Saturday 20 October 2018

File Server Share Access Assistance


                    Microsoft introduced one of the new features in Windows Server 2012 to enable customised Access Denied Message assistance that helps requester to get the share access and request the access via error message. 


                       Usually when user does not have share access, the user will be prompted the below popup and it will not guide them how to get access,



Now let jump in to the LAB and we will implement “Access Denied Message Assistance”.

The Assistance can be implementing in two ways, GPO or FSRM.

Now we are going to configure it by File Server Resource Manager (FSRM).

These labs give you some basic idea about the Access Denied Assistance, and there are few additional features are there where you can refer them into MS Library.

By implementing FSRM, we would be require SMTP Service, hence I have download Email Service Software (602 LAN Suite).

My Email Configuration

The Email Software can also be used as Proxy and Content Filter etc. now let see the Email Setup for my Lab.
The Share Folder Configuration on DC1 Server.
Now Install File Server Resource Manager on DC1 and Configure the “Access Denied Message Assistance”


Let’s set Custom Access Denied Assistance Message


Finally Configure Email Setup, if user interested to access share the user can request via Assistance.


Let’s access share and see the error.


Opps, we have received the error but this time the Message is not annoying, whereas it is suggesting whom do I need to contact, let me check how “Request Assistance” can help.

The assistance prompted with the above form, I just filed it and send it to owner.


The owner received my Request via Email their review. 


The FSRM have too many great feature, this one I feel quiet helpful for System Admins and Users for their day to day Operations.


                                    ***** Happy Learning *****



Posted by at No comments:

Saturday 13 October 2018

Mount Active Directory Database from SystemStateBackup


AD Database Mount: 

            Being Active Directory Admin, we often receive request to clean up AD Objects (Users, Groups, and Computer etc), once it has been cleaned, a few scenario we may have to refer the deleted objects SID, Group Members or Security Related information. 

            Restoring AD Objects now days quiet easy by using various tools, however few circumstances management does not allow us to restore it. Hence I had searched the alternate way to refer the deleted objects to document object attributes.

MS provided simple solution to mount AD Database from Backup and refer the objects from Mounted database version.



Lets Jump into the Lab to see how it works.
  
I have created Test.Local Domain and Created Two User and One Group. The Users are Member of Group1.



One of the Key factors, the administrators always has to remember. Taking Active Directory backup regular basis. 

Once the above Users and Groups are created, I have taken System State Backup for my AD and I deleted Group1 Object.



Now we are looking for a solution to refer the deleted object and the group member info. In order to view the previous state of AD Objects, I just Restored System State Backup from Alternate Location.
 

Note: Starting in Windows Server 2008, the Active Directory management tools include dsamain.exe, which allows you to mount a volume shadow copy snapshot or backup of ntds.dit, and explore it using standard admin tools, like Active Directory Users and Computers (ADUC) and the PowerShell AD cmdlets.

Now we are going to Mount Database by using DSAMAIN.EXE tools.




Once your database has been mounted, you will be notified “Microsoft Active Directory Domain Service Startup Complete” do not close the CMD.

Let us use the copy of the directory service by using Native ADUC MMC.

We have successfully mounted database and we are able to see the deleted objects from Snapshot Copy. The MMC is read only; hence you will not be able to modify the objects.

If we want to take review the objects by using powershell, we have to pass the Server Name: LDAPPORT
Now time to close the Backup Console, just simply Press CTRL + C your Command Prompt.




 

                                                 ****** Happy Learning******




Posted by at 3 comments:
Subscribe to: Posts (Atom)