How to set time server for Windows server 2008, SBS2011 & 2012

fonte: https://support.cultrix.co.uk/hc/en-gb/articles/202071198-How-to-set-time-server-server-2008-SBS2011-2012-

  1. First, locate your PDC Server. Open the command prompt and type: netdom /query fsmo
  2. Log in to your PDC Server and open the command prompt.
  3. Stop the W32Time service: net stop w32time
  4. Configure the external time sources, type: w32tm /config /syncfromflags:manual /manualpeerlist:0.pool.ntp.org
  5. Make your PDC a reliable time source for the clients. Type: w32tm /config /reliable:yes
  6. Start the w32time service: net start w32time
  7. The windows time service should begin synchronizing the time. You can check the external NTP servers in the time configuration by typing: w32tm /query /configuration
  8. Check the Event Viewer for any errors.

How To Migrate Windows Server 2008 R2 Active Directory Domain Services To Windows Server 2012

fonte: http://www.elmajdal.net/WindowsServer/How_To_Migrate_Windows_Server_2008_Active_Directory_Domain_Services_To_Windows_Server_2012.aspx

To perform the below steps, you will need to use a domain account which is member member of Domain Admins and Enterprise Admins Groups and member of the Schema Admins group. I will be using the domain Administrator account which is already a member of all these groups.

Migrating your Domain Controller from Windows Server 2008 to Windows Server 2012 undergoes a few major steps, which are discussed in details below :

Step 1 : Check Forest and Domain Functional Level

  1. The Forest Functional level and Domain Functional Level must be at least Windows Server 2003

  2. To Check The Functional Levels, read my article : How to Raise the Forest and Domain Functional Levels in Windows Server 2008/R2

Step 2 : Preparing Active Directory Schema

The schema has to be upgraded and prepared for Windows Server 2012. To do this you have to run the adprep command.

  1. Insert the Windows Server 2012 /R2 DVD into the DVD drive of the Windows Server 2008 / R2 Domain Controller

  2. Open command prompt in administrative mode, and type adprep /forestprep and press enter.

  3. Open the Directory of the DVD drive and navigate to adprep directory and then type : adprep /forestprep

    You will receive a warning that all active directory domain controllers in the forest must be running at least windows server 2003. click c  andEnter to confirm and continue.

    Adprep will successfully update the forest

  4. Then type adprep /domainprep and press enter

Step 3 : Install Windows Server 2012 and join it to the Windows Server 2008 Domain

  1. For Installing Windows Server 2012, read this article :  How To Install Windows Server 2012

  2. For Joining Windows Server 2012 to the domain of Windows Server 2008, read this article : How To Join Windows Server 2012 to a Domain

Step 4 : Setting Up Additional Active Directory Domain Controller With Windows Server 2012

By now you already have your Windows Server 2008 Domain Controller, and you have installed Windows Server 2012 and is now a domain member. Now we need to introduce our first Windows Server 2012 domain controller in our network. This has been discussed in a previous article, read it here :Setting Up Additional Active Directory Domain Controller With Windows Server 2012

Step 5 : Transferring the Flexible Single Master Operations (FSMO) Role

You have your Windows Server 2008 Domain Controller ( in my lab its called : ELMAJDAL-DC ) and have an additional Windows Server 2012 domain controller ( in my lab its called : ELMAJDAL-DC13). To complete the migration , we need to transfer 5 FSMO roles to the new domain controller.

The five FSMO roles are:

  • Schema Master

  • Domain Naming Master

  • Infrastructure Master

  • Relative ID (RID) Master

  • PDC Emulator

To check who is currently holding FSMO, run the following command : netdom query fsmo

The FSMO roles are currently with the Windows Server 2008 R2 domain controller : ELMAJDAL-DC

The FSMO roles are going to be transferred, using the following three MMC snap-ins :

  • Active Directory Schema snap-in : Will be used to transfer the Schema Master role

  • Active Directory Domains and Trusts snap-in : Will be used to transfer the Domain Naming Master role

  • Active Directory Users and Computers snap-in : Will be used to transfer the RID Master, PDC Emulator, and Infrastructure Master roles

Lets start transferring the FSMO roles.

  • Using Active Directory Schema snap-in to transfer the Schema Master role

You have to register schmmgmt.dll in order to be able to use the Active Directory Schema snap-in

  1. Open Command Prompt in administrative mode and type regsvr32 schmmgmt.dll

  2. Open Microsoft Management Console , mmc

  3. Click File > then click Add/Remove Snap-in…


  4. From the left side, under Available Snap-ins, click on Active Directory Schema, then click Add > and then click OK

  5. Right click Active Directory Schema, then click Change Active Directory Domain Controller…


  6. From the listed Domain Controllers, click on the domain controller that you want to be the schema master role holder and then click on OK

    You will receive a message box stating that the schema snap-in is not connected to a schema operations master. That is for sure, as we have not yet set this Windows Server 2012 domain controller as a Schema Master role holder. This will be done in the next step. Click OK


  7. In the console tree, right click Active Directory Schema [DomainController.DomainName], and then click Operations Master…


  8. On the Change Schema Master page, the current schema master role holder will be displayed ( ex. ELMAJDAL-DC.ELMAJDAL.COM) and the targeted schema holder as well (ex. ELMAJDAL-DC13.ELMAJDAL.COM). Once you click Change, the schema master holder will become
    ELMAJDAL-DC13.ELMAJDAL.COM
    , click Change

    Click Yes to confirm the role transfer

    The role will be transferred and a confirmation message will be displayed. Click OK

    Then click Close, as you can see in the below snapshot, the current schema master is ELMAJDAL-DC13.ELMAJDAL.COM which is the Windows Server 2012 DC


  • Using Active Directory Domains and Trusts snap-in to transfer the Domain Naming Master Role

  1. From the Start Screen, open the Active Directory Domains and Trusts

  2. Right click Active Directory Domains and Trusts, then click Change Active Directory Domain Controller…


  3. From the listed Domain Controllers, click on the domain controller that you want to be the Domain Naming master role holder and then click onOK


  4. Right click Active Directory Domains and Trusts, then click Operations Master…


  5. On the Operations Master page, we are going to change the Domain Naming role holder from ELMAJDAL-DC.ELMAJDAL.COM toELMAJDAL-DC13.ELMAJDAL.COM, Click Change

    Click YES to confirm the transfer of the Domain Naming role. The role will be transferred and a confirmation message will be displayed. ClickOK , then click Close


  • Using Active Directory Users and Computers snap-in to transfer the RID Master, PDC Emulator, and Infrastructure Master Roles

  1. From the Start Screen, open the Active Directory Users and Computers console

  2. Right click your domain and select Operations Masters

  3. In the Operations Masters window, ensure the RID tab is selected.

    Click the Change button. Select Yes when asked about transferring the operations master role. Once the operations master role has successfully transferred, click OK to continue.

  4. Ensure the Operations Master box now shows your new Windows Server 2012

  5. Repeat steps 4 to 6 for the PDC and Infrastructure tabs.

    >>
    >>

    Once completed, click Close to close the Operations Masters window.

If you would like to check if the roles were properly transferred, open command prompt and type: netdom query fsmo. If you see your new server listed in each role, you have successfully transferred all of your FSMO roles to the new server

Related Articles

How To Join Windows Server 2012 to a Domain

How to Raise the Forest and Domain Functional Levels in Windows Server 2008/R2

Setting Up Additional Active Directory Domain Controller With Windows Server 2012  

Shrink huge WSUS content folder in SBS 2008/2011

fonte: http://rawtechnology.blogspot.it/2014/01/shrink-windows-server-update-services.html

Shrink huge WSUS content folder in SBS 2008/2011

What:

Windows Small Business Server 2008/2011

Problem:

C:\WSUS folder grows to large, current size 65GB, it fills up C drive and Exchange stops email flow.

Solution:

Open up Server Manager, navigate to WSUS > Update Services > Updates > All

Decline all updates, no exceptions.

From Options run the Server Cleanup Wizard, I recommend to leave first option unticked as it might get stuck on Deleting unused updates…

  • Unused updates and update revisions
  • Computers not contacting the server
  • Unneeded update files
  • Expired updates
  • Superseded updates

It will take a few minutes to process, so be patient, this will remove all files in the WsusContent sub-folder.

You can run cleanup again with only first option ticked, but be aware that it can take hours to finish and the only way to stop it, is to restart MSSQL$MICROSOFT##SSEE service.

In Update Services > Updates > All change the approval of all Declined updates, click “Approve” and set it to “Not Approved”.

Run the Server Cleanup Wizard again to decline all expired updates.

If you don’t want to use WSUS, go to Update Services > Options > Update Files and Languages and set “Do not store update files locally; computers install from Microsoft Update”.
For SBS 2011 open up “Group Policy Manager” and edit “Update Services Common Settings Policy”.
Set “Computer Configuration > Policies > Administrative Templates > Specify intranet Microsoft update service location” to “Not configured”.

If you decided to use WSUS functionality approve needed updates and those will be re-downloaded.

Related post: SBS 2008 sqlservr.exe – MSSQL$MICROSOFT##SSEE high memory usage

How to Enable / Disable Multiple RDP Sessions in Windows 2012

fonte:https://support.managed.com/kb/a1816/how-to-enable-disable-multiple-rdp-sessions-in-windows-2012.aspx

How to Enable/Disable Multiple RDP Sessions in Windows 2012By default, Windows 2012 servers allow a single Remote Desktop session. If only one session is available and you take over another person’s live session, you may choose to enable multiple RDP sessions. This article describes the process for enabling and disabling multiple sessions.

Enable Multiple RDP Sessions

  1. Log into the server using Remote Desktop.
  2. Open the start screen (press the Windows key) and type gpedit.msc and open it
  3. Go to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections.
  4. Set Restrict Remote Desktop Services user to a single Remote Desktop Services session to Disabled.
  5. Double click Limit number of connections and set the RD Maximum Connections allowed to 999999.

Disable Multiple RDP Sessions

  1. Log into the server using Remote Desktop.
  2. Open the start menu and type ‘gpedit.msc’ and open it
  3. Go to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections.
  4. Set Restrict Remote Desktop Services user to a single Remote Desktop Services session to Enabled.

Windows Server 2012 and 2008 R2 – Enable Multiple RDP sessions

fonte:http://www.petenetlive.com/KB/Article/0000471.htm

Windows Server 2012 and 2008 R2 – Enable Multiple RDP sessions

KB ID 0000471 Dtd 28/08/13

Problem

Server 2012/2008 R2 unlike their predecessors, comes with the multiple remote desktop session restriction enabled. If you are only connecting to a server for remote administration purposes that can get a bit annoying, especially if you have a generic administrative account that multiple techs are using, and you keep kicking each other off the server.

Just as with earlier versions of Windows server you CAN have two RDP sessions at any one time, the restriction is one logon for one account. Thankfully you can disable the restriction and there are a number of ways to do so.

Solution

Server 2008 R2 Option 1: Enable Multiple RDP sessions from TSCONFIG

Note: tsconfig.msc does not work on Windows Server 2012

1. On the server, click Start and in the search/run box type tsconfig.msc{enter}. Locate “Restrict each user to a single session” Right click > Properties.

TSCONFIG

2. Remove the tick from “Restrict each user to a single session” > Apply > OK.

Restric each logon to a single session

Server 2012 and 2008 R2 Option 2: Enable Multiple RDP sessions via the registry

1. Start > in the search/run box type regedit {enter} > Navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server

Locate the fSingleSessionPerUser value > Set it to 0 (Multiple sessions allowed), or 1 (Multiple sessions NOT allowed).

multiple rdp

Server 2012 and 2008 R2 Option 3: Enable Multiple RDP sessions via Local Policy

1. Start > in the search/run box type gpedit.msc {enter}.

GPO multiple RDP

2. Navigate to:

Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections

Locate the “Restrict Remote Desktop Services users to a single Remote Desktop Services session” setting.

Remote Desktop multiple logons group policy

3. To enable multiple sessions set the policy to disabled > Apply > OK.

RDP GPO

Server 2012 and 2008 R2 Option 4: Enable Multiple RDP sessions via Group Policy

1. On a domain controller > Start > in the search/run box type gpmc.msc {enter}.

local policy RDP

2. Either edit an existing GPO that’s linked to your COMPUTERS, or create a new one and give it a sensible name.

group policy multiple logons

3. Navigate to:

Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections

Locate the “Restrict Remote Desktop Services users to a single Remote Desktop Services session” setting.

GPO 3389

4. To enable multiple sessions set the policy to disabled > Apply > OK.

more than one login

5. Then either reboot the clients, wait a couple of hours, or manually run “gpupdate /force” on them.

Force GPO

 

Related Articles, References, Credits, or External Links

Original Article Written 27/06/11