Step by Step Directions for Techs

Force DirSync to perform an immediate directory synchronization

If you need DirSync to initiate a directory synchronization immediately, you can perform the following procedure:

  1. Open Powershell
  2. Navigate to the Windows Azure Active Directory Sync directory
    1. cd “C:\Program Files\Windows Azure Active Directory Sync\”
  3. Launch the config shell 
    1.  .\DirSyncConfigShell.psc1
  4. A new window will open.  Type “Start-OnlineCoexistenceSync” (without the quotes)
    (if that command gets too long, don’t forget that pressing the TAB key will complete your commands in PowerShell!)

That’s it.  I know it isn’t very impressive.  Where is the status?  How do you know if it worked?  I will show you that too!

  1. In Windows Explorer, navigate to “C:\Program Files\Windows Azure Active Directory Sync\SYNCBUS\Synchronization Service\UIShell”
  2. Double click on miisclient.exe to open this window:

This gives you the status of all of your jobs that have ran, including the current one that was initiated from the script!

Exchange 2007 SCR (Standby Continuous Repliction) Repair

I don’t have to deal with this often, but it does pop up. What to do when replication fails? Here are some steps, but be certain to run them from the standby server.

First, determine if it failed by running this command in the shell.
Get-StorageGroupCopyStatus -Server [primary exchange server] -StandbyMachine [standby exchange server]

This will give you the status of all the databases. If they are suspended, you might be able to start it up again.
Resume-StorageGroupCopy -Server [primary exchange server]\[storage group name] -StandbyMachine [standby exchange server]

If it isn’t something that easy, we will need to suspend the database replication and then reseed it (be very certain to run these from the standby server).
Suspend-StorageGroupCopy -Identity [primary exchange server]\[storage group name] -StandbyMachine [standby exchange server]
(running Get-StorageGroupCopyStatus will show it is suspended)
Update-StorageGroupCopy -Identity [primary exchange server]\[storage group name] -StandbyMachine [standby exchange server] -DeleteExistingFiles
(this takes a bit before it finishes and keeps control of the window.  If you have multiple databases, be prepared to wait).

Good luck!

Browsing locally in lab environments

There is a problem with Windows 2008 / Windows 2008 R2 that comes up when you try to browse locally.  This seems to happen for me most frequently in lab environments.  For example, I recently put together a proof of concept for ADFS to service a web farm / web server.  When testing ADFS using hosts files and browsing to the ADFS site locally, I will get authentication errors.  The solution is to disable the loopback check.

To do that:

  1. Open Registry Editor
  2. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  3. Right-click Lsa, point to New, and then select DWORD
  4. Type “DisableLoopbackCheck” as the key name and then press ENTER
  5. Open “DisableLoopbackCheck” key
  6. Type “1” as the value
  7. Click OK
  8. Quit Registry Editor
  9. Restart the server

Manually truncate Exchange logs

Sometimes your Exchange backup just doesn’t seem to get around to truncating the log.  You can’t turn on circular logging because it prevents using differential and incremental backups.  What is a tech supposed to do?


Truncate the Exchange transaction logs manually.  Here’s how.

  1. Login to the Exchange mailbox server.
  2. Open the Exchange management shell (EMS).
  3. Open the Exchange management console (EMC).
  4. In the EMC, stop the database that you want to truncate the logs for.
  5. In EMS, run the command
    eseutil /MH “M:\Database Path\Mailbox store.edb”
  6. In the output, it will tell you what the database state is.  If it says “Clean Shutdown”, you can move all of the logs to another directory.  The logs you want to move start with EDB followed by a 5 digit hexadecimal number.
  7. In the EMS, start the database and test.

Typically, I save the logs for 12 hours before I delete them permanently, but I may be overly cautious.

Exchange 2013 stops receiving mail. It was working…

A newly installed Exchange 2013 server was receiving mail and now it is not receiving mail.  No changes to the connectors and a reboot seems to fix the problem.  There seems to be some debate as to whether or not it is a bug related to the mail filter and / or the receive connectors fighting over port 25.  Either way, we can’t have it.

Two things should put a stop to this.

  1. Disable filter through Exchange Management Shell

    Set-MalwareFilteringServer -BypassFiltering $true

  2. Schedule a restart of the Exchange transport service every 2 hours.  I use a PowerShell script for this that (create a PS1 file).

    try { net stop MSExchangeTransport }
    catch { }
    finally {
    Start-Sleep -s 60
    net start MSExchangeTransport

When you schedule the task:

  1. Run on startup
  2. Set to run every hour with 15 minute delay
  3. Run with highest privileges
  4. Command to run is “powershell” with the path to the PS1 script (I store mine in “C:\Scripts”)

Make sure you test it!  Hopefully you will continue to receive mail until there is a more permanent fix.

AVDH with my VDH? I don’t have any snapshots!

While you may think that if you merged your Hyper-V snapshots, you shouldn’t have AVHD files with your VHD files.  For the record, the AVHD files are snapshot files used by Hyper-V to store the changes to the VHD without committing them.

Provided you checked SCVMM (System Center Virtual Machine Manager) or the Hyper-V console and saw no snapshots associated with the VM, the AVHD is a hold over from a previous snapshot.  But wait!  Don’t delete it.

If you checked the file dates, you will see that the AVHD file is still actively being written to and the VHD file is still frozen.  To fix this, shut down the host and wait.  You will see it start merging the files together and it will remove the AVHD when it is fun.  I understand that this may also work if you save the state.

While it isn’t convenient, you can win back quite a bit of space!  Happy merging!

Migrating file server shares with permissions intact

When you are copying files from one server to another or one volume to another and need to retain the file permissions, robocopy is your guy.  In order to speed things up, I will frequently start multiple windows.  To do this, I will put together multiple lines into a single powershell script that opens multiple windows for me.  Call me lazy, but it works.

cmd.exe /c start cmd /k “ROBOCOPY \\ohsfsdc1\g$\Share1 D:\Share1 /MIR /SEC”
cmd.exe /c start cmd /k “ROBOCOPY \\ohsfsdc1\g$\Share2 D:\Share2 /MIR /SEC”
… and so on

Couple things about this:

  • I usually run it from the destination server (where I am copying things to).
  • You can use this to stage the files, and then rerun it later to grab the stragglers.
  • I don’t believe that it deletes files from the destination that were deleted at the source.
  • This only copies the folder level permissions.  If they have file level permissions (which they shouldn’t because they are evil), there is another robocopy command that you can run that will copy those individual permissions after the main copy has finished.

Exchange mailbox migrations moving at the speed of… well… not fast.

Migrating between Exchange 2007 and 2013 or Exchange 2010 and 2013?  Mailbox migration speeds can be unbearably slow.

Exchange 2013 (as well as older versions, including 2010) changed the number of concurrent mailbox moves to 2…  let’s change that to 5.  Beware of setting it too high as it could have a serious impact on the Exchange infrastructure.

  1. Pause migration jobs
  2. Open Notepad as an Administrator.
  3. Open Microsoft\Exchange Server\V15\Bin\MsExchangeMailboxReplication.exe.config
  4. Find “MaxActiveMovesPerTargetMDB
    Note, the setting appears twice.  The first time it is commented out with <!–  and –>.  Make sure you get the right setting!!!
  5. Change value from 2 to 5
  6. Save the config file
  7. Restart Microsoft Exchange Replication service (MSExchangeRepl)

This change has to be done on all the front end servers.  You should see that it will now migrate 5 mailboxes simultaneously.   You can also speed things up by migrating to multiple data stores simultaneously.  Some caution is needed when trying to max your migration speed as you can pretty easily overrun the storage (especially if it is local).

Good luck!

How to determine which Active Directory controller authenticated me

A quick and easy way to see which domain controller authenticated you is to run this command from a command prompt:

set logonserver

Quick and easy.