Renaming a Windows 2003 Domain Controller

Renaming a Windows Server 2003 Active Directory Domain Controller using the ‘netdom’ tool’

Whilst not an everyday occurrence, I would recommend deploying a new machine and running dcpromo on it in order to achieve this result. However, a native Windows 2003 Active Directory environment will permit name changes on Domain Controllers.

Please note that this is NOT possible in a Windows 2000 Server Active Directory Domain.

This guide illustrates the required commands for renaming the server ‘’ to ‘’ (notice no ‘1’ in the name anymore)

Step One; add the additional name to the computer object.

Open a command prompt window and type:

netdom computername /

Successfully added as an alternate name for the computer.

The command completed successfully.

Service Principal Name (SPN) attributes will be updated using the netdom command and DNS records will be created for the new computer name.

After allowing sufficeient replication time I would suggest you verify the secondary name has been registered correct in Active Directory using adsiedit.msc. Simply find the original Computer Object and check the msDS-AdditionalDnsHostName attiribute has been populated with the new name.

Step Two; make the new name the primary name for the computer object.

Next, run the following command:

netdom computername /

Successfully made the primary name for the computer.

The computer must be rebooted for this name change to take effect. Until then this computer may not be able to authenticate users and other computers, and may not be authenticated by other computers in the forest. The specified new name was removed from the list of alternate computer names. The primary computer name will be set to the specified new name after the reboot.

The command completed successfully.

Using ADSI edit you will now see that the msDS-AdditionalDnsHostName attribute for the Computer Account is now populated with the old name.

Step Three; reboot the server.

Proceed with a reboot of the server.

Step Four; remove the old name.

Finally, run the command:

netdom computername /

Successfully removed as an alternate name for the computer.

The command completed successfully.

And that’s it!

Reset the DSRM Password

How to reset the Directory Services Restore Mode (DSRM) Password

The importance of the DSRM password is often forgotten; many administrators will have never used Directory Services Restore Mode.

There is a simple procedure for resetting this crucial password using ntdsutil; from a command prompt window run the following commands:


nntdsutil: set dsrm password
Reset DSRM Administrator Password: reset password on server domainController1
Please type password for DS Restore Mode Administrator Account: ********
Please confirm new password: ********
Password has been set successfully.
Reset DSRM Administrator Password: quit
nntdsutil: quit


If you\\”ve forgotten your DSRM password, or you have any doubts I’d seriously reccomend changing the password so you know exactly what it is.

Identify / Determine FSMO role holders in Active Directory

Identify / Determine / Find FSMO role holders in Active Directory

Illustrates how to use the ‘netdom‘ tool in order to find the FSMO role holders within your environment. These days the process for identification of FSMO role holders seems to be described in the most complex and long-winded of ways. Yes yes yes, this process can be done using the MMC snap-ins; Active Directoryy Users and Computers, Active Directory Domains and Trusts and Active Directory Schema. However, using the netdom utility supplied with the Windows Server 2000 / 2003 support tools it is possible to display this information almost instantly, in a single command window.

Simply run the following command form a command window.

netdom query fsmo

The output you recieve should look something like:

Schema owner
Domain role owner
PDC role
RID pool manager
Infrastructure owner

The command completed successfully

VBScript ; Montior Exchange DB Size

VBScript ; Montior Exchange 2000/2003 Standard DB Size

Aimed at the SMB users running with the 16GB limit, this customisable vb script will warn you when the Microsoft Exchange Database size exceeds a certain size in GB.\r\n\r\nThe script could easily be modified for use with all versions of Exchange depending on what limit you’re worried about, be it software or hardware restricted.’, ‘Simply copy the following code into notepad and save it as a ‘.vbs’ file. The script needs to run from the mailserver itself, I run it as a scheduled task at start-up.

In order to avoid excessive notifications the script quits upon notification, you must re-run the script in order to continue monitoring.

You need to modify the areas highlighted in bold. I have configured the script to alert me via when the DB size reaches 15GB.

The script is called using a batch file which contains the following line:

cscript.exe c:\scripts\script_name.vbs

Dim fileSize, fileSize2, totalSize, checkFile, strComputer, objWMIService
Dim setFormat, MessageTitle, messageBody, SizeFormat

Set WshShell = CreateObject(“WScript.Shell”)
Set objNetwork = CreateObject(“Wscript.Network”)
Set fso = CreateObject(“Scripting.FileSystemObject”)

strComputer = “.”
Set objWMIService = GetObject(“winmgmts:” _
& “{impersonationLevel=impersonate}!\\” & _
strComputer & “\root\cimv2”)

Set colMonitoredEvents = objWMIService.ExecNotificationQuery _
(“SELECT * FROM __InstanceModificationEvent WITHIN 10 WHERE ” _
& “TargetInstance ISA ‘CIM_DataFile’ and ” _
& “TargetInstance.Name=’e:\\ExchangeDB\\MDBDATA\\priv1.edb'”)

Set objLatestEvent = colMonitoredEvents.NextEvent
filesize = 0
filesize2 = 0
totalSize = 0

target = “e:\ExchangeDB\MDBDATA\priv1.stm”
Set checkFile = fso.GetFile(target)

fileSize = SetBytes(checkFile.size)
filesize2 = SetBytes(objLatestEvent.TargetInstance.FileSize)

totalSize = filesize + filesize2
Wscript.Echo “Exchange DB size is” & totalSize & SizeFormat

If (filesize + filesize2 ) > 15 Then
messageBody = “Danger Will Robinson! Exchange DB size at ” & totalSize & SizeFormat & vbCrlf & vbCrlf _
& “Please restart this script on the server.”
End If

Function SetBytes(Bytes)
If Bytes >= 1073741824 Then
SetBytes = Round(FormatNumber(Bytes / 1024 / 1024 / 1024, 2), 2)
SizeFortmat = “GB”
ElseIf Bytes >= 1048576 Then
SetBytes = Round(FormatNumber(Bytes / 1024 / 1024, 2), 2)
SizeFortmat = “MB”
ElseIf Bytes >= 1024 Then
SetBytes = Round(FormatNumber(Bytes / 1024, 2), 2)
SizeFortmat = “KB”
ElseIf Bytes < 1024 Then
SetBytes = Bytes
SizeFortmat = “Bytes”
SetBytes = “0 Bytes”
End If
End Function

Sub SendEmail
Set objMessage = CreateObject(“CDO.Message”)

objMessage.Configuration.Fields.Item _
(“”) = 2

‘FQDN / IP Of SMTP Server
objMessage.Configuration.Fields.Item _
(“”) = strComputer

‘SMTP Port
objMessage.Configuration.Fields.Item _
(“”) = 25


objMessage.Subject = strComputer & “: Exchange Database Size”
objMessage.From = “[email protected]
objMessage.To = “[email protected]
objMessage.TextBody = messageBody
End Sub

VBScript ; Event ID 36 IWAM IIS Monitor

VBScript ; Event Log Monitor – Event ID36 W3SVCS and DCOM 10004 Errors

IIS IWAM accounts usually automatically sync every 7 days. This process was causing chaos on our AD domain with a variety of different IIS servers; from Citrix Web Interface servers to VMWare management pages.

Page Cannot Be Displayed Errors are accompanied by DCOM 10004 errors and W3SVC 36 errors in the System Event log. The problems can be resolved by running the ‘syniwam.vbs’ script. In order to both detect and eliminate this problem whilst we troubleshooted the root cause I wrote a script that would detect these errors in the event log and automatically run the synciwam.vbs script.

The vbscript file must be configured to run every 5 minutes on the server you wish to protect. The script will establish the local time difference from UTC (which is required when searching the event log). Once found it will check the System Event Log for any event code 36 errors in the last 5 minutes. If there are any the script will call the synciwam.vbs script file. The script will then send an email to the desired user via a mail server of choice. I have highlighted the code that you must change in bold.

You can change the search period and increase it from 5 minutes if required. I have made the text red on this part of the script. Remember if you do this to change the frequency of the scheduled task to match your required time period.

‘Event Log checker to protect IIS Web Sites

‘Contact Chris Bradford for details.

‘Option Explicit
Const ForReading = 1
Const ForWriting = 8

Dim objFso, objFolder, objWMI, objEvent ‘ Objects
Dim strFile, strComputer, strFolder, strFileName, strPath ‘ Strings
Dim intEvent, intNumberID, intRecordNum, colLoggedEvents, arrHistory, Compare

For Each LocalTimeZone in GetObject(“winmgmts:”).InstancesOf(“Win32_ComputerSystem”)
TimeZoneOffset = LocalTimeZone.CurrentTimeZone

Wscript.Echo “The current time difference is ” & TimeZoneOffset & ” minutes (” & TimeZoneOffset/60 & ” hrs)”

DateToCheck = CDATE(DateAdd(“n”,-5,Now))

If TimeZoneOffset > 0 Then
UTCDate = DateAdd(“n”, -ABS(TimeZoneOffset), DateToCheck)
UTCDate = DateAdd(“n”, ABS(TimeZoneOffset), DateToCheck)
End if

WScript.Echo “UTC Date/Time: ” & UTCDate

Set objNetwork = CreateObject(“Wscript.Network”)
strComputerName = objNetwork.ComputerName

‘ ——————————————–
‘ Set your variables
intNumberID = 36 ‘ Event ID Number
intRecordNum = 0

strComputer = “.”

Set objWMI = GetObject(“winmgmts:” & “{impersonationLevel=impersonate}!\\” & strComputer & “\root\cimv2”)

WScript.Echo “Looking for events newer than: ” & UTCDate & “(UTC Date) and event ID: ” & intNumberID

Set colLoggedEvents = objWMI.ExecQuery(“Select * from Win32_NTLogEvent Where Logfile = ‘System’ AND TimeWritten > ‘” & UTCDate & “‘ and EventCode = ’36′”)

intEvent = 0
For Each objEvent in colLoggedEvents
IntEvent = intEvent +1

WScript.Echo “Number of errors: ” & IntEvent

If intEvent > 0 Then
WScript.Echo “Error detected”
Set objShell = CreateObject(“WScript.Shell”)

command = “cscript.exe “
command_arg1 = “D:\Inetpub\AdminScripts\synciwam.vbs” ‘Location of synicwam AdminScript
objShell.Run command & command_arg1
End If

Sub SendEMail
Set objMessage = CreateObject(“CDO.Message”)

‘==This section provides the configuration information for the remote SMTP server.
‘==Normally you will only change the server name or IP.

objMessage.Configuration.Fields.Item _
(“”) = 2

‘Name or IP of Remote SMTP Server
objMessage.Configuration.Fields.Item _
(“”) = “mailserver”

‘Server port (typically 25)
objMessage.Configuration.Fields.Item _
(“”) = 25


‘==End remote SMTP server configuration section==

objMessage.Subject = strComputerName & “: W3SVC Error.”
objMessage.From = strComputerName & “”
objMessage.To = [email protected]
objMessage.TextBody = “W3SVC error detected on ” & ServerName & vbCr & vbCr & “synciwam.vbs automatically script run.”
End Sub

VBScript ; Enable Out-Of-Office (OOO)

VBScript ; Enable Out-Of-Office (OOO)

The following script will allow you to enable Out Of Office on any users mailbox (provided you have permissions that it…)

Set objMAPISession = CreateObject(“MAPI.Session”)

‘strExchangeSvr = InputBox(“Please provide the name of your Exchange Server”)
strExchangeSvr = “mailserver-name”

strMailbox = InputBox(“Please enter the mailbox name to enable Out-Of-Office…”)

strMAPI = strExchangeSvr & vbLf & strMailbox

On error Resume Next

objMAPISession.Logon “”, “”, False, True, 0, False, strMAPI

If err <> 0 Then
Wscript.Echo “An Error occured: ” & err.description
Wscript.Sleep 7000
End If

strOOOMessage = InputBox(“Please enter Out-Of-Office message…”)

objMAPISession.OutOfOfficeText = strOOOMessage
objMAPISession.OutOfOffice = 1
strOOOMessage = objMAPISession.OutOfOfficeText

Set objMAPISession = Nothing
MsgBox “All done”


IAS RADIUS Server Configuration for 802.1x EAP-MS-CHAP v2

IAS RADIUS Server Configuration for 802.1x EAP-MS-CHAP v2

This article describes the steps required to setup a resiliant 802.11x Wifi RADIUS authentication infrastructure; a must for any SMB.

This article assumes you have configured your Wireless Access Point with the desired radius server IP addresses / FQDNs and a shared secret.

IAS/Certificate Services Installation/Configuration Primary RADIUS Server

To optimize IAS authentication and authorization response times and minimize network traffic, install IAS on a domain controller.

  1. First, install IIS on your Domain Controller.
  2. Next, install Enterprise Certificate Authority Root – Enterprise Root Server Mode> Give the CA the same name as the server’s name
  3. Next Create a new Global Group > ‘Wireless Users and Computers’ Add Computer AND User Objects into this group that you wish to grant IAS RADIUS Access.
  4. Ensure that Users Account are configured to grant Remote Access (Dial In) permissions.
  5. Next Install IAS (via Add/Remove Programs > Windows Components)

You will also need to request a NPS/IAS/RADIUS Server Authentication certificate for each IAS server you wish to configure.

Create IAS RADIUS Clients

Next load the IAS MMC Snap-In Select Clients

  1. Rt-Click Clients > New > Enter a Friendly Name
  2. Ensure that Protocol is ‘RADIUS’
  3. Enter Access Point IP Address
  4. Select RADIUS Standard as the client vendor.
  5. Tick the Client must always send the signature attribute in the request
  6. Enter the shared secret as configured on the AP
  7. Click Finish


Configure Remote Access Policies

  1. Select Remote Access Policies
  2. Rt-Click Remote Access Policies > New Remote Access Policy>
  3. Enter a friendly name
  4. Click Next
  5. On the conditions window, click Add
  6. Select Windows Groups and click Add
  7. Click Add and then set Domain as location and earch for the Global Group, then click OK, you will return to the conditions window
  8. Click Add, select NAS-Port-Type and then select Wireless – IEEE 802.11
  9. Click Add, select Wireless – Other and then Click Add, you will return to the conditions window.
  10. Click Next
  11. Select Grant Remote Access Permission
  12. Click Edit Profile then select the ‘Authentication’ tab
  13. Enable Extensible Authentication Protocol, select PEAP as the EAP type from the drop down box
  14. Disable all other authentication types
  15. Click Configure under the Extensible Authentication Protocol group
  16. Ensure that Secured Password (EAP-MSCHAP-V2) is listed
  17. Select the IAS/RADIUS Server Authentication certificate you wish use for authentication (note if the certificate is to be replaced in future change it here)


    18. Click OK

    19. Click OK until the Remote Access Policy Configuration Window disappears!


Perform the steps as above on the Secondary RADIUS server.

Client Configuration

Once laptop has detected AP, configure advanced options:

                Network Authentication should be set as: WPA using TKIP Data encryption
                Under Authentication select Protected EAP
                                Select Properties
                                Ensure Validate Server Certificate is selected
                                Ensure that Connect to these servers contains the RADIUS servers FQDN’s
                                Scroll down and select both RADIUS server certificates under Trusted Root Cert. Authorities
It may be necessary to manually install one of the Certificates to your client.

Client configuration can be completed using Group Policy; Computer Configuration/Windows Settings/Wireless (802.11) Policies

Manual Certificate Installation

Navigate Internet Explorer to:

  • http://your-certificateserver1/certsrv
  • http://your-certifcateserver2/certsrv

From each server retrieve the CA certificate’; download the CA certificate in DER encoded format.

ON the client load MMC and add the Certificates snap-in, select Computer account > Local computer. Expand Trusted Root Certificate Authorities and Select Certificates  > Right-Click certificates > Import >  Select the first RADIUS server’s CA certificate


Automatic MAPI Profile Creation for Outlook XP / 2000/3/7

Automatic MAPI Profile Creation for Outlook 2000 / XP / 2003 & 2007

Like many Wintel Administrators I was presented with the requirement to automate MAPI profile creation on our Citrix Farm; this requirement was later extended to our Windows XP workstations running a multitude of different Outlook versions.

When auto-generating a MAPI profile in Outlook 2000 (Outlook v9) it is necessary to use the NewProf.exe tool along with a PRF file, newer versions of Outlook (Outlook v10+) are able to read a PRF file directly if configured to read the file on first run for a user.

The following script is Cross Platform (i.e Windows and Outlook) compatible; and must be used along with the PRF file further down:

Const ForReading = 1
Const ForWriting = 2

Set WshShell = CreateObject(“WScript.Shell”)
Set fso = CreateObject(“Scripting.FileSystemObject”)
windir = WshShell.ExpandEnvironmentStrings(“%windir%”)

Set objNetwork = CreateObject(“Wscript.Network”)
currentDomain = objNetwork.UserDomain
currentUser = objNetwork.UserName

‘——————————– Mk2
‘Create an instance of Outlook so that it can be queried for it’s version
Set objOLK = CreateObject(“Outlook.Application”)
OLKVer = left(objOLK.Version,inStr(1,objOLK.Version,”.”)-1)

‘If Outlook version is later than 2000 then make this registry change so that Outlook imports the PRF on first run
If OLKVer > 9 Then
‘Set Wsh = CreateObject(“Wscript.Shell”)
If CheckRegKey(“HKEY_CURRENT_USER\Software\Microsoft\Office\” & OLKVer & “.0\Outlook\Setup\First-Run”) = TRUE Then
RetVal = WshShell.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Office\” & OLKVer & “.0\Outlook\Setup\First-Run”)
End If
RetVal = WshShell.RegWrite(“HKEY_CURRENT_USER\Software\Microsoft\Office\” & OLKVer & “.0\Outlook\Setup\ImportPRF”,_
WshShell.ExpandEnvironmentStrings(“%USERPROFILE%”) & “\My Documents\PST\Outlook.prf”)
‘Set Wsh = Nothing
End If

‘———————— Establish 16bit names for fso – required for newprof tools
arrPath = Split(WshShell.ExpandEnvironmentStrings(“%USERPROFILE%”),”\”)
For Each str in arrPath
If Len(str) > 7 Then
str = Left(str,6) & “~1”
End If
If fullpath = “” Then
fullpath = str
fullpath = fullpath & “\” & str
End If
savePath = fullpath & “\MYDOCU~1\PST\”

If Not fso.FileExists(WshShell.ExpandEnvironmentStrings(“%SYSTEMROOT%”) & “\Outlook.prf”) Then
End If

‘Read contents of Template prf file
Set fsoTextStream = fso.OpenTextFile(WshShell.ExpandEnvironmentStrings(“%SYSTEMROOT%”) & “\Outlook.prf”, ForReading)
strTmpPrf = fsoTextStream.ReadAll

‘Search though the array of lines and replace anything with %username% with logon name
Set vbsRegExp = New RegExp
vbsRegExp.Pattern = “%username%”
vbsRegExp.Global = True
vbsRegExp.IgnoreCase = True
strNewPrf1 = vbsRegExp.Replace(strTmpPrf,currentUser)
Set vbsRegExp = Nothing

‘Search though the array of lines and replace anything with %userprofile% with env var userprofile
Set vbsRegExp = New RegExp
vbsRegExp.Pattern = “%userprofile%”
vbsRegExp.Global = True
vbsRegExp.IgnoreCase = True
strNewPrf2 = vbsRegExp.Replace(strNewPrf1,savePath)
Set vbsRegExp = Nothing

If Not fso.FolderExists(WshShell.ExpandEnvironmentStrings(“%USERPROFILE%”) & “\My Documents\PST\”) Then
fso.CreateFolder WshShell.ExpandEnvironmentStrings(“%USERPROFILE%”) & “\My Documents\PST\”
End If

If Not fso.FileExists(WshShell.ExpandEnvironmentStrings(“%USERPROFILE%”) & “\My Documents\PST\Outlook.prf”) Then
‘fso.DeleteFile(WshShell.ExpandEnvironmentStrings(“%USERPROFILE%”) & “\My Documents\PST\Outlook.prf”)

Set fsoTextStream = fso.CreateTextFile(WshShell.ExpandEnvironmentStrings(“%USERPROFILE%”) & “\My Documents\PST\Outlook.prf”, ForWriting)
fsoTextStream.Write strNewPrf2

‘fso.CopyFile WshShell.ExpandEnvironmentStrings(“%USERPROFILE%”) & “\My Documents\PST\Outlook.prf” ,_
‘ WshShell.ExpandEnvironmentStrings(“%SYSTEMROOT%”) & “\Outlook.prf”, True

End If

‘Add code for Outlook 2K (9) only

If OLKVer =<9 AND fso.FileExists(WshShell.ExpandEnvironmentStrings(“%SYSTEMROOT%”) & “\newprof.exe”) Then
cmd = WshShell.Run(“%comspec% /c (” & WshShell.ExpandEnvironmentStrings(“%SYSTEMROOT%”) & “\newprof.exe -p ” _
& savePath & “Outlook.prf -x)”,0,True)
End If

‘**** CheckRegKey(RegStr)
Function CheckRegKey(RegStr)
On Error Resume Next
Wsh.RegRead RegStr
If Err Then
CheckRegKey = False
CheckRegKey = True
End If
On Error Goto 0
End Function

Save the above code in to a new fie named ‘profgen.vbs.’ A group policy should then be created and this script assigned as a logon script for users.

The following code should be saved into a new file named ‘outlook.prf‘:

; Outlook PRF file for Exchange Server users
; ——————————————-
; Copyright (C), Microsoft Corporation, 1996.
; The following PRF file is included as an example of how to create a PRF file that will
; configure Outlook users with Exchange Server. Section 1, 2, and 3 may be modified.
; DO NOT MODIFY SECTION 4. It will most likely cause Exchange services to crash.
; Be very careful when editing to ensure property values match their property types.
; NOTE: The HomeServer setting for the Microsoft Exchange Server must be filled in
; before using this file.
; For information about how to disable Outlook Profile Setup and instead use the
; the Inbox Setup Wizard, see NONE.PRF in the Office Resource Kit.

; ************************************************************************
; Section 1 – Profile defaults.

; — Required. Indicates that this is a customized PRF file.

; ************************************************************************
; Section 2 – Services in profile.

[Service List]
Service1=Microsoft Outlook Client
Service2=Microsoft Exchange Server
Service3=Outlook Address Book
Service4=Archived Messages

; ************************************************************************
; Section 3 – Default values for each service.


; **** Customized Outlook Client properties ****

; Required.
; — The name of the Microsoft Exchange Server the user should
; connect to (ex: ALEX). You can specify any Microsoft Exchange Server
; in your site, and the correct Home Server will be assigned
; when the user first logs on.

; — Dummy property. Do not delete or modify.



; ************************************************************************
; Section 4 – Mapping for profile properties. DO NOT MODIFY.

; ************************************************************************
; Microsoft Outlook Client definitions

[Microsoft Outlook Client]

; — A boolean value indicating whether or not to empty the
; wastebasket on exit.

; — A boolean value indicating whether or not to select entire
; words when selecting.

; — Indicates what to do after moving or deleting a message.
; Possible values are shown below:
; 0 – Open Next Message
; 1 – Return to Viewer
; 2 – Open Previous Message

; — A boolean value indicating whether or not to close the
; original message after replying.

; — A boolean value indicating whether or not to generate
; a read receipt on sent mail.

; — A boolean value indicating whether or not to generate
; a delivery receipt on sent mail.

; — The default sensitivity to send mail with.
; Possible values are shown below:
; 0 – Normal
; 1 – Personal
; 2 – Private
; 3 – Confidential

; — The default priority to send mail with.
; Possible values are shown below:
; 0 – Low
; 1 – Normal
; 2 – High

; — A boolean value indicating whether to save a copy of
; sent messages in the sent items folder.

; **** Custom entries added by [email protected] ****

; — A boolean value indicating whether Outlook should close original
; message when replying or forwarding.

; — A boolean value indicating whether Outlook should mark comments
; in a reply message with the users name.

; — A boolean value indicating whether Outlook should allow a comma
; to be used as an address separator.

; — The default is to auto archive every 14 days.
; Possible values are shown below:
; 1 – 60

; — The path and file name for the default auto archive file.
; ex: c:\home\rickva\outlook\archive.pst

; ************************************************************************
; Microsoft Exchange Server service definitions.

[Microsoft Exchange Server]

; — The name of the user’s Exchange Server Mailbox

; — The name of the Microsoft Exchange Server the user should
; connect to. You can specify any Microsoft Exchange Server
; in your site, and the correct Home Server will be assigned
; when the user first logs on.

; — The path to the Offline Store File that contains
; local replicas of the user’s Mailbox and Favorites.
; If you do not specify a value, no Offline Store will
; be created. If you specify a path, an Offline Store
; will be created and the Inbox, Outbox, Deleted Items,
; and Sent Items folders will be replicated to it.

; — The path to the directory to store offline address
; book files in.

; — Flags that control behavior when connecting to the Exchange
; Server.
; The following values are possible:
; 4 Normal
; 6 Ask whether to connect or work offline at startup.
; 12 Allow clients to be authenticated via the Internet
; 14 Combination of 6 and 12.

; — A boolean value indicating whether NEWPROF should
; attempt to resolve the Exchange mailbox name at run time.
; If set to TRUE, NEWPROF will copy the name to the profile
; without resolving it.
; If FALSE, the name will be resolved. Invalid server or
; mailbox name will not be copied to the profile.

; ************************************************************************
; Microsoft Mail service definitions.

[Microsoft Mail]

; — The path to the users post office. Mapped network drives, UNC and NETWARE paths
; are acceptable. NETWARE paths of the type NWServer/share:dir\dir1 are converted to
; UNC paths of the type \\NWServer\share\dir\dir1.


; — The users mailbox name. eg. in a NET/PO/USER address,
; this is USER. The maximum mailbox name is 10 characters.


; — The users mailbox password. The maximum password is 8 characters.


; — A boolean value indicating whether the users password is
; to be remembered in the profile or not. This is useful because
; if the password is remembered the user can bypass the logon prompt
; if his server path, mailbox name and password are all supplied.


; — The connection type. This may be one of CFG_CONN_AUTO, CFG_CONN_LAN,
; 0x0 — LAN type connection. Used to connect to the post office using a
; UNC path or pre-existing mapped drive.
; 0x1 — Dial up connection using Dial-up Networking.
; 0x2 — Not connected.
; 0x3 — Automatically detect whether the connection type is LAN or REMOTE.
; This connection type is only available on Win95.


; — A boolean value indicating whether session logging
; is on or off.


; — The path to the session log file.


; — A boolean value which indicates whether mail in the outbox
; is sent.


; — A boolean value which indicates whether mail in the server
; mailbag is downloaded.


; — A bit array which allows the user to indicate which addresses
; for which the transport is to attempt delivery. This is useful
; in order to allow a user to specify that a transport only handle
; delivery for a subset of the addresses it can really process.
; When multiple transports are installed and the user wants a
; different transport to handle some specific address types they
; can use this bit array to specify that the MSMAIL transport
; only handle a specific set of addresses.
; Possible values as defined below include:
; 0x00000001 — Local Post Office and External Post Office address types
; 0x00000002 — PROFS address types
; 0x00000004 — SNADS address types
; 0x00000008 — MCI address types
; 0x00000010 — X.400 address types
; 0x00000040 — FAX address types
; 0x00000080 — MHS address types
; 0x00000100 — SMTP address types
; 0x00000800 — OfficeVision address types
; 0x00001000 — MacMail address types
; 0x000019df — All of the above address types


; — A boolean value which indicates whether a netbios notification
; is sent to a recipients transport when mail is delivered to
; their server inbox.


; — The polling interval in minutes when the transport
; checks for new mail. 1 <= polling interval <= 9999


; — A boolean value which, if TRUE, only displays the Microsoft Mail Global Address
; list for name selection. The Postoffice list, external post office lists, and gateway
; address lists are not shown.


; — A boolean value which indicates whether the user wants to enable
; headers while working on the LAN. Headers mode allows the user
; to download message headers and selectively choose which mail
; to download.


; — A boolean value which indicates whether the user wants to use
; name resolution based on a local copy of the server address book
; rather than the server address book itself.


; — A boolean value which indicates whether EXTERNAL.EXE, a server process, should be used
; to deliver submitted mail messages. This is sometimes useful when mail is running
; on a slow LAN connection.


; — A boolean value which indicates whether the user wants to enable
; headers while working over a slow speed link. Headers mode
; allows the user to download message headers and selectively
; choose which mail to download.


; — A boolean value which indicates whether the user wants to use
; name resolution based on a local copy of the server address book
; rather than the server address book itself.


; — A boolean value which indicates whether EXTERNAL.EXE, a server process, should be used
; to deliver submitted mail messages. This speeds up message delivery when mail is
; running on a Dial-up network connection.


; — A boolean value which indicates that a Dial-up Network connection should
; be established when the transport provider starts up.


; — A boolean value which indicates that a Dial-up Network connection should
; be automatically terminated when headers are finished downloading.


; — A boolean value which indicates that a Dial-up Network connection should
; be automatically terminated after mail has finished being sent
; received.


; — A boolean value which indicates that a Dial-up Network connection should
; be automatically terminated when the provider is exited.


; — The name of the Dial-up Network profile that the transport will use by
; default to attempt the connection.


; — Number of times to attempt dial for connection.
; 1 <= retry attempts <= 9999


; — Delay between retry attempts in seconds.
; 30 <= retry delay <= 9999


; ************************************************************************
; Personal Folders service definitions.

[Archived Messages]
ServiceName=MSPST MS

; — Path to personal folders.


; — A boolean value that determines if the personal folders password
; should be cached.


; — A value that designates the type of encryption that is used to
; compress the data in the PST:
; No Encryption 0x80000000
; Compressable Encryption 0x40000000
; Best Encryption 0x20000000


; — PST password.


; ************************************************************************
; Personal Address Book service definitions.

[Personal Address Book]
ServiceName=MSPST AB

; — Path to personal address book.


; — Determines if PAB entries are first, last, or last, first.
; first last 0
; last, first 1


; ************************************************************************
; Outlook Address Book service definitions.

[Outlook Address Book]
; — Dummy property. Do not modify.

Finally we have to ensure the availability of the required files for the profgen.vbs VBScript. This is completed by running a machine start-up script attached to a group policy. First, copy the NewProf.exe, outlook.prf into your domains NETLOGON share (i.e \\\NETLOGON). Then copy the code below into a new text file and save it as comp-startup.vbs. Assign this script as machine startup script for all machines you wish to automate MAPI profilecreation on.

Set objNetwork = CreateObject(“Wscript.Network”)
Set fso = CreateObject(“Scripting.FileSystemObject”)

Set oShell = CreateObject( “WScript.Shell” )
windir = oShell.ExpandEnvironmentStrings(“%windir%”)

target = windir & “\NEWPROF.EXE”
If Not (fso.FileExists(target)) Then
‘If it exists overwrite it.
fso.CopyFile “\\\netlogon\NEWPROF.EXE”, windir & “\” ,True
End If

‘target = windir & “\Prfpatch.exe”
‘If Not (fso.FileExists(target)) Then
‘If it exists overwrite it.
‘ fso.CopyFile “\\\netlogon\Prfpatch.exe”, windir & “\” ,True
‘End If

target = windir & “\outlook.prf”
If Not (fso.FileExists(target)) Then
‘If it exists overwrite it.
fso.CopyFile “\\\netlogon\outlook.prf”, windir & “\” ,True
End If



VBScript ; Enable Remote Desktop Remotely

VB Script Enable Remote Desktop Remotely

I recently came across the following useful script that will enable Remote Desktop connections (access via RDP) on a remote server as long as you have permission to do so with your current logon credentials.

The script below will function on both Windows Server 2000 and Windows Server 2003 machines.

strComputer = InputBox (“Enter Machine Name”)
Set objWMIService = GetObject(“winmgmts:” _ & “{impersonationLevel=impersonate}!” & strComputer & “\root\cimv2”)Set colTSSettings = objWMIService.InstancesOf(“Win32_TerminalServiceSetting”)
For Each colTS in colTSSettings
Wscript.Echo UCase(strComputer) & ” Remote Desktop Is Now Enabled”

VBScript ; Create Active Directory Organisational Unit (OU)

VB Script Create Active Directory Organisational Unit (OU) – ADSI

Another useful time-saving tip when deploying a new Active Directory Tree.It is possible to script the creation of all Organisational Units in the Active Directory Tree using vbscript. This can save a great deal of time when it comes to the deployment of a new domain.

The following script will create a tree as follows: > Sites – {new Top Level OU} > UK – {new sub-OU}

It will then create sub-OUs for each site listed in the object arrOus.

Site names must be seperated by a semi-colon (;)

For each Site sub-OU created a Users container and Computers container will be created.Again, the script is simple to modify for your environment.
Dim objRoot, objDomain, objOU, arrOUsDim strOUContainerDim intUser
Set oRoot = GetObject(“LDAP://rootDSE”)
oDomain = oRoot.Get(“defaultNamingContext”)
Set oDomain = GetObject(“LDAP://” & oDomain)strOUContainer =”OU=Sites”
Set objOU = objDomain.Create(“organizationalUnit”, strOUContainer)
objOU.SetInfostrOUContainer =”OU=UK,OU=Sites”
Set objOU = objDomain.Create(“organizationalUnit”, strOUContainer)
arrOUs = “Belfast;Birmingham;Bristol;Chessington;Dublin;Glasgow;Greenwich”arrOUs = Split(arrOUs,”;”)
For Each ou in arrOUs
        strOUContainer =”OU=” & ou & “,OU=UK,OU=Sites”
        Set objOU = oDomain.Create(“organizationalUnit”, strOUContainer) objOU.SetInfo strOUContainer =”OU=Users,OU=” & ou & “,OU=UK,OU=Sites” ‘
        ‘On Error Resume next
        Set objOU = oDomain.Create(“organizationalUnit”, strOUContainer)
        objOU.Put “Description”, “User Object Organisational Unit”
        WScript.Echo “New OU created = ” & strOUContainer strOUContainer =”OU=Computers,OU=” & ou & “,OU=UK,OU=Sites” ‘
        Set objOU = oDomain.Create(“organizationalUnit”, strOUContainer)
        objOU.Put “Description”, “Computer Object Organisational Unit”
        WScript.Echo “New OU created = ” & strOUContainer

 The script has been tested on Windows Server 2000 and 2003 Domains.