Happy Bastille Day!

Bastille Day is the name given in English-speaking countries to the French National Day, which is celebrated on July 14th each year. The French National Day commemorates the beginning of the French Revolution with the storming of the Bastille on July 14, 1789.
Now, 227 years later, Systems Administrators everywhere might remember this day as the day support ended for Windows Server 2003 in 2015.  The successor to Windows 2000 Server it included features from Windows XP that were well loved by IT Pros and consumers alike, leading to it’s wide-spread adoption.
Released on April 24, 2003, Windows Server 2003 was very security minded for the time, reducing the attack surface by limiting the number of features installed by default. It also included several compatibility modes to allow older applications to run with more stability and continued to support Window NT 4.0 networking. Improvements were also made to ease the transition from the NT 4.0 directory to Active Directory.
Windows Server 2003 was also the first operating system released by Microsoft after the announcement of its Trustworthy Computing initiative, and as a result, contains a number of changes to security defaults and practices. Some of the cutting edge features of the time included Internet Information Services (IIS) v6.0, the “Manage Your Server” administrative tool to help with server configuration and improvements to Active Directory and Group Policy administration.
Here are some other great milestones and inventions that we saw in 2003:
  • iTunes Music Store also opens in April 2003.
  • FluMist by MedImmune released as an alternative to the flu shot.
  • The Intelligent Oven (www.tmio.com) keeps your food refrigerated until the programmed cooking time. Can be remotely controlled via the Internet or by telephone.
  • Because the CD-ROM was the primary storage medium in the early 2000s, the CD-ROM shredder came onto the scene in 2003.
  • Java Logs (http://www.pinemountainbrands.com/products/pine-mountain-java-log-4-hour-firelogs) – for those of you who love the open fire but feel bad about burning wood.
If you are still running Windows Server 2003 in your datacenter (a solid year after support has ended), you might want to check out some current training on Microsoft’s latest server offerings. Enjoy!

Goodbye Windows Server 2003!

Time flies and today marks end of support for Windows Server 2003.  In case, you missed some of the available information to help you migrate onto a more modern copy of Windows Server, here are some links!

Listen to @RicksterCDN’s letter to Windows Server – The End of a Affair… 

On-Demand Events

The Post-Mortem of a Domain Death

The past few days have been busy as we’ve been performing the tasks to remove our failed domain controller and domain from our Windows 2003 Active Directory forest.  Now that everything is working normally and I can check off that long-standing IT project of “remove child domain” from my task list, I’d like to share a few things we’ve learned.

  • NTDSUTIL will prompt you several times when it comes to removing the last DC in a domain using the steps in KB 216498. It will even hint that since you are removing the DC in the domain, that you are also removing the domain itself.  But you are not.  You must take additional steps in NTDSUTIL to remove the orphaned domain, see KB 230306 to finish up.
  • How do you know you have an orphaned domain? Check AD Domains and Trusts.  If you still see a domain in your tree that you can’t view the properties of, you aren’t done yet.  Also, if your workstations still show the domain as a logon option in the GINA, get back to work.
  • You might remember to clean up your DNS, but don’t forget to also clean up WINS.  WINS resolution can haunt you and keep your workstations and applications busy looking for something that isn’t there anymore.
  • Watch your Group Policy links.  If you’ve cross-linked policies from the child domain to your forest root or other domains, workstations will indicate USERENV errors referencing the missing domain.  Policies from other domains won’t show up in your “Group Policy Objects” container the GPMC.  You’ll need to expand all your other OUs in the GPMC to find any policy links that report an error. 
  • If you are using a version of Exchange that has the infamous Recipient Update Service, remove the service entry that handles the missing domain.  You’ll see repeated MSExchangeAL Events 8213, 8250, 8260 and 8026 on your mail server otherwise.

I’ve used NTDSUTIL in the lab and in production several times to remove failed domain controllers, but removing an orphaned domain happens far less frequently.  While the majority of our Microsoft applications handled the existence of references to the orphaned domain with grace until we completed the clean up, one of our third party applications, ImageRight, was far more sensitive about it. 

We found that a combination of the WINS resolution and the orphaned trust relationship distracted the application enough that it was slow to operate, sometimes refused to load at all, and hung on particular actions.  If you happen to be an ImageRight customer who uses the Active Directory integration features, keep in mind that it likes all the AD ducks to be in a row.

While we had a little a bit of pain getting to this point, I’m really happy that our AD forest is neater and cleaner because of it.  It’ll make it much easier to tackle other upgrade projects on the horizon for Active Directory and Exchange.