Welcome to Dirteam.com/ActiveDir.org Blogs Sign in | Join | Help


things i do


  • MSN Alerts

The current and New Year

It was just over two years ago that I was chatting with Charles Carroll about starting a community blogging site. He always pushed me to run community sites and one of my first being the successful ADSI and Directory Services Programming group that I run, for that I am always thankful to Charles Carroll.
Now we looking at two years gone past and DIRTEAM is a community blogging site that has some of the industry leading technical personalities blogging on the site

One of the most prolific bloggers on DIRTEAM is Sander Berkouwer along with Jorge (an Directory Services MVP). These two bloggers have put in many hours and many excellent blogs. So much so that the average monthly traffic on the site is now fast reaching 32 000 hits as per Google Analytics. Whenever I talk at Teched or other events Dirteam blogs are a hot topic and its due to the fantastic bloggers we have on this site. Sander Berkouwer developed (with help of one of his web developer friends I believe) the new DIRTEAM blog skin which can be ***seen here***.

Most of our readers use RSS feed so they don’t usually get to see the updated skin but I urge all that read the blogs to have a look at the magnificent work that Sander Berkouwer (and his mate) did. We all know community server is not the easiest engine to skin but he effectively created a skin that in my opinion is one of the best skins I have seen on a community server. I believe there are some adjustments in the pipeline to Wink

We (Sander Berkouwer and I) are working on different things to make the DIRTEAM blogs more community friendly and have a section that you can “meet the bloggers” to add a personal touch to the blogging community keep tuned as the changes will be implemented in the new year.

For all our readers that are celebrating the festivities during this period of the year (Christmas and New Years) may you have a blessed Christmas and a New Year filled with happiness and prosperity.

We at DIRTEAM are very proud to bring you all the technical information and new technology drill downs by our every growing expert panel. May your holidays be spent with your loved ones and may they get the attention that they deserve during this time!

From DIRTEAM – Merry Christmas, Happy New Year and stay tuned for more riveting entries next year Smile


The Real Replication Traffic

So I was doing some tests at one of my favorite customers in the world ;) they allowed me to share the information of a test on replication of a domain controller on a different site on a single forest single domain infrastructure. The key here is that we have preloaded 120 000 users and the replication you will see in this post deals with these 120 000 users (amongst other things) being replicated during a DCPROMO.

Network Ports Used by Active Directory Replication

RPC replication uses dynamic port mapping as per the default setting. When you need to connect to an RPC endpoint during Active Directory replication, RPC uses TCP port 135.   RPC on the client contacts the RPC endpoint mapper on the server at a well-known port and RPC randomly allocates high TCP ports from port 1024 to 65536. Because of this configuration, a client will never need to know what port to use for Active Directory replication; the process is seamless. There are also other ports assigned for Active Directory replication. There are as follows:

The table below state the variables we used to set the sniffer and QoS on the routers while conducting the test:


Sniffer Protocol IP Distribution View

The statistics below reflect the breakdown of the IP packets used

And then finally (I have tried to keep the post short) this is what goes on, on your wires when you do a DCPROMO of a new domain controller for a different site that has (amongst other things) 120 000 Users with the basic (12 attributes) populated. The first image (WARNING: Very large format), is a graphical representation of the traffic flow, the next image is a tabular representation of the traffic flow. IP address and server names have been removed to protect the innocent.

Download Full Picture Here

Tabular format:

So I am back - sort of ;)

So I have been really scarce lately. Firstly I apologize I should have posted and let everyone know what has been happening and where I have been.

So a few things have been happening and they are in order:

  1. I have been deploying a large network including alot of our technologies - (AD, SMS, MOM, Exchange 2k7, MIIS, ISA 2006)
  2. I then did 6 sessions at Teched Africa 2006 the topics where (Longhorn (two sessions), GPO (two sessions), Windows Server 2003 R2 (two sessions)
  3. At the same time I am moving houses, my rent expires in the current location I am staying and have found a better and more suitable place for me.
  4. While I am moving I am flying off to Teched: IT Forum Barcelona where I will, together with the Longhorn product group be handling the Longhorn server ask the experts booth. If you are going to be at Teched: IT Forum Barcelona please pop in and say hi at the Longhorn server ATE booth. I am the short guy there ;)
  5. I have to move up my items from Cape Town to Johannesburg, I have not moved these up as I have been all over the country the entire year.

Things have been really hectic for me but they will be calming down after Teched: IT Forum Barcelona. Look out for some technical posts soon and thanks for the patience that you have shown.

Carlos Magalhaes

DCPROMO Debug update

So I received loads of comments asking me what the other DC* log files where for below is an explanation of the DC* log files:

  1. DCPromoUI.log - Records detailed progress report of user selections and operations.
  2. DCPromo.log - Records summary of critical operations.
  3. DCPromos.log - Records graphical user interface mode setup, this is for upgrades from Windows NT 3.x or Windows NT 4.0 domain controllers to Active Directory Domain controllers.

There is one additional important file that you should also use which is:

  • Netsetup.log - Provides information about the attempts to join domains

Happy logging!

Carlos Magalhaes

Complete list of Ports required for our Windows Server System

I always have to look up in different locations as to which ports are needed for certain functions like Active Directory, DFSR, Certificate Services, Cluster Service, DHCP Server etc.

When you need them handy its always a mission to get to the documentation, here is a document that has all these ports in one article that you can always reference, if you are securing your environment.

Below is an example of the format of the document:

Terminal Services Session Directory

The Terminal Services Session Directory system service allows clusters of load-balanced terminal servers to correctly route a user's connection request to the server where the user already has a session running. Users are routed to the first-available terminal server, regardless of whether they are running another session in the server cluster. The load-balancing functionality pools the processing resources of several servers by using the TCP/IP networking protocol.

You can use this service with a cluster of terminal servers to increase the performance of a single terminal server by distributing sessions across multiple servers. Terminal Services Session Directory keeps track of disconnected sessions on the cluster and makes sure that users are reconnected to those sessions.
System service name: Tssdis

Application                                       protocol          Protocol Ports

RPC                                                    TCP                 135

Randomly allocated high TCP ports        TCP                 random port number between 1024 - 65534

Carlos Magalhaes

Active Directory Schema 4 easy steps

So here is a list of things that you need to do when thinking and about to make schema changes:

  1. Understand the Active Directory Schema Terminology
  2. Then read How the Active Directory Schema Works
  3. Once you have that understanding you then go through our Checklist before extending the schema
  4. And make sure you know how to extend the schema by referencing our Extending the Schema document.

Additional information about the schema can be found here

Happy Extending!

Carlos Magalhaes


I was chatting to a friend of mine and he was complaining of DCPROMO failing during a promotion of a member server to a domain controller. He could not understand why. With him about 17 000km away from me, I couldn't just jump over and help him. He didn't have VPN access for me and it was difficult to phone him to.

When I asked him for the DCPROMO debug log I got a few of these: "????????" so I went around and asked a few of my other friends if they knew that we write a debug log when you run DCPROMO and to my surprise I got the exact same reaction!!!

So for those of you that don't know (for those of you that did know leave a comment its interesting to see how many know and how many don't know, and be HONEST!):

  1. We do write a log that you can examine and it stores EXACTLY what is happening with the DCPROMO Wizard\
  2. The log is located on the machine that the DCPROMO was run on (I was asked if it was on a different machine)
  3. The location(presuming C is your system drive): C:\Windows\Debug\dcpromoui.001.log (Where 001 is the incremented number of times you have run DCPROMO)

This gives you loads of information about the DCPROMO process and can help you trouble shoot why a DCPROMO process failed to complete.

I must note that the new improved DCPROMO in Longhorn server has much more information and is vastly improved (really proud of the guys! go LH SVR team!).

Now we just waiting on Jorge to post about LH SVR. He made me ask the LH SVR Senior PM for permission to blog certain things about LH SVR. I got him permission and now we waiting - Jorge (hint hint) ;)


Example Data (look at the end of the sample log for errors):

dcpromoui 240.248 0000 opening log file C:\WINDOWS\debug\dcpromoui.log
dcpromoui 240.248 0001 C:\WINDOWS\system32\Dcpromo.exe
dcpromoui 240.248 0002 file timestamp 03/24/2005 17:58:58.000
dcpromoui 240.248 0003 local time 03/09/2006 13:30:05.608
dcpromoui 240.248 0004 running Windows NT 5.2 build 3790 Service Pack 1 (BuildLab:3790.srv03_sp1_rtm.050324-1447) i386
dcpromoui 240.248 0005 logging flags 0001003C
dcpromoui 240.248 0006 Enter Computer::RemoveLeadingBackslashes
dcpromoui 240.248 0007 Enter Computer::Refresh
dcpromoui 240.248 0008 Enter IsLocalComputer
dcpromoui 240.248 0009 Enter RefreshLocalInformation
dcpromoui 240.248 000A Enter GetProductTypeFromRegistry
dcpromoui 240.248 000B Enter RegistryKey::Open System\CurrentControlSet\Control\ProductOptions
dcpromoui 240.248 000C Enter RegistryKey::GetValue-String ProductType
dcpromoui 240.248 000D ServerNT
dcpromoui 240.248 000E prodtype : 0x3
dcpromoui 240.248 000F Enter GetSafebootOption
dcpromoui 240.248 0010 Enter RegistryKey::Open System\CurrentControlSet\Control\SafeBoot\Option
dcpromoui 240.248 0011 HRESULT = 0x80070002
dcpromoui 240.248 0012 returning : 0x0
dcpromoui 240.248 0013 Enter DetermineRoleAndMembership
dcpromoui 240.248 0014 Enter MyDsRoleGetPrimaryDomainInformation
dcpromoui 240.248 0015 Enter MyDsRoleGetPrimaryDomainInformationHelper
dcpromoui 240.248 0016 Calling DsRoleGetPrimaryDomainInformation
dcpromoui 240.248 0017 lpServer : (null)
dcpromoui 240.248 0018 InfoLevel : 0x1 (DsRolePrimaryDomainInfoBasic)
dcpromoui 240.248 0019 HRESULT = 0x00000000
dcpromoui 240.248 001A MachineRole : 0x2
dcpromoui 240.248 001B Flags : 0x0
dcpromoui 240.248 001C DomainNameFlat : WORKGROUP
dcpromoui 240.248 001D DomainNameDns : (null)
dcpromoui 240.248 001E DomainForestName : (null)
dcpromoui 240.248 001F Enter IsDcInRepairMode
dcpromoui 240.248 0020 HRESULT = 0x00000000
dcpromoui 240.248 0021 Enter State::DetermineRunContext
dcpromoui 240.248 0022 Enter DS::GetPriorServerRole
dcpromoui 240.248 0023 Enter MyDsRoleGetPrimaryDomainInformation
dcpromoui 240.248 0024 Enter MyDsRoleGetPrimaryDomainInformationHelper
dcpromoui 240.248 0025 Calling DsRoleGetPrimaryDomainInformation
dcpromoui 240.248 0026 lpServer : (null)
dcpromoui 240.248 0027 InfoLevel : 0x2 (DsRoleUpgradeStatus)
dcpromoui 240.248 0028 HRESULT = 0x00000000
dcpromoui 240.248 0029 OperationState : 0
dcpromoui 240.248 002A PreviousServerState : 0
dcpromoui 240.248 002B Enter Computer::GetNetbiosName
dcpromoui 240.248 002C MSDC1-FSMO01
dcpromoui 240.248 002D Enter Computer::GetRole MSDC1-FSMO01
dcpromoui 240.248 002E role: 2
dcpromoui 240.248 002F NT5_STANDALONE_SERVER
dcpromoui 240.248 0030 Enabling advanced mode
dcpromoui 240.248 0031 Enter GetAdminToolsPath
dcpromoui 240.248 0032 HRESULT = 0x00000000
dcpromoui 240.248 0033 Enter FS::GetPathSyntax C:\Documents and Settings\Administrator
dcpromoui 240.248 0034 HRESULT = 0x00000000
dcpromoui 240.248 0035 Enter InitDnsClientConfigFlag
dcpromoui 240.248 0036 Enter RegistryKey::Open Software\Microsoft\Windows\CurrentVersion\AdminDebug\dcpromoui
dcpromoui 240.248 0037 Enter RegistryKey::GetValue-DWORD ConfigureDnsClient
dcpromoui 240.248 0038 HRESULT = 0x80070002
dcpromoui 240.248 0039 result = true
dcpromoui 240.248 003A Enter Start
dcpromoui 240.248 003B Enter IsCurrentUserAdministrator
dcpromoui 240.248 003C Current user is an admin
dcpromoui 240.248 003D Enter CheckCertService
dcpromoui 240.248 003E Enter State::GetRunContext NT5_STANDALONE_SERVER
dcpromoui 240.248 003F Enter NTService::IsInstalled CertSvc
dcpromoui 240.248 0040 Enter MyOpenService
dcpromoui 240.248 0041 Enter Win::OpenSCManager
dcpromoui 240.248 0042 Enter Win::OpenService CertSvc
dcpromoui 240.248 0043 HRESULT = 0x80070424
dcpromoui 240.248 0044 Enter CheckSafeBootMode
dcpromoui 240.248 0045 Enter RegistryKey::Open System\CurrentControlSet\Control\Safeboot\Option
dcpromoui 240.248 0046 HRESULT = 0x80070002
dcpromoui 240.248 0047 Enter CheckRoleChangeState
dcpromoui 240.248 0048 Enter MyDsRoleGetPrimaryDomainInformation
dcpromoui 240.248 0049 Enter MyDsRoleGetPrimaryDomainInformationHelper
dcpromoui 240.248 004A Calling DsRoleGetPrimaryDomainInformation
dcpromoui 240.248 004B lpServer : (null)
dcpromoui 240.248 004C InfoLevel : 0x3 (DsRoleOperationState)
dcpromoui 240.248 004D HRESULT = 0x00000000
dcpromoui 240.248 004E OperationState : 0x0
dcpromoui 240.248 004F Enter CheckPlatform
dcpromoui 240.248 0050 Enter Computer::GetNetbiosName
dcpromoui 240.248 0051 MSDC1-FSMO01
dcpromoui 240.248 0052 Enter Computer::GetRole MSDC1-FSMO01
dcpromoui 240.248 0053 role: 2
dcpromoui 240.248 0054 Enter CheckForNtfs5
dcpromoui 240.248 0055 Enter GetFirstNtfs5HardDrive
dcpromoui 240.248 0056 A:\
dcpromoui 240.248 0057 Enter FS::GetFileSystemType
dcpromoui 240.248 0058 Enter FS::GetRootFolder A:\
dcpromoui 240.248 0059 Enter FS::GetPathSyntax A:\
dcpromoui 240.248 005A HRESULT = 0x80070015
dcpromoui 240.248 005B C:\
dcpromoui 240.248 005C Enter FS::GetFileSystemType
dcpromoui 240.248 005D Enter FS::GetRootFolder C:\
dcpromoui 240.248 005E Enter FS::GetPathSyntax C:\
dcpromoui 240.248 005F HRESULT = 0x00000000
dcpromoui 240.248 0060 C:\ is NTFS5
dcpromoui 240.248 0061 C:\
dcpromoui 240.248 0062 Enter CheckWindirSpace
dcpromoui 240.248 0063 Enter checkDiskSpace
dcpromoui 240.248 0064 Enter FS::GetRootFolder C:\WINDOWS
dcpromoui 240.248 0065 Enter FS::GetPathSyntax C:\WINDOWS
dcpromoui 240.248 0066 Enter FS::GetAvailableSpace C:\
dcpromoui 240.248 0067 Enter CheckComputerWasRenamedAndNeedsReboot
dcpromoui 240.248 0068 Enter ComputerWasRenamedAndNeedsReboot
dcpromoui 240.248 0069 Enter Computer::GetActivePhysicalNetbiosName
dcpromoui 240.248 006A MSDC1-FSMO01
dcpromoui 240.248 006B Enter Computer::GetFuturePhysicalNetbiosName
dcpromoui 240.248 006C Enter RegistryKey::Open System\CurrentControlSet\Control\ComputerName\ComputerName
dcpromoui 240.248 006D Enter RegistryKey::GetValue-String ComputerName
dcpromoui 240.248 006E HRESULT = 0x00000000
dcpromoui 240.248 006F MSDC1-FSMO01
dcpromoui 240.248 0070 Enter IsTcpIpInstalled
dcpromoui 240.248 0071 TCP/IP is detected
dcpromoui 240.248 0072 Enter Computer::GetActivePhysicalFullDnsName
dcpromoui 240.248 0073 Enter Computer::ComposeFullDnsComputerName hostname: MSDC1-FSMO01 suffix:
dcpromoui 240.248 0074 MSDC1-FSMO01.
dcpromoui 240.248 0075 Enter Computer::GetFuturePhysicalFullDnsName
dcpromoui 240.248 0076 Enter Computer::GetActivePhysicalFullDnsName
dcpromoui 240.248 0077 Enter Computer::ComposeFullDnsComputerName hostname: MSDC1-FSMO01 suffix:
dcpromoui 240.248 0078 MSDC1-FSMO01.
dcpromoui 240.248 0079 Enter RegistryKey::Open System\CurrentControlSet\Services\Tcpip\Parameters
dcpromoui 240.248 007A Enter RegistryKey::GetValue-String NV Hostname
dcpromoui 240.248 007B Enter RegistryKey::GetValue-String NV Domain
dcpromoui 240.248 007C Enter Computer::IsDnsSuffixPolicyInEffect
dcpromoui 240.248 007D Enter RegistryKey::Open Software\Policies\Microsoft\System\DNSclient
dcpromoui 240.248 007E false
dcpromoui 240.248 007F
dcpromoui 240.248 0080 Enter Computer::ComposeFullDnsComputerName hostname: MSDC1-FSMO01 suffix:
dcpromoui 240.248 0081 HRESULT = 0x80070002
dcpromoui 240.248 0082 MSDC1-FSMO01.
dcpromoui 240.248 0083 Enter Dns::CompareNames MSDC1-FSMO01. vs MSDC1-FSMO01.
dcpromoui 240.248 0084 Calling DnsNameCompareEx_W
dcpromoui 240.248 0085 pszLeftName : MSDC1-FSMO01.
dcpromoui 240.248 0086 pszRightName : MSDC1-FSMO01.
dcpromoui 240.248 0087 dwReserved : 0
dcpromoui 240.248 0088 Result 0x1
dcpromoui 240.248 0089 relation: DnsNameCompareEqual
dcpromoui 240.248 008A No pending computer name change
dcpromoui 240.248 008B result = false
dcpromoui 240.248 008C Enter IsComputerNameOk
dcpromoui 240.248 008D Enter State::GetRunContext NT5_STANDALONE_SERVER
dcpromoui 240.248 008E Enter IsTcpIpInstalled
dcpromoui 240.248 008F TCP/IP is detected
dcpromoui 240.248 0090 Enter MyDnsValidateName MSDC1-FSMO01
dcpromoui 240.248 0091 Calling DnsValidateName
dcpromoui 240.248 0092 pszName : MSDC1-FSMO01
dcpromoui 240.248 0093 Format : 3
dcpromoui 240.248 0094 status 0x0
dcpromoui 240.248 0095 ERROR_SUCCESS
dcpromoui 240.248 0096 true
dcpromoui 240.248 0097 Enter ForceRemovalFSMOsSafelyOffMachineCheck
dcpromoui 240.248 0098 Enter State::IsForcedDemotion false
dcpromoui 240.248 0099 Non forced demotion, FSMOs will be taken care of somewhere else.
dcpromoui 240.248 009A Enter ShouldCancelBecauseMachineIsAppServer
dcpromoui 240.248 009B Enter State::GetRunContext NT5_STANDALONE_SERVER
dcpromoui 240.248 009C result = false
dcpromoui 240.248 009D Enter RunWizard
dcpromoui 240.248 009E Enter Wizard::AddPage
dcpromoui 240.248 009F id = 108 title = Welcome
dcpromoui 240.248 00A0 Enter Wizard::AddPage
dcpromoui 240.248 00A1 id = 164 title = Administrator Password
dcpromoui 240.248 00A2 Enter Wizard::AddPage
dcpromoui 240.248 00A3 id = 182 title = Application Directory Partitions
dcpromoui 240.248 00A4 Enter Wizard::AddPage
dcpromoui 240.248 00A5 id = 181 title = Confirm Deletion
dcpromoui 240.248 00A6 Enter Wizard::AddPage
dcpromoui 240.248 00A7 id = 183 title = Cannot Contact an Active Directory Domain Controller
dcpromoui 240.248 00A8 Enter Wizard::AddPage
dcpromoui 240.248 00A9 id = 150 title = Child Domain Installation
dcpromoui 240.248 00AA Enter Wizard::AddPage
dcpromoui 240.248 00AB id = 144 title = Configure Domain Naming Service Client
dcpromoui 240.248 00AC Enter Wizard::AddPage
dcpromoui 240.248 00AD id = 142 title = Summary
dcpromoui 240.248 00AE Enter Wizard::AddPage
dcpromoui 240.248 00AF id = 147 title = Network Credentials
dcpromoui 240.248 00B0 Enter Wizard::AddPage
dcpromoui 240.248 00B1 id = 163 title = Remove Active Directory
dcpromoui 240.248 00B2 Enter Wizard::AddPage
dcpromoui 240.248 00B3 id = 143 title = Install or Configure DNS
dcpromoui 240.248 00B4 Enter Wizard::AddPage
dcpromoui 240.248 00B5 id = 174 title = DNS Registration Diagnostics
dcpromoui 240.248 00B6 Enter Wizard::AddPage
dcpromoui 240.248 00B7 id = 156 title = Installation Failed
dcpromoui 240.248 00B8 Enter Wizard::AddPage
dcpromoui 240.248 00B9 id = 154 title = Installation Results
dcpromoui 240.248 00BA Enter Wizard::AddPage
dcpromoui 240.248 00BB id = 184 title = Force the Removal of Active Directory
dcpromoui 240.248 00BC Enter Wizard::AddPage
dcpromoui 240.248 00BD id = 158 title = New Domain Name
dcpromoui 240.248 00BE Enter Wizard::AddPage
dcpromoui 240.248 00BF id = 180 title = Forest Functional Level
dcpromoui 240.248 00C0 Enter Wizard::AddPage
dcpromoui 240.248 00C1 id = 171 title = Global Catalog
dcpromoui 240.248 00C2 Enter Wizard::AddPage
dcpromoui 240.248 00C3 id = 140 title = Configure TCP/IP
dcpromoui 240.248 00C4 Enter Wizard::AddPage
dcpromoui 240.248 00C5 id = 159 title = NetBIOS Domain Name
dcpromoui 240.248 00C6 Enter Wizard::AddPage
dcpromoui 240.248 00C7 id = 145 title = Create New Domain
dcpromoui 240.248 00C8 Enter Wizard::AddPage
dcpromoui 240.248 00C9 id = 157 title = New Site
dcpromoui 240.248 00CA Enter Wizard::AddPage
dcpromoui 240.248 00CB id = 162 title = Shared System Volume
dcpromoui 240.248 00CC Enter Wizard::AddPage
dcpromoui 240.248 00CD id = 123 title = Database and Log Folders
dcpromoui 240.248 00CE Enter Wizard::AddPage
dcpromoui 240.248 00CF id = 153 title = Select a Site
dcpromoui 240.248 00D0 Enter Wizard::AddPage
dcpromoui 240.248 00D1 id = 167 title = Permissions
dcpromoui 240.248 00D2 Enter Wizard::AddPage
dcpromoui 240.248 00D3 id = 141 title = Additional Domain Controller or Member Server
dcpromoui 240.248 00D4 Enter Wizard::AddPage
dcpromoui 240.248 00D5 id = 146 title = Domain Controller Type
dcpromoui 240.248 00D6 Enter Wizard::AddPage
dcpromoui 240.248 00D7 id = 148 title = Additional Domain Controller
dcpromoui 240.248 00D8 Enter Wizard::AddPage
dcpromoui 240.248 00D9 id = 169 title = Copying Domain Information
dcpromoui 240.248 00DA Enter Wizard::AddPage
dcpromoui 240.248 00DB id = 168 title = Directory Services Restore Mode Administrator Password
dcpromoui 240.248 00DC Enter Wizard::AddPage
dcpromoui 240.248 00DD id = 5000 title = Operating System Compatibility
dcpromoui 240.248 00DE Enter Wizard::AddPage
dcpromoui 240.248 00DF id = 152 title = New Domain Tree
dcpromoui 240.248 00E0 Enter Wizard::ModalExecute
dcpromoui 240.248 00E1 Enter FS::AppendPath C:\WINDOWS\system32
dcpromoui 240.248 00E2 Enter WelcomePage::OnInit
dcpromoui 240.248 00E3 Enter State::GetRunContext NT5_STANDALONE_SERVER
dcpromoui 240.248 00E4 Enter WelcomePage::OnSetActive
dcpromoui 240.248 00E5 Enter DCPromoWizardPage::OnWizNext
dcpromoui 240.248 00E6 Enter WelcomePage::Validate
dcpromoui 240.248 00E7 Enter State::GetRunContext NT5_STANDALONE_SERVER
dcpromoui 240.248 00E8 Enter Wizard::SetNextPageID id = 5000
dcpromoui 240.248 00E9 push 108
dcpromoui 240.248 00EA Enter SecureCommWarningPage::OnInit
dcpromoui 240.248 00EB Enter SecureCommWarningPage::OnSetActive
dcpromoui 240.248 00EC Enter DCPromoWizardPage::OnWizNext
dcpromoui 240.248 00ED Enter SecureCommWarningPage::Validate
dcpromoui 240.248 00EE Enter State::GetRunContext NT5_STANDALONE_SERVER
dcpromoui 240.248 00EF Enter Wizard::SetNextPageID id = 140
dcpromoui 240.248 00F0 push 5000
dcpromoui 240.248 00F1 Enter InstallTcpIpPage::OnInit
dcpromoui 240.248 00F2 Enter InstallTcpIpPage::OnSetActive
dcpromoui 240.248 00F3 Enter IsTcpIpInstalled
dcpromoui 240.248 00F4 TCP/IP is detected
dcpromoui 240.248 00F5 Enter IsTcpIpFunctioning
dcpromoui 240.248 00F6 Calling GetIpAddrTable
dcpromoui 240.248 00F7 dwNumEntries: 2
dcpromoui 240.248 00F8 entry 0
dcpromoui 240.248 00F9 dwAddr 0 (
dcpromoui 240.248 00FA is loopback/broadcast -- skipping
dcpromoui 240.248 00FB entry 1
dcpromoui 240.248 00FC dwAddr 100007F (
dcpromoui 240.248 00FD is loopback/broadcast -- skipping
dcpromoui 240.248 00FE TCP/IP is NOT functioning
dcpromoui 240.248 00FF Enter DCPromoWizardPage::OnWizNext
dcpromoui 240.248 0100 Enter InstallTcpIpPage::Validate
dcpromoui 240.248 0101 Enter IsTcpIpInstalled
dcpromoui 240.248 0102 TCP/IP is detected
dcpromoui 240.248 0103 Enter IsTcpIpFunctioning
dcpromoui 240.248 0104 Calling GetIpAddrTable
dcpromoui 240.248 0105 dwNumEntries: 2
dcpromoui 240.248 0106 entry 0
dcpromoui 240.248 0107 dwAddr 0 (
dcpromoui 240.248 0108 is loopback/broadcast -- skipping
dcpromoui 240.248 0109 entry 1
dcpromoui 240.248 010A dwAddr 100007F (
dcpromoui 240.248 010B is loopback/broadcast -- skipping
dcpromoui 240.248 010C TCP/IP is NOT functioning
dcpromoui 240.248 010D Enter Popup::Info
dcpromoui 240.248 010E MessageBox: Active Directory Installation Wizard : The TCP/IP networking protocol must be properly configured in order to proceed. Complete the configuration.
dcpromoui 240.248 010F Enter Wizard::SetNextPageID id = -1
dcpromoui 240.248 0110 Enter Wizard::Backtrack
dcpromoui 240.248 0111 id = 5000
dcpromoui 240.248 0112 Enter SecureCommWarningPage::OnSetActive
dcpromoui 240.248 0113 Enter Wizard::Backtrack
dcpromoui 240.248 0114 id = 108
dcpromoui 240.248 0115 Enter WelcomePage::OnSetActive
dcpromoui 240.248 0116 Enter DCPromoWizardPage::OnQueryCancel
dcpromoui 240.248 0117 Enter State::GetRunContext NT5_STANDALONE_SERVER
dcpromoui 240.248 0118 Enter Popup::MessageBox
dcpromoui 240.248 0119 MessageBox: Active Directory Installation Wizard : Are you sure you want to quit the Active Directory Installation Wizard?
dcpromoui 240.248 011A Enter ControlSubclasser::UnhookWindowProc
dcpromoui 240.248 011B Enter ControlSubclasser::UnhookWindowProc
dcpromoui 240.248 011C Enter ControlSubclasser::UnhookWindowProc
dcpromoui 240.248 011D Enter ControlSubclasser::UnhookWindowProc
dcpromoui 240.248 011E Enter ControlSubclasser::UnhookWindowProc
dcpromoui 240.248 011F Enter ControlSubclasser::UnhookWindowProc
dcpromoui 240.248 0120 Enter ControlSubclasser::UnhookWindowProc
dcpromoui 240.248 0121 Enter ControlSubclasser::UnhookWindowProc
dcpromoui 240.248 0122 exitCode = 0
dcpromoui 240.248 0123 closing log

Windows Vista Backup using virtual machine technology?

Very interesting post by one of our Windows Vista Backup product group members. It shows how they use the virtual machine technology to enable you to backup and restore real easy and real quick with Windows Vista. This is a built in feature and you don't need any additional software its built right into Windows Vista check it out here

Carlos Magalhaes


For those of you that have used MSCONFIG to check what is running on your system, which services are starting up, what programs are running at startup and what your boot.ini looks like, you would know that its missing something. Its missing a tab with all the other tools that are built into Windows to help you trouble shoot your system.

We released an "updated" version of MSCONFIG here it adds a tab with tools that are built into the system to help you diagnose issues :). I am NOT claiming it being the be all and end all tool but its a good step in the right direction.

This software does require you to pass our Windows Genuine software check.

The screen shot below shows the new tab:

SQL 2005 Remote Connections

I have this irritation with SQL 2005 and remote connections. Maybe its something I am doing incorrectly (which is very possible).

Everytime I install a new SQL 2005 server and then try using an application that I have developed to connect to that SQL 2005 machine, I get a SQL Protocol Error 25, “Cannot find the SQL server or the instance specified”.

The environment

  1. Windows 2003 Forest/Domain (Single Forest Single Domain SFSD)
  2. SQL 2005 Server (with SP1) and when installing SQL 2005 I check “Enable Remote Connections”
  3. 4 Different Windows clients (from Windows XP to Windows 2003)
  4. Application developed using .net 2.0
  5. Application is doing a normal SQL connect and Select * from SomeTable

I first thought it was because I was only using the ServerName in the connection string i.e. "MyServer", but then tried the following:

  1. Myserver
  2. Myserver.mydomain.myname.com (Fully Qualified Domain Name {FQDN})
  3. Myserver\<SQLInstanceName>
  4. Myserver.mydomain.myname.com\<SQLInstanceName>
  5. Ip_Address
  6. Ip_Address\<SQLInstanceName>

With all these I get the same ERROR (See above), I triple check on the server properties that "Allow remote connections" is checked!

 So what I have found works EVERY time is go to: SQL Server Configuration Manager > SQL Native Client Configuration > Aliases > Create New Alias.

I then create a new Alias with the Name being the NetBios name of the server. I then restart the SQL services, and PRESTO!

All of a sudden all the clients can see the SQL server and connect as they should be doing.

I just want to know:

  1. What am I doing wrong
  2. Is this normal behavior
  3. Is this "by design"
  4. What am I missing here?

Carlos Magalhaes

Windows GINA

So as I was going along promising customers that the Password Portal would be released with MIIS SP2 I was caught like a fish out of water. The Password Portal was pulled from SP2 and the customer was not happy at all.

I had promised them a Password Portal so I had to deliver this now! So I went about learning how the GINA worked and came up with a solution. On the GINA I added a link "Forget" which when the user clicks fires a .net 2.0 application. This application is in a Wizard form. It will ask you a predefined amount of Administrative questions (setup by the administrator) and then a predefined amount of "user" questions which are created by the user.

If the user successfully answers every question they will have an opportunity to specify the new password and their password will be reset.

Below is a few screen shots of the Gina and the Wizard:


Wizard 1 - Welcome screen

Wizard 2 - Accept Company License

Wizard 3 - Administrator Questions

Wizard 4 - Personal Questions

Wizard 5 - Summary of your questions

ADUC Dialog

Well I promised that I would show the work that has been done with the ADUC (Active Directory Users and Computers).

I have heard so many times how difficult it is to add a new tab to an Active Directory objects Dialog box in the ADUC MMC. To tell you the truth IT IS DIFFICULT, however using .net (yes that's right .NET and VB.NET actually) it is now possible to extend the ADUC dialog to add tabs as you see fit.

With in these tabs you can add which ever .net Controls that you like and do what ever you want to with these controls. Think of it as a User Control (In Windows Forms), the reason being is because it is actually a user control ;) and YES this DOES mean you can eventually see the Employee ID if you want to or even the full DN of the object. You can DO ANYTHING your programming knowledge allows you to ;)

Below is a screen shot of the "test tab" that was created using this code:

Help you with your blogging

I have noticed recently that this community blogging server has been receiving some serious hits. This is great news, it’s good to see the community sharing their views, knowledge and working so closely together.

Now that the search, gallery and blogging engines have been improved I have decided to really start getting things going. My first drive is to help all of the bloggers on this site establish some blog etiquette. This means learn how to use this blogging engine effectively.

The first article is if you are a MVP how to add the MVP logo to the “News” section of your website. I had a lot of requests from the MVPs that blog on this server. You can basically add any image there you will however have to give me the image so that I can put it up on the server so you can link to it. - You can find it under the tag/keyword: Personalize your blog

The second article is something I would actually like to enforce. That is every time someone blogs something they categorize it. By categorizing it you are assigning it a tag or keyword. This helps viewers find your blog entries quickly and more efficiently. It also helps the search engine return the correct results. I was looking for something Jorge wrote a while ago, great article but it was a freeken needle in a haystack to find. Don't be surprised that this is tagged under: Tags and keywords

I am also trying to create the correct Blogging categories so that all the DS bloggers are in the DS (Directory Services) group, Security bloggers in the Security group etc.

This is going be something I am going to drive extremely hard. Obviously I am only going to be able to make this work with the help of this blogging community. Each and every one of you have my email address so please feel free to email me!

Link to new Blog (helping you to blog) - http://blogs.dirteam.com/blogs/blogginghelp

Oh and before I forget I also added the "how to use Live Writer {which I am using to blog this actually} with Dirteam.com blogs. - Tag/keywords:  Blogging Tools

Happy and better blogging ;)

Carlos Magalhaes

How to add the MVP logo to your Blog

Alot of the Active Directory MVPs that blog on this community blog site, have asked me how they can put the MVP log on their blog. The image below shows how you do it. Each step is depicted by a number (in the image):

Step 1 When you logged in and at your blog, above the text where you add an "New Entry"  there is a link called "My DashBoard". Click on that link and you will be redirected to "My Blog" tab in your dashboard.

Step 2 Click on "Global Settings" then on "Title, Description and News"

Step 3 Locate the "News" text box

Step 4 Add the text you see at Step 4 in the (image below) to the "News" textbox

Step 5 after "...../images/" add the text you see in the call out on the (image below).

Step 6 Click save (bottom right hand corner of the page)

Step 7 Go to your blog and you should see the MVP logo image on your blog :)

I didnt add the MVP logo but I added a little image of myself (you usually see that image on my IM) you can see what it would look like here. 


Carlos Magalhaes

Apology for incorrect post

Being taught the hard way is sometimes the best way. It was pointed out to me by someone really close to me that I should think before I post. For those of you frowning about what the hell I am talking about: I made a really immature and stupid blog entry about FireFox. It had no relevance what so ever and was a dumb comment.

I have nothing against FireFox and actually find it to be a great web browser. Its light on memory and has great plugins.

The comment was stupid and immature and I apologies.

Carlos Magalhaes

More Posts Next page »