Tuesday, March 30, 2010

New DNS PowerShell Module

My friend Chris Dent has realeased a new DNS module for powershell.

DnsShell - Alpha Release

Chris is one of my favorite people on the boards and he knows a lot about Power Shell, Active Directory, and DNS and he is once again proving why he is such an asset to the community.

If you have some time test it out, I know Chris would like the feedback.



Tuesday, March 16, 2010

Repadmin Whitepaper - another great updated document

Yesterday I mentioned the updated Forest recovery whitepaper.

Today Microsoft has released another update to what I consider one of the most important AD related whitepapers.

Troubleshooting replication with repadmin

This document describes how to use the Repadmin.exe tool to monitor, diagnose, and troubleshoot common replication problems in your Active Directory environment.

Updated with new commands for managing read-only domain controllers in Windows Server 2008 and Windows Server 2008 R2

While the forest recovery paper is important many of us thankfully won't have to deal with a scenario where every domain controller in the forest goes down.

Repadmin and troubleshooting replication is key in any active directory domain. That is why I think this is one of the must have white papers on any AD admin/engineers desk.

...and to my employer...yes this is one white paper that I had to print out :)



Monday, March 15, 2010

Updated Microsoft Forest Recovery White Paper

I haven't read this entire document all the way through yet but I'm going to. Disaster recovery is something that most of us don't practice or plan for enough.

Planning for Active Directory Forest Recovery

"This paper is a best-practice recommendation for recovering an Active Directory® directory service forest, if forest-wide failure has rendered all domain controllers in the forest incapable of functioning normally. The steps, which you must customize for your particular environment, describe how to recover the entire Active Directory forest to a point in time before the critical malfunction. They also ensure that none of the restored domain controllers replicates from a domain controller with potentially dangerous data."

Guido Grillenmeier and Gil Kirkpatrick also have a really great AD disaster recovery whitepaper that is worth reading (published with NetPro was still around).



Friday, March 5, 2010


I wanted to take a moment and dedicate an entry to thanking the US Secret Service.

Those that know me in “real life” know that my apartment was robbed in August of 2008. It sucked liked you can imagine. To come home after work and have every electronic device and other items gone and having the place totally trashed obviously sucks.

At the time the local police didn’t find the person that did it and closed the case. They let me know in a letter.

Fast forward to last month and I received a message from a secret service agent in the Washington D.C. field office telling me that I’m potentially a victim of ID theft. Like most people that come to this blog I’m fairly good at protecting private information on my computer. I run security measures and have anti-spyware/virus running. I use complex passwords, etc. So my first thought went back to the robbery.

When the agent called me back he told me that they had found some of my old military documents and student loan documents during a raid on a local house. It turns out the guy that robbed me had gone and stolen the master key from several apartment complexes and then broke in after that. I always thought it could have been inside job from someone that either worked or had worked for the apartment complex because there was no forced entry but now I found out why it was so clean.

In the immediate aftermath of the robbery I knew all my physical stuff was gone but I didn’t realize that he had taken my documents. There was crap all over the place and every drawer was dumped (like you see in a movie or TV show) so in terms of documents I didn’t know what was missing (mistake 1)

However that day I did remember all the lifelock commercials and signed up for their service within 30 minutes of the robbery. Some things I wish I would have done differently now looking back and hopefully lessons learned for people reading this.

  • Scan and backup all important documents and take those backups off site or backup to the cloud (many services available). I did backup to encrypted hard drives but those were all in my apartment. One of the things that saved me is that he didn’t take my external hard drives. All three he just unplugged and tossed to the ground but he may have not known what they were. (if he would have taken those it would have been a much harder thing to deal with)

  • Get renters insurance if you live in an apartment. My number 1 mistake in my opinion. I thought that because I lived in a decent neighborhood I didn’t need it and never got it. It was only around $125 a year once I got it after the robbery

  • Take an inventory of all your documents. I had documents in some file folders in different places and that is why I didn’t realize they were missing. I didn’t have good inventory control

  • If you can afford an alarm system get one; but what I’ve realized is just a siren is probably good enough. The local police don’t come to alarm calls with lights and sirens unless there is eminent danger. I once made it home in 20 minutes during a false alarm (I got an alarm system after the robbery). I beat the cops to the place. I understand why they don’t come with lights/sirens but the robber won’t know if the alarm system is armed or not.

  • If you can’t afford an alarm system or don’t want to pay just get the stickers and put them up. Easy enough to get them from eBay

  • Sign up for some sort of monitoring service. I went with lifelock because that is what I could remember the day I got robbed but there are a lot of good companies that do this.

  • Encrypt anything you don’t want seen if your computer gets stolen. I don’t encrypt everything (for instance my music); but documents and anything of real value gets encrypted

  • Get some sort of small safe for important documents (passports, birth certificates, etc). These are not super expensive. For an apartment you can get one fairly cheap. It may not bolt to the ground and he may have taken it but it would have been hard for this amateur to break into it.

The one thing I’m still torn on is a gun. I didn’t have one in the apartment because I thought anyone that broke in while I was there would get to me before I could go for the gun (small one bedroom). This guy also went through every nook and cranny of the place and would have found the gun if I had it out. What if I would have walked in on him during it and he had my gun…could have been ugly. If I would have had it in a safe then he would have taken the safe but that would have been much safer.

So far it looks like my ID hasn’t been stolen or used. I’m still monitoring the situation and have put out alerts to my creditors.

The secret service agent was very cool and is going to get my documents back to me. He also told me the local police are going after the guy on all the robbery charges but the secret service is going after him on Federal charges for the ID thefts. The agent said “we hope to put him in jail for a long time”. Again THANKS to this agent and the entire secret service!!

I hope no one that reads this ever has to go through a robbery but in the end the important thing is that people are safe and things can be replaced (I know that is a cliché but it is true)

...last but not least, if anyone knows how to get fingerprint dust out of a carpet please comment and let me know :)