Category Archives: Uncategorized

DNS: Resource Records

Resourse Records (RRs) used to identify objects within DNS hierarchy / basic lookups within specified domain. Key RRs types are following (7):\n\nSOA (Start of Authority) Records – indicate which server is authoritative for that particular zone. Indicate authoritative server for zone which also in charge for processing zone updates. Also contains some critical zone information like TTL interval, contact responsible for DNS etc. Created automatically when DNS is installed for AD DS.\n\nHost (A) Records – most widely used RR type, simply contains name of the host & its IP address. Used to identify IP address of objects.\n\nName Server (NS) Records – identify which computers are name servers for a particular zone (i.e. DNS servers). There can be only one SOA record for a zone but multiple NS records indicating computers against which you may run DNS queries. NS RRs don’t contain IP but simply point to a server A record.\n\nService (SRV) Records – indicate which resources perform particular service. E.g. DCs referenced by SRV records which define specific services like GC, LDAP, Kerberos. SRV records did not exist in original DNS standard, so don’t supported by some old DNS implementations (like UNIX BIND 4.1.x or NT 4.0 DNS). BIND 8.1.2+ supports SRV records.\n\nMail Exchanger (MX) records – indicates resources available for SMTP reception, so that mail send to particular domain forwarded to server/servers indicated by the MX record.\n\nPointer (PTR) RRs – for reverse queries (i.e. lookup for names by IP), stored in reverse lookup zones.\n\nCanonical name (CNAME) Records – server alias, to refer server by multiple names. E.g. friendly name for mail server in addition to its complex name following some naming convention.\n\nLess commonly used RRs:\n\nAAAA – IPv6 A record\n\nISDN – maps DNS name to ISDN phone number\n\nKEY – stores public key used for encryption in particular domain\n\nRP – specifies responsible person for domain\n\nWKS – designates a particular Well-Known Service\n\nMB – indicates host which contains a specific mailbox

AD DS: Tombstone Lifetime

What is it?\n\nThombstone interval is a preconfigured period for AD objects since their last validation of being active. Default value in Windows Server 2008 R2 – 60 days.\n\nFull list of default values:\n\nWindows Version Default TSL\n—————————————-\nWindows Server 2000 – 60 days\nWindows Server 2003 – 60 days\nWindows Server 2003 SP1 – 180 days\nWindows Server 2003 R2 – 60 days\nWindows Server 2003 R2 SP2 – 180 days\nWindows Server 2008 – 180 days\nWindows Server 2008 R2 – 180 days\nWindows Server 2012 – 180 days\nWindows Server 2012 R2 – 180 days (not confirmed)\n\n(thanks for this data goes to Mathias R. Jessen, see his answer to this question on\n\nHow to check current setting?\n\nYou can do it with dsquery command:\n\ndsquery * "cn=directory service,cn=windows nt,cn=services,cn=configuration,dc=" –scope base –attr tombstonelifetime\n\nHow to change?\n\nUse ADSI edit and change tombstoneLifetime value of Directory Service object. Directory Service object reside in configuration partition of AD forest (CN=Configuration,CN=Directory Service, CN=Windows NT, CN=Services, CN=Configuration, DC=domain, DC=com).\n\nWhy shoud I care?\n\nThis interval is used to prevent introduction of lingering objects into your AD DS when you perfroming restore. If you need to restore global catalog then time of your backup should not exceed tombstone interval for successful restore. So if you need to do a restore of AD objects older than 60 days, you should change your tombstone interval setting accordingly.

Windows Server Backup 2008 vs 2008 R2

Just a quick note on differences / improvements in Windows Server Backup in Windows Server 2008 R2. Following are new in R2:

– Ability to back up/exclude individual files and to include/exclude file types and paths from a volume (instead of just full volumes before).

– Improved performance and use of incremental backups

You can now store backups created using a scheduled backup on a remote shared folder or volume. If you store backups on a remote shared folder, only one version of your backup will be maintained. You can also store backups on virtual hard disks.

– Improved options and performance for system state backups and recoveries. Server Backup MMC can be used to perform system state recoveries. Single backup can be used both for system state & data.

– Expanded CLI (wbadmin command) & PowerShell support.

Related TN article: What’s New in Windows Server Backup

How to remove unused software from user machines with SCCM 2012

The other day I came across a question on which was about possibilty to “Automatically uninstall unused applications in SCCM 2012”, which in turn lead me to nice series of blog posts which describe how to accomplish uninstall of unused applications based on SCCM software metering data with use of Orchestrator Runbooks and allowing users opt out from uninstall process. While this is perfectly suitable blueprint which may be adopted as is it may also give you an idea on other ways to acomplish uninstallation of unused apps in your environment.

\nLinks to blogposts:\n\n1) Software Metering Deep Dive and Automation Part 1: Use It Or Lose It – The Basics\n\n2) Software Metering Deep Dive and Automation Part 2: Use It Or Lose It – The Collections\n\n3) Software Metering Deep Dive and Automation Part 3: Use It Or Lose It – The Orchestrator Runbook Automation

And you may also want to download System Center 2012 – Configuration Manager Component Add-ons and Extensions which apart many other useful things contains  runmetersumm.exe utility which can be executed on the SQL instance hosting the Configuration Manager database to trigger the summarization process for software metering data.