Active Directory Tip: Access External

Website With The Same Domain Name As

Your Internal Domain
It is often the case that companies use their external domain (i.e. enirtia.com) for their internal
Active Directory domain, and this is completely fine, except when you want to access your
website which is hosted on an external server. Active Directory automatically sets up an internal
DNS server for use on your network, and assumes that it is the Authorative server for the domain
you used, which in our case here is example.com. When clients on your internal network ask
your Active Directory DNS server for a lookup on example.com it is going to direct them to one
of your domain controllers. If you requestwww.enirtia.com and you happen to have IIS
running on one of those domain controllers you will see whatever the default website that is
running on that server.
To get around this we need to add a redirect to your IIS server, a Host record to your internal
DNS server, and a delegation to your DNS server, all of which are simple to do. These changes
are based on the assumption that your external website is setup on external DNS servers with an
A record pointingwww.enirtia.com to the IP address of the server that is hosting your
website, and that example.com without the www is setup with a CNAME record pointing
atwww.enirtia.com. If it is setup in the opposite manner this will not work.
Host Record:
First find out what the IP address is of the external web server if you do not already know it. Go
to Start > Control Panel > Administrative Tools > DNS and locate example.com. Right-click and
choose New Host (A or AAAA). Type www into the name field, and the IP address of your
external web server into the IP Address field. Click the Add Host button to save.
IIS Redirect:
To redirect http://enirtia.com to http://www.enirtia.com we need to create a redirect in your
IIS server. Go to Start > Control Panel > Administrative Tools > Internet Information Services
and locate the Default Web Site. Right-Click on the default web site, and choose Properties. Go
to the Directory tab(Http Redirect) and setup a redirect to point towww.enirtia.com.
DNS Delegation:
To create a DNS Delegation you must know the names of external name servers servicing your
domain name. Go to Start > Control Panel > Administrative Tools > DNS and locate
example.com. Right-Click and choose New Delegation. Type www into the Delegated Domain
field, click next and provide it with external authorative name servers for your domain name.

Firewall Disable By GPO

Computer Config > Administrative Templates > Network > Network connections > Windows
Firewall > Domain Profile > Windows Firewall: Protect all network connections = Disabled

After that go to client machine;

Start > Run > CMD > Gpupdate /force

Reboot.

How to Enable/Disable Multiple RDP Sessions in Windows 2008 or 2008 R2
By default, Windows 2008/2008R2 servers allow two simultaneous Remote Desktop sessions. You may
choose to disable multiple RDP sessions if desired. If only one session is available and you take over
another person's live session, you may choose to enable multiple RDP sessions. This article describes
the process for disabling and enabling multiple sessions.

Disable Multiple RDP Sessions
1. Log into the server using Remote Desktop.
o In Windows 2008 R2
Click Start > Administrative Tools > Remote Desktop Services > Remote
Desktop Session Host Configuration.
o In Windows 2008
Click Start > Administrative Tools > Terminal Services >Terminal Services
Configuration.
2. Double click Restrict Each User to a Single Session.
3. Check Restrict each user to a single session.
Enable Multiple RDP Sessions
1. Log into the server using Remote Desktop.
o In Windows 2008 R2
Click Start > Administrative Tools > Remote Desktop Services > Remote
Desktop Session Host Configuration.
o In Windows 2008
Click Start > Administrative Tools > Terminal Services >Terminal Services
Configuration.
2. Double click Restrict Each User to a Single Session.
3. Uncheck Restrict each user to a single session.
4. Click OK.

Add a User Profile Picture in Active Directory
Good day.
Sometime you need to add a picture for your users accounts in active directory, like this

by the way, this is not me :)

Today I will talk about how to do this step by step.
First, What you need to have this:
1. First to have full control on AD users account, I will tell you which value we will modify
later.
2. You will need to download a DLL file ADExt.dll download Here (Mirror Here).
3. To be an administrator on the server
So let start.
After you download the DLL you will need to install it using the InstallUtil.exe which located :

For 32 bit OS:
%WinDir%\Microsoft.NET\Framework\v2.0.50727>
For 64 Bit OS:
%WinDir%\Microsoft.NET\Framework64\v2.0.50727>
I had the ADExt.dll placed on the root of my C Drive so I write
InstallUtil.exe c:\AdExt.dll
The output will be like this picture

Make sure that the result are success, if you get an Access Denied, simply run right click on
CMD and select Run as Administrator

We are finished, was it hard :)
Open your active directory and you will find new tab named "Photo", there you can
add/update/remove the user picture.
The recommended picture setting should be 10K or less with size 96x96, but using this dll you
can add what you want, the dll will manage the size and the view.
But just remember that bigger picture = slower respone
Also think of having hundred of pictures for hundred of employees, these picture (data) will also
be replicated.
When adding a picture you are actually adding the value to the following attribs: jpegPhoto for
the picture and thumbnailPhoto, this is the default location for users picture and what the DLL
do is simply read and render this picture, as the picture is stored in hex value.

you can change the value format to binary/octal/decimal

You can also use Powershell to update the picture value
Set-ADUser Mary-Replace @{jpegPhoto=([byte[]](Get-Content "C:\pic.jpg" -
Encoding byte))}

Uninstall:
You can uninstall the DLL using the following command
InstallUtil.exe /u c:\AdExt.dll


RAID stands for Redundant Array of Inexpensive (Independent) Disks.
On most situations you will be using one of the following four levels of RAIDs.
RAID 0
RAID 1
RAID 5
RAID 10 (also known as RAID 1+0)
This article explains the main difference between these raid levels along with an easy to
understand diagram.

In all the diagrams mentioned below:
A, B, C, D, E and F represents blocks
p1, p2, and p3 represents parity
RAID LEVEL 0

Following are the key points to remember for RAID level 0.
Minimum 2 disks.
Excellent performance ( as blocks are striped ).
No redundancy ( no mirror, no parity ).
Dont use this for any critical system.
RAID LEVEL 1
Following
are the key points to remember for RAID level 1.
Minimum 2 disks.
Good performance ( no striping. no parity ).
Excellent redundancy ( as blocks are mirrored ).
RAID LEVEL 5

Following are the key points to remember for RAID level 5.
Minimum 3 disks.
Good performance ( as blocks are striped ).
Good redundancy ( distributed parity ).
Best cost effective option providing both performance and redundancy. Use this for DB that is heavily
read oriented. Write operations will be slow.
Minimum 4 disks.
This is also called as stripe of mirrors
Excellent redundancy ( as blocks are mirrored )
Excellent performance ( as blocks are striped )
If you can afford the dollar, this is the BEST option for any mission critical
applications

Disable WIFI PWD
I have clients that have laptop users and the laptop users need local administrator rights on their
computers. I found out that restricting access to the Network and Sharing Center did not prevent the
ability to view and see the properties (including the wireless keys) for local administrators. I was still
able to view these properties through a shortcut to Manage Wireless Networks and/or by right clicking
on a WLAN adapter, then Status, then Wireless Properties. Therefore, I set out to find a different
method to prevent access to this information using a Software Restriction Policies GPO. The method
that I have used below is drastic as it prevents access to be able to edit WLAN profiles. Users can still
connect to a wireless network they simply cannot edit any of the properties. Heres how

1. Create a new GPO and link it to the OU where you want the policy applied.

2. Edit the new GPO and navigate to User Configuration\Policies\Windows Settings\Security
Settings\Software Restriction Policies.

3. In the Object Type pane, double click on Enforcement and change the Apply Software Restriction
Policies to the following: and check All Software Files which will include DLL files.

4. Next go to the Additional Rules node, right click on the blank area and add a new path rule.

5. In the Path field type C:\Windows\System32\wlanui.dll and select the security level as Disallowed.
wlanui.dll is the Wireless Lan User Interface GUI.

6. Go to Computer Configuration\Policies\Administrative Templates\System\Group Policy and set the
User Group Policy loopback processing mode to Enabled and select Replace which will override any
other policies this software policy will take precedence.
Hopefully others will be able to use this method.

Disable Firewall on users using group policy
in server 2008
Computer Config > Administrative Templates > Network > Network connections > Windows Firewall >
Domain Profile > Windows Firewall: Protect all network connections = Disabled

After that go to client machine;

Start > Run > CMD > Gpupdate /force
RAID LEVEL 10
Following are the key points to remember for RAID level 10.
Flexibility Schema Operations Master (FSMO) Roles in 2008 Server
As we are all aware that certain tasks needs to be performed by single one, so as far AD 2008
goes some tasks are performed by single domain controller and they jointly called as FSMO
roles.
There are five roles:
They are further classified in two
1. Forest Roles
Schema Master - As name suggests, the changes that are made while creation of any object in
AD or changes in attributes will be made by single domain controller and then it will be
replicated to another domain controllers that are present in your environment. There is no