HOWTO : Create gMSA user account

In last post I wrote few words about MSA and gMSA and in this post I’d like to show you how to make use of gMSA using Powershell of course :).

My test environment is

DS-DC-01 – Windows Server 2012 domain controller
SC-DB-01 – Windows Server 2012 machine for SCCM SQL database
SC-DB-02 – Windows Server 2012 for extending SQL to a cluster.

Continue reading

MSA (Managed Service Account) and its younger brother gMSA

On blog I found really nice tutorial how to create application user in Active Directory. So I’d like to write few words about alternative way to create application users, by using MSA or with Windows Server 2012 gMSA.

What is MSA ?

With Windows Server 2008 R2 Microsoft introduced “Managed Service Accounts” – to simplify account management for accounts, that used by applications on a different servers. In the old times, administrators were creating standard domain users, add this users to local administrators group on the remote computers, assign the “Logon as a service” right and for most of the time set the password to never expire. Moreover if one wanted to be more secure, the “Deny log on locally” right should also be modified. With MSA this was simplified and MSA offers automatic password management (passwords are updated automatically every 30 days) and simplified SPN management which can be delegated to other administrators. Continue reading

httperr.log – just another IIS log ?

Recently a friend reminded me few cases, we were analyzing, while I was working as messaging engineer. We had problems with an application, which was using EWS (Exchange Web Service), trying to get free/busy information from exchange. Then IIS was becoming unresponsive and the only thing we could do was IIS reset. So we used “httperr.log” for the analysis and issue detection. Probably not many of you heard about it, but this log is really useful with issues related to web server.

Continue reading

HOWTO : Creating new Active Directory forest with Powershell

I’ve seen many howtos, manuals how to install Active Directory domain, but they were always GUI based, as example I’ll put just 2 links, one is Technet and second is Petri website. So in this post I’d like to present how to install and configure basic AD forest using Powershell, it requires just a few input data and 2 powershell commands.

Continue reading

Strange registry issue when while trying to add reg value through SCCM

I’m a SCCM rookie and recently I had to set a registry value in HKLM\Software key, so I wrote a simple batch file and using “reg add HKLM/Software/MyKey  /v MyValueName /t REG_Dword /d 1” command and I put it in the batch file. So how the situation works :

  • when I ran the batch file manually the reg key and value was created and set properly
  • when I tried to run same batch file through SCCM the reg key wasn’t created and value was not set

Continue reading