Tuesday, April 29, 2008

A matching connector cannot be found to route the external recipient



Problem:

E-mail seems to not going out from mail organization, right after the new installation exchange 2007.

Solution:

Make sure the address space on the send connector is set to *. If you don't have send connector you will need to create one, by going to Hub Transport server tab on EMC (Exchange management Console), make a right chose new send connector, give it a name( send connector ) , click down arrow define use for this connector Such as internet, follow the wizard and finish creating the send connector.

Perform test mail, use queue viewer on the tool box to determine what is going on with the message. The queue viewer is surprisingly very handy and informative (compare the old stuff we had to deal with)


  • Identity: exc07\Unreachable\34763
  • Subject: test 1
  • Internet Message ID: <58FB3B58ECF7E94C949A63A38F@exc07.smtp25.org>
  • From Address: oz@smtp25.org
  • Status: Ready
  • Size (KB): 1
  • Message Source Name: FromLocal
  • Source IP: 255.255.255.255
  • SCL: -1
  • Date Received: 4/29/2008 10:06:30 PM
  • Expiration Time: 5/1/2008 10:06:30 PM
  • Last Error: A matching connector cannot be found to route the external recipient
  • Queue ID: exc07\Unreachable
  • Recipients: telnet25@Gmail.com

Best regards,

  • Oz ozugurlu,
  • Systems Engineer
  • MCITP (EMA), MCITP (SA),
  • MCSE 2003 M+ S+ MCDST
  • Security Project+ Server+
  • oz@SMTp25.org
  • http://smtp25.blogspot.com

Moving a Domain Controller to a Different Site



Moving domain controllers from one site to another one will require to re-IP the new domain controllers. What are the possible setbacks for this operation? The answer to this question become easy for us since we are in the middle of huge AD migration and have done it several times in production.

Here is the bullet point to consider when it comes to identify the existing services on the infrastructure domain controllers and decommissioned the old domain controllers.

  1. Identify the FSMO roles on each domain
  2. Distribute the FSMO roles according to MS best practices

    The schema master and domain naming master roles should be placed on the same domain controller as they are rarely used and should be tightly controlled.

  • The infrastructure master should not be located on the same domain controller holding the RID master and PDC emulator roles if it is also a GC server.
  1. Identify the services running from each domain controller such as
  • DNS
  • DHCP, DHCP scope portions
  • WINS ( I hate WINS)
  • CA ( certificate Authority)
  • Web related services
  • Terminal server (licensing server)
  1. Application dependencies, relaying to existing domain controllers
  • LDAP
  • SLDAP
  1. Make sure you plan the proper backup for active directory

    Use System stage backup or equivalent backup system to backup AD database and related files. Flat windows and file system backup is not proper backup for active directory. At least use scheduled NT backup, on the 2 or 3 DC's trough out the enterprise (there is no need to backup every single domain controller, simply this would be a redundant afford (multi master replication). The proper backup of AD, (system state backup) allows authoritative restore. If you can $$$ use third party tools for fast recovery and backup.

  2. If you move paging file from C to another drive, remember a paging file equal to or larger than RAM size should be placed on the same partition as the operating system to allow crash dumps to be recorded.
  3. Add the /DEBUG switch to the Boot.ini file to enable post-mortem debugs of your servers. Adding the debug switch causes a 2-3 percent decrease in server performance but allows a debugger to be hooked up once a crash has occurred for post-mortem debugging
  4. Disable Unnecessary Services

    This is one of my favorite; I wish there were clearer instruction came with defaults installation.

  • Disable Windows updates (Assuming you are using WSUS)
  • Disable Wireless zero service
  • Print spooler service, every enterprise at least one DC must be running it.

Domain controllers will re-register dynamic record in DNS, claiming to be the domain controller with the new IP address. Make sure all the name servers for each domain (in case child domains exist) got updated in DNS. IF you a have child domains exist make sure all name server have been exist

I never did understand why windows media player comes with default installation windows. If you are going to promote it to be a domain controller, who cares about windows media player running on a DC? Or the games. Windows 2008 server should have clear base line installations.

The IP addresses of existing Domain controllers might be used by several components on the production servers and there might be a dependency for these IP addresses, so keeping the existing IP addresses and transferring them to the new build Domain controller might be necessary or smart move to lessen the possible breakage on the production network.

Best practice methods for Windows 2000 domain controller setup

Size the server and the hard drive as mentioned in the previous posts I did while ago. The point is to understand what kind of operations the OS and the database operate under and how to improve the performance and redundancy.

At the basic with decent server (64BIT preferred)

FYI:

When you split the AD files across the disks as we have done, the following are the recommended exclusions; normally you'd have to figure these locations out via registry settings. Keep in mind these ONLY apply when you've split the AD files the way we've done.

C Drive ( 64 Bit windows 2003 SP2)

8 Gig memory

OS & Logs

RAID 1 + 0

D Drive ( NTDS)

SysVol & .DIT database

RAID 1 + 0

H Drive CD-Room



Best regards

Oz ozugurlu,

Systems Engineer

MCITP (EMA), MCITP (SA),

MCSE 2003 M+ S+ MCDST

Security Project+ Server+

oz@SMTp25.org

http://smtp25.blogspot.com

Friday, April 25, 2008

Change RDP listening port to SSL



You switch the job and realized you cannot RDP back to your home Lab Exchange 2007 server. Or the security team at your work decided has no mercy to IT department. Either way, why in the world the security folks would stop us playing with Exchange 2007, (-: who knows, here is quick way around. Go to server you wish to RDP too.

  • click start
  • run
  • regedit, enter
  • HKEY_LOCAL_MACHINE
  • System
  • CurrentControlSet
  • Control
  • TerminalServer
  • WinStations
  • RDP-Tcp
  • PortNumber
  • switch to Decimal
  • add the SSL port 443
  • exit the reg edit
  • open RDP and include the port number as below ( my exchange server IP is 10.10.10.7)
  • Change this to your exchange or server IP and leave the :443 in tacked
  • 10.10.10.7:443

You may have to reboot the server, and now you can RDP back to your Lab exchange server

Oz Ozugurlu,

Systems Engineer

MCITP (EMA), MCITP (SA),

MCSE 2003 M+ S+ MCDST

Security Project+ Server+

oz@SMTp25.or

http://smtp25.blogspot.com

Thursday, April 24, 2008

Who is your Active directory bridgehead server (ISTG)



When it comes to a bridgehead server in the world of exchange, we all would know there is no difference in Exchange 2000 and 2003, because role base administration and implementation was not clear at all, and there was not clear documentation guiding to get the servers hardened in this way.

So many of us installed exchange same way we install any other exchange and call it, this is Exchange bridgehead server. The most brilliant idea was to rename the mail stores on the BH server and the SG to, "Do not Create mail box" to prevent helpdesk to create mail box on the BH server. I remember still seeing helpdesk gets confused and cannot read, so they create mailbox on the BH server, and pisses all the exchange administrators.

What has changed in Exchange 2007? As we all know Role base administration is in place in exchange 2007, for administration and the implementation.

Old days we had (below roles are not really useful in a practical world)

  • Exchange Full Administrator
  • Exchange Administrator.
  • Exchange View-Only Administrator.

Exchange 2007

  • Exchange Organization Administrators
  • Exchange Recipient Administrators.
  • Exchange View-Only Administrators
  • Exchange Server Administrators.

Server Roles as follows

  • Mailbox (MB)
  • Client Access (CA)
  • Unified Message (UM)
  • Hub Transport (HT)
  • Edge Transport (ET)

Ok, now let's take a look at AD bridgehead server and ISTG (inter-site topology generator)

Windows 2000 Domain controllers each create Active Directory Replication connection objects representing inbound replication from intra-site replication partners. For inter-site replication, one domain controller per site has the responsibility of evaluating the inter-site replication topology and creating Active Directory Replication Connection objects for appropriate bridgehead servers within its site. The domain controller in each site that owns this role is referred to as the Inter-Site Topology Generator (ISTG).

  • Open Active Directory Replication Monitor
  • Add Site/Server Wizard from the Edit menu
  • Add the server
  • Right-click the name of the server just below the site name
  • Select Generate Status Report
  • After Active Directory Replication Monitor displays that the report is complete
  • Save it on your PC
  • Open it and locate
  • "Enterprise Data" section of the report

Can we select ISTG in a site?. Yes but it is not recommended by MS

Bridgehead Server Selection

By default, bridgehead servers are automatically selected by the intersite topology generator (ISTG) in each site. Alternatively, you can use Active Directory Sites and Services to select preferred bridgehead servers. However, it is recommended for Windows 2000 deployments that you donot select preferred bridgehead servers.

Selecting preferred bridgehead servers limits the bridgehead servers that the KCC can use to those that you have selected. If you use Active Directory Sites and Services to select any preferred bridgehead servers at all in a site, you must select as many as possible and you must select them for all domains that must be replicated to a different site. If you select preferred bridgehead servers for a domain and all preferred bridgehead servers for that domain become unavailable, replication of that domain to and from that site does not occur.

If you have selected one or more bridgehead servers, removing them from the bridgehead servers list restores the automatic selection functionality to the ISTG.

Oz ozugurlu,

Systems Engineer

MCITP (EMA), MCITP (SA),

MCSE 2003 M+ S+ MCDST

Security Project+ Server+

oz@SMTp25.org

http://smtp25.blogspot.com



Tuesday, April 15, 2008

Cannot Delete PTR record



I am having big time issues with DNS and pulling my hairs. My mission was to delete stubborn PTR record. When I delete the PTR record and refresh the DNS snap-in the PTR record right comes back up. When it comes to DNS troubleshooting the build in tool we have is NSlookup. (Reverse lookup zone needs to be present for NSlookup tool to work properly). If you need better tool here is NetDig

In my case I was able to delete the record by using DNSCMD. My IP address is 10.160.2.99 and my PTR record is oozugurlupc.archq.ri.smtp25.org

I will go to command line and type following string,

Dnscmd /RecordDelete 10.in-addr.arpa. 99.2.160 PTR

If you notices I have dot after arpa, also my IP Address 10.160.2.99 the first octet which is 10 right after the record delete 10.in-addr.arpa. And the rest (160.2.99) I listed backwards), as 99.2.160, Space PTR.

You will receive Are you sure you want to delete record? (y/n), press Y (yes), than you will receive following statement

Deleted PTR record(s) at 10.in-addr.arpa.

Command completed successfully.

Now the record is gone forever

Oz ozugurlu,
Systems Engineer
MCITP (EMA), MCITP (SA),
MCSE 2003 M+ S+ MCDST
Security Project+ Server+
oz@SMTp25.org

http://smtp25.blogspot.com

Sunday, April 13, 2008

DNS QUERIES & TYPES IN ACTIVE DIRECTORY



Two type of queries most of the DNS clients will send when they resolve IP address to a name. Below is the little summary is showing. The most command queries iterative and recursive query is explained in the following article. The Stub zone is introduced with windows 2003 AD and it is not a replacement for forwarding.

Common DNS Queries

  • Iterative (DNS Servers will use this type of query, some applications may also use this type of query, all heavy lifting is handled by a client.
  • Recursive Query (Windows Clients uses this type of query, and they expect certain answer); All heavy lifting is done by DNS Serves this time unlike the iterative query.
  • Forward lookup zone (Standard primary DNS zone), when DCPromo runs, with DNS installation option the forward lookup zone gets created. It contains DNS records to support Active Directory operations. Active directory operations works closely with DNS, forward lookup zone and its records. In most DNS lookups, clients typically perform a forward lookup, which is a search based on the DNS name of another computer as stored in an address (A) resource record. This type of query expects an IP address as the resource data for the answered response.
  • The Reverse Lookup zone is created based on subnet. The records get created in reverse lookup zone called PTR (Pointer) records. DNS also provides a reverse lookup process, enabling clients to use a known IP address during a name query and look up a computer name based on its address. A reverse lookup takes the form of a question, such as "Can you tell me the DNS name of the computer that uses the IP address 192.168.1.2?" DNS was not designed to support Reverse lookup queries. AD does not rely on reverse lookup zone, this type of zone is optional but strongly recommended by me and anyone out there, and who works with active directory.
  • Stub Zone (read only zone, it has just enough information for the authoritative DNS servers, it is a little zone)


Iterative query (DNS Server will use this)


Client expects the best answer from the server, DNS Server does not query other DNS servers, may refer client to another DNS server.


Client will ask to its configured DNS Server ( client know the DNS server it simply defined with DHCP lease, most likely),

Let's say Client will perform a query to its configured DNS servers and will try to locate the web server resource called hosted on this name space "Sales.Smtp25.org"

Example Query:

Client DNS name Space "fabrikam.local"

Client DNS server is authoritative for DNS name space "fabrikam.local"


Client will ask to its configured DNS servers


  • who is Sales.Smtp25.org (I need to know the IP address, for this resource so that I can open direct TCP/IP connection to this server),
  • the client DNS server ("fabrikam.local") is not authoritative for Sales.Smtp25.org, So Client DNS server will tell client
  • Hey I am not authoritative for this DNS name space, don't ask me go ask .ORG domains and advices client to go talk to .ORG DNS servers (it gives client the IP address of the .ORG DNS server.
  • Client goes out and finds out .ORG DNS server and asks the same question.
  • Hey I need to access the resources on Sales.Smtp25.org; I was given your IP by my local DNS server.
  • Do you know the IP address of the Sales.Smtp25.org?
  • .ORG Server says to the client, sorry body I do not know the answer to your question but, I know the IP address of the SMTP25.org server, do you want it
  • Client says sure, and client goes and ask this time the server who owns "SMTP25.org"
  • Hey I really need to get to sales.SMTP25.org, I am tired everyone is referring me one step at a time, do you know the IP Address of the "sales.SMTP25.org" resources.
  • Server this time says sure, here is the IP Address for the resource you have been trying to access X.X.X.X
  • Finally client gets the IP address of the resources, client has been trying to access and client opens direct TCP/IP connection and start seeing the website for the requested name space.

As you see the client had to do a lot of work to get to sales.SMTP25.org. It was not easy was it?

Recursive queries (windows Client typical send recursive query)

The same story is valid for recursive queries, expect the heavy lifting I this time s going to be done by DNS server, instead of client; client will get certain answer about the resource client is trying to access. The DNS server will perform all iteration behalf of client.

Let's imagine for a second, (iterative imagination)

  • This much like staying at the very expensive hotel and you are from Kolkata. As nature right in the middle of the night you need to smoke and figured out you are out of cigarette. You ran the bell for bellboy and ask him to get you a pack.
  • Bellboy told you hey the store is down the street you go get it by yourself I am busy and don't bother me next time.
  • You walked down the street and store attendant told you , we don't sell it, here but here is the address for the next store who sells it, and the store is in walking distance. Now you have another address, you took another 15 minutes and finally get there, the store attendant says, again; sorry body we don't sell it here, but I am sure this store has it and directs you to another store, and again you are on the way, finally get there and get your pack, go back to hotel and you are finally happy, you light one up and thinking, this was hard to get here. (

PS: One of my best friend is from Kolkata (Pushpendu Biswas smart as hell), I know one thing about Kolkata for sure, it they cannot smoke the air will poison him and he would die, therefore smoking is the most important thing for him (- :

  • Let's imagine for a second, (Recursive imagination)
  • This time, surprisingly bellboy has done all the hard work for you, you got you pack without any hassle.
  • STUB ZONE (will enhanced the delegation it is not a replacement)
  • Zone that contains specific information for specific zone, it is a little zone. It contains NS record, SOA record, A record as know as glue record, NS record is exist in the stub zone ( Stub zone is read only), the changes must be done in the Authoritative server.
  • Disjoint name space scenario the Stub zones can be very effective, the Stub zone do get updates automatically unlike the delegation.
  • Stub zone may increase the efficiency; we can reduce the traffic and increase the DNS. The Subzone can reduce the recursive query and give direct answer to the requester.
  • Subzones get updated automatically, unlike the delegations (delegations are static, name servers for the domain must be updated.
  • Forwarding in DNS
  • When the query comes to your DNS server, basically if your server does not know about the answer this will tell your DNS server where to forward the query too.
  • Forwarders are single point of failure, high load and heavy load for the forwarder DNS server, most likely this is going to be your IP DNS servers and this would make you say, so who cares?

Conditional Forwarding (new future in windows 2003)

The DNS server is aware about the specific DNS name space and the corresponding IP address of the destination DNS servers name specified. When query comes in for the requested DNS name space the DNS server looks at the forwarders and it knows where to forward the DNS query too. It is very useful in the complicated DNS scenario

  • Some of the best practices
  • Most of the times recommended setting being defined by the need of the business needs.
  • DO NOT turns on scavenging from multiple domain controllers
  • Configure it on the one DC only.
  • Turn recursion of if you sure you know how your DNS traffic flows
  • Use forwarder for internet name resolution; let the ISP DNS servers to handle the heavy lifting.
  • On the interfaces tab, in DNS make sure you select the option "Only the following IP address), most of the cases more than one interface is no good for Domain controllers.
  • Enable "Fail on load if the bad zone data
  • Enable round robin
  • Enable secure cache against pollution
  • Name Checking
  • Enable net mask ordering "Multibyte (UTF8
  • Load zone data on startup (from Active directory registry)
  • Use monitoring tab to test the query (recursive and simple)

Oz ozugurlu,

Systems Engineer

MCITP (EMA), MCITP (SA),

MCSE 2003 M+ S+ MCDST

Security Project+ Server+

oz@SMTp25.org

http://smtp25.blogspot.com

Monday, April 7, 2008

Delete Exchange Computer Account from Active directory in production Environment



Problem:

Exchange computer accounts have been deleted, from active directory. The network administrator deleted the OU (Organizational Unit) where all Exchange computer accounts in.

Side effects:

No mail flow, outage for E-mail, Exchange application logs showing following errors 9187, 9186

Solution:

  • Log into exchange server locally and take then exchange servers out the domain,
  • Reboot the exchange servers
  • Re-join the exchange servers back to the domain

Notes:

  • Each Windows-based computer maintains a machine account password history containing the current and previous passwords used for the account. When two computers attempt to authenticate with each other and a change to the current password is not yet received, Windows then relies on the previous password. If the sequence of password changes exceeds two changes, the computers involved may be unable to communicate, and you may receive error messages (for example, "Access Denied" error messages when Active Directory replication occurs).
  • Resetting a computer account breaks that computer's connection to the domain and requires it to rejoin the domain. In my scenario this was done on Exchange server. The computer account was reset and there was no way to log into the server, except server itself locally. Taking the server out from domain rebooting it, adding the server back to the domain worked. All exchange services were up and running after joining to domain with same name. Remember renaming Exchange will break the exchange and there will be no way to bring exchange back to the live from death, this is of course not supported by Microsoft.


Event Type: Error

Event Source: MSExchangeSA

Event Category: General

Event ID: 9187

Date: 4/7/2008

Time: 2:12:44 PM

User: N/A

Computer: RCOBHSCHI010

Description:

Microsoft Exchange System Attendant failed to add the local computer as a member of the DS group object 'cn=Exchange Domain Servers,cn=Users,dc=smtp25,dc=org'.

Please stop all the Microsoft Exchange services, add the local computer into the group manually and restart all the services.

For more information, click http://www.microsoft.com/contentredirect.asp.


Event Type: Warning

Event Source: MSExchangeSA

Event Category: General

Event ID: 9186

Date: 4/7/2008

Time: 2:27:44 PM

User: N/A

Computer: RCOBHSCHI010

Description:

Microsoft Exchange System Attendant has detected that the local computer is not a member of group 'cn=Exchange Domain Servers,cn=Users,dc=smtp25,dc=org'. System Attendant is going to add the local computer into the group.

The current members of the group are 'CN=CH,OU=Computers,OU=CH Rich VA,DC=smtp25,DC=org; CN=CH,OU=Computers,OU=CH Wilkes PA,DC=smtp25,DC=org; CN=CH,OU=Computers,OU=CH MilfCT,DC=smtp25,DC=org; CN=CH,OU=Computers,OU=CH High NC,DC=smtp25,DC=org; CN=CH,OU=Computers,OU=CH Lee VA,DC=smtp25,DC=org;; CN=CH,OU=Computers,OU=CH Charles SC,DC=smtp25,DC=org; CN=CHNY,OU=Computers,OU=CH White NY,DC=smtp25,DC=org; '.

For more information, click http://www.microsoft.com/contentredirect.asp.


Oz ozugurlu,
Systems Engineer
MCITP (EMA), MCITP (SA),
MCSE 2003 M+ S+ MCDST
Security Project+ Server+
oz@SMTp25.org

http://smtp25.blogspot.com

Wednesday, April 2, 2008

WHAT IS YOUR GUID?



Here is the question how you can identify the build in domain administrator account in your domain assuming ,The classic description filed for this account is wiped out and account is renamed Description would be Built-in account for administering the computer/domain. The answer to this question came so fast, within 10 seconds from Jason Weaver, senior systems engineer.

First step, Download sid2user

The easiest way is to copy the files into support tools directory so that you can execute from any level from dos (assuming you have already installed windows 2003 support tools on your workstation, otherwise you need to drill to the same directory where these two little executables will reside in. I use powers hell so it is up to you to use either power shell or classis CMD.

PS F:\> user2sid oozugurlu

  • S-1-5-21-2026909314-1939897469-926709054-95328
  • Number of subauthorities is 5

Nice I get my SID ID as above. What is a SID ID anyway?

When a new domain user or group account is created, Active Directory stores the account's SID in the Object-SID (objectSID) property of a User or Group object. It also assigns the new object a globally unique identifier (GUID), which is a 128-bit value that is unique not only in the enterprise but also across the world

SID:

  • Security identifier A security identifier (SID) is a unique value of variable length that is used to identify a security principal or security group in Windows operating systems. Well-known SIDs is a group of SIDs that identify generic users or generic groups. Their values remain constant across all operating systems.

GUID:

  • Globally Unique identifier, 128-Bit value unique across the word.
  • SID: S-1-5-domain-500
  • Name: Administrator

Description: A user account for the system administrator. By default, it is the only user account that is given full control over the system

  • SID: S-1-5-domain-501
  • Name: Guest

Description: A user account for people who do not have individual accounts. This user account does not require a password. By default, the Guest account is disabled

PS C:\> user2sid oozugurlu

S-1-5-21-2026909314-1939897469-926709054-95328

  • Number of subauthorities is 5
  • Domain is SMTP25
  • Length of SID in memory is 28 bytes
  • Type of SID is SidTypeUser

PS C:\> sid2user 5 21 2026909314 1939897469 926709054 500

  • Name is manSMTP25
  • Domain is SMTP25
  • Type of SID is SidTypeUser

Don't forget as you see in above example I have taken out the – Dashes and leave it blank and added 500 at the end to determine the user account name for the build in administrator

It is not possible to delete the Administrator account? Well it is not if you try you will receive following errors "Cannot delete built in accounts" windows wont seem to be happy with you trying to delete this account, so it is impossible to delete it, you don't want to delete this account anyway, when DC is hosed up this is the only account can get in to the Domain controllers.

KB


Oz ozugurlu,
Systems Engineer
MCITP (EMA), MCITP (SA),
MCSE 2003 M+ S+ MCDST
Security Project+ Server+

oz@SMTp25.org

http://smtp25.blogspot.com

ENTERPRISE DOMAIN CONTROLLERS IMPLEMENTATION



Here is nice information for enterprise windows installation, SOP job aid. The table below is for splitting AD Database and logs with recommended way and configuring the RAID array and the hard drives for best performance. Installing 64 BIT Windows 2003 and 2008 has huge advantages; it is simply way faster than any other version of AD. Thanks a lot one more time, for Paul Yu, (Microsoft Consulting Services) for the great information.

FYI: when you split the AD files across the disks as we have done, the following are the recommended exclusions; normally you'd have to figure these locations out via registry settings. Keep in mind these ONLY apply when you've split the AD files the way we've done.

C Drive ( 64 Bit windows 2003 SP2) 8 Gig memory

OS & Logs

RAID 1 + 0

D Drive ( NTDS)

SysVol & .DIT database

RAID 1 + 0

H Drive CD-Room


Note:

If cost is a factor in planning for disk space, you can place the operating system and Active Directory database on one RAID array (such as RAID 0+1) and the Active Directory log files on another RAID array (such as RAID 1). However, it is recommended that you store the Active Directory database and the SYSVOL shared folder on the same drive.

AD Exclusions

  • C:\WINDOWS\NTDS\Edb*.log
  • C:\WINDOWS\NTDS\Res1.log
  • C:\WINDOWS\NTDS\Res2.log
  • D:\WINDOWS\NTDS\ntds.dit
  • D:\WINDOWS\NTDS\Temp.edb
  • D:\WINDOWS\NTDS\Edb.chk

SYSVOL Exclusions

  • C:\WINDOWS\NTFRS\jet\sys\Edb.chk
  • C:\WINDOWS\NTFRS\jet\Ntfrs.jdb
  • C:\WINDOWS\NTFRS\jet\log\*.log

COMBINED LIST

  • C:\WINDOWS\NTDS\Edb*.log
  • C:\WINDOWS\NTDS\Res1.log
  • C:\WINDOWS\NTDS\Res2.log
  • C:\WINDOWS\NTFRS\jet\sys\Edb.chk
  • C:\WINDOWS\NTFRS\jet\Ntfrs.jdb
  • C:\WINDOWS\NTFRS\jet\log\*.log
  • D:\WINDOWS\NTDS\ntds.dit
  • D:\WINDOWS\NTDS\Temp.edb
  • D:\WINDOWS\NTDS\Edb.chk
  • D:\WINDOWS\sysvol\domain\DO_NOT_REMOVE_Ntfrs_Preinstall_Directory
  • D:\WINDOWS\sysvol\staging\domain

Oz ozugurlu,
Systems Engineer
MCITP (EMA), MCITP (SA),
MCSE 2003 M+ S+ MCDST
Security Project+ Server+
oz@SMTp25.org

http://smtp25.blogspot.com