs to be rebooted for the changes to be effective.
  • Now enter the command "reboot" to reboot you esxi host. Done the patch was installed successfully.
  •  Let us test if we can install Windows 2012 OS in our ESXi 5.0 now.
  • Open your ESXi and start creating a new VM and select windows OS option as Windows 2008 R2 64bit.

  • Attach the Windows 2012 ISO to CD/DVD drive of your VM and power on the Virtual machine and now the installation of the 2012 OS will complete successfully.
                     :-)  Issue solved.
           Remote Desktop Web Access (RD Web Access) for External Internet Users

Today i went through an issue where remote desktop services configured for web access. We have a valid certificate and every thing seems to be fine.

We are able to access the RD Web APP both internally and externally, I can initiate RDP to the computers Internally and when it comes to External i am unable to initiate RDP, error " could not connect to the computer".

I have investigated on this and noticed that for External access of remote servers using RD web app we need to have any of the below condition.

  • VPN Access: If are having the customers VPN connected then we can access the computers using RD Web app. 
  • RD gateway server: The second option which is the very important option for easy RD web accessing of computer. We need to install the RD gate way service to the Remote Desktop Services role and need to configure this.

Few things to do after installing RD gateway: 

1. At "test.testing.com", log in as Administrator.
2. Launch "Internet Information Services (IIS) Manager".
3. Expand "test> Sites > Default Web Site > RDWeb > Pages".
4. In the detail pane, double-click "Application Settings".
5. Double-click "DefaultTSGateway".
6. Under "Value", type "test.testing.com".
7. Click "OK".

What happens if RD gate way role is installed and configured properly.

  1. The users who are coming to access the network resource  (Remote computers etc.) they will be authenticating to RD gateway and from there it will be routing to the selected computer and establishes a session.


    Issue is resolved we are able to access the network computers out side the internet using RD Web Access App successfully. :-)

Active Directory operation failed on lyncserver.lync.local, you cannot retry this operation "Insufficient access rights to perform the operations"

When i am enabling a domain administrator in the Lync control panel i am getting the following the following error:
-------------
Active Directory operation failed on “lyncserver.lync.local". You cannot retry this operation: “Insufficient access rights to perform the operation 00002098, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0″.
You do not have the appropriate permissions to perform this operation in Active Directory. One possible cause is that the Lync Server Control Panel and Remote Windows PowerShell cannot modify users who belong to protected security groups (for example, the Domain Admins group). To manage users in the Domain Admins group, use the Lync Server Management Shell and log on using a Domain Admins Account. There are other possible causes. For details, see Lync Server 2010 Help.
-------------

Solution:

  • Open Active Directory users and computers snap in.
  • Select advanced features from Veiw option.
  • Now go to the user properties and security tab.
  • Select advanced button and select check mark “Include Inheritable Permissions from this object’s parent".
  • Come back to Lync control panel and start enabling user, it will get enabled successfully.


    :-) :-)

Microsoft Lync error - The central management stores must match before the topology can be published - Can not Publish Topology because Central Management Store not matched

 

This was the Error i got when i am trying to publish the Lync topology.

What happen is first i tried lync installation in abc server and published it, durin this the configuration store location set at abc.lync.com\rtm.

No i have few issues with this abc server and started deployment on abc1 server and when i am trying to publish it i got the following error.

"The existing topology  identifies abc.lync.com\rtc as the central management store, but the topology that you are trying to publish indentifies abc1.stg.local\rtc as the central management store. The central management stores must match before the topology can be published."

 

Resolution step: 

The resolution is in two steps get the  Central management stores info and delete it using Lync shell.


  • Initiated get-CsConfigurationStoreLocation which given me the below configuration store location.
    PS C:\Users\prakash.nimmala> get-CsConfigurationStoreLocation
    abc.lync.com\rtc
  • Initiated remove-CsConfigurationStoreLocation to remove configuration store location from lync memory.
    PS C:\Users\prakash.nimmala> remove-CsConfigurationStoreLocation

    Remove existing configuration store location?
    Removing the configuration store location set to "abc.lync.com\rtc"
    will break your Lync Server deployment.  Do you want to continue?
    [Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help
    (default is "Y"):y
  • Tried publishing the Lync topology again and i went successfull.

:-) :-) :-) :-)

Active Directory Error: "The module "schmmgmt.dll" loaded but the call to DllRegisterServer failed with error code 0x80040201"

 

 Today i am trying to trasfer the FSMO role to one of my other test domain controller. All the roles trasfered successfully except Schema Master role.

When i am trying to register the Active Directory Schema Snap-in, i got the following error "The module "schmmgmt.dll" loaded but the call to DllRegisterServer failed with error code 0x80040201"



What is this error and why it is generated ??

This is not a critical error, it is due to User Account Control (UAC) limiting to initiate the command successfully.

We  need to run the command from an elevated command prompt to register the Snap-in successfully.


Here the User Account Control (UAC) might be limited our capability even we logged on using an account that is a member of the Schema Admins group. we need to login or start an elevated command prompt using an account that is a member of the Schema Admins group and the command completes successfully.