Wednesday, 29 May 2013

System Center 2012 Self-Study Guide


Top-level link for System Center 2012 is: http://www.microsoft.com/systemcenter

System Center 2012

In this section are study material related to System Center 2012 in general.  The data here represents the study material that does not fit neatly into one of the specific component categories.  Further sections will deal with the specialty components that make up System Center 2012

Microsoft Virtual Academy (free online courses and knowledge measures)





o  Introduction to Systems Management & Service Delivery (video)

o  Systems Management Cheatsheet (PDF)

o  Value and Types of Service Management (video)

o  Policies & Processes, Scale & and Automation (video)

o  Metrics, Billing, Self Service (video)

o  Exam: Introduction to Systems Management & Service Delivery

Training Videos and Webcasts




·    Private Cloud Demo Extravaganza


















Podcasts




Virtual Labs

These are online simulations that allow users to experience System Center technology first-hand.

·    Guided Labs

o  Provide Resources through Self-Service Requests

o  Drive Consistent Service Delivery

o  Provision Additional Cloud Infrastructure

o  Delegate Cloud Resources

o  Create Consistency through Service Templates

o  Perform a Standardized Application Deployment to Test

o  Stage Application Resources

o  Self-Service Deployment of an Application to a Production Environment

o  Gain Insight and Visibility Through Reporting

o  Monitor Infrastructure

o  Taking Corrective Actions in the Infrastructure

o  reduce Time to Resolution with Application Performance Monitoring

o  Deploy and Update to a Service Instance

o  Explore Creating Dashboards

 Articles/Documentation

In this section are articles relating to System Center 2012, including the top-level TechNet site for all things relating to System Center 2012.


o  App Controller

o  Configuration Manager

o  Data Protection Manager

o  Endpoint Protection

o  Operations Manager

o  Orchestrator

o  Service Manager

o  Unified Installer

o  Virtual Machine Manager

Useful Blogs

In this section are articles and guidance written by System Center 2012 technical experts.




Forums

In this section is al list of forums where System Center administrators can post comments, ask questions, and join in conversations related to System Center 2012.


Support for System Center 2012

The link below is a central page that provides a wide variety of resources and solutions to help System Center administrators resolve problems and issues.


 

 

How Microsoft does IT

I wanted to take this opportunity to share best practices and experiences from Microsoft IT that provide a unique, inside view into how Microsoft IT plans for, deploys, and manages its own enterprise solutions – from Microsoft IT professionals to IT professionals—peer to peer. 
 
Microsoft views IT as an instrumental vehicle in implementing business strategy, which is why Microsoft IT actively shares best practices from using Microsoft technologies to deliver tangible business solutions while reducing costs and increasing productivity. The challenges, solutions, and benefits Microsoft experiences by using its own products and technologies are captured in IT Showcase award-winning content.
 
Some of our latest content includes:
·        Windows Server BranchCache
·        Wireless Infrastructure
·        Consumerization of IT (Article | Quick Reference Guide)
·        Monitoring Applications via Windows Phone 7.5 Devices and the Cloud (Article | Technical Case Study)
 
Also, please feel free to peruse all content by the products and subjects outlined below:
 
 
By Product:
By Solution Area:
·         Exchange Server
·         Internet Explorer
·         Internet Protocol
·         Lync
·         Microsoft Dynamics
·         Microsoft Forefront
·         Office 365
 
Office System
·         Office Communications Server
·         SharePoint Server
·         Office
 
·         SQL Server
 
System Center
·         System Center Service Manager
·         Virtual Machine Manager
 
·         Visual Studio
 
Windows
·         Windows Azure
·         Windows Client
·         Windows Phone
·         Windows Server
 
Other Resources
·        Subscribe to Our Content - Subscribe to one or more of our new RSS feeds, and be notified when new Microsoft IT content publishes for the topics you care about most.
·        Microsoft IT—Committed to the Cloud - Microsoft IT shares its experiences and benefits from its internal deployments of Microsoft cloud services.
·        Advance your career with FREE training! - The Microsoft Virtual Academy helps you to improve your IT skill set and advance your career with a free, easy to access training portal that allows you to learn at your own pace, focusing on Microsoft technologies.
E-book gallery for Microsoft Technologies... which is free download:

http://social.technet.microsoft.com/wiki/contents/articles/11608.e-book-gallery-for-microsoft-technologies.aspx

Wednesday, 17 October 2012

Migration of File Server and local group


 
I would like to share on my recent work where migrating a file server to a new hardware. Actually, it should be straight forward migration, however, the folder permission was configured with local group (not domain group), thus this make the permission invalid when migrated to the new server, due to the local group SID (Security Identifier). You can find more info of SID at http://en.wikipedia.org/wiki/Security_Identifier

OK, now let go into the topic, there are several handy tools that required for this migration:

1.       Addusers.exe (from Windows 2000 resource kit – Attached in this blog also)

2.       SubinACL (http://www.microsoft.com/en-us/download/details.aspx?id=23510)

3.       Getsid.exe (from Windows 2000 resource kit – Attached in this blog also)

4.       Robocopy (should be come with current OS – eg: Windows 2008)

5.       Beyond Compare 3 (optional – this will be use for folder comparison only)

Let run thru overview of those tools:
1.       Addusers.exe
a.       This will be use to export the local group info and then import the group info into the new server.

2.       SubinACL
a.       We need this primarily to replace the existing group SID with new SID on the new server.
b.      This also comes handy when we need to fix some access denied issue when we want to copy file/folder into new server.

3.       Getsid.exe
a.        This is to dump the local group SID on existing server and new server. Then we will use SubinACL to do the SID replacement.

4.       Robocopy
a.       Use to copy files/folders together with NTFS permission.

5.       Beyond Compare 3
a.       This is an optional item, where I use it to do folder comparison after copying using robocopy. You can use other alternative tools as well that perform the same job, which is comparing folder between existing server and new server.

Basically, I divided into several part’s:


Part 1:  Let “copy” the local group from existing server to new server 

ServerA = existing old server (source)
ServerB = New server (destination)

1.       1. Go to Server A, run “addusers \\ServerA /d myGroupSource.txt”
a.       It will dump all the local group/users information into a file called myGroupSource.txt

2.       2. Open and edit the myGroupSource.txt, you should able to see there is 3 section’s:
a.       [User]
b.      [Global]
c.       [Local]

3.       As we want to only copy the local group into new server, thus please remove whole section of [User] and [Global]. As per screenshot below, removed those inside the red color box.
4.        
      3. Once edited, your first line of myGroupSource.txt, should be started with “[Local]”.

5.       4. Edit the myGroupSource.txt again, this time we want to remove those built-in group. Eg: Administrators, Backup Operators, Power Users, etc. Remember each group is per line, thus remove the whole line and not just the word “administrators” :P

6.       5. Once it is tidy up, copy the myGroupSource.txt to Server B (new server) and run below command, this will import/create the local group based on the “myGroupSource.txt” info.
a.       addusers \\ServerB /c myGroupSource.txt

7.      6. Now, go to manage computer à Local users & Group, you should able to see newly created group with membership based on the “myGroupSource.txt”

Note: This only create new local group (new group SID) and it group members and will NOT migrate the users. Thus if the group members contain local User ID of server A, it will become invalid, and you should only see those SID string and not username.


Part 2:  It is time to do some massive data migration…. :P

Simple tasks for those used robocopy before, just type some switches and viola…..

1.       1. On the Server B, type below sample command
a.       robocopy \\ServerA\D$\mydata d:\mynewdata /E /ZB /COPYALL
                                                               i.      robocopy <source of the data> <destination> <Option>
                                                             ii.      For more details, you can look at robocopy /?,  in fact, you can do more advance this with those option available, eg: mirroring, monitoring, logging, etc

2.       2. If your file server is large enough (eg: TB in size), this will take some times, for me, I’ll run multiple   robocopy session against multiple different folder.

3.       3. Once copied, use the BeyondCompare tools or similar tool to do folder comparison, as we want to make sure we copied all the files/Folders.

Part 3:  Prepare the SID matching file and fix the folder/file permission.
As every user or group created in a server, it will assign a SID and it is unique on every creation and server even with the same name. Example, a local group called “FinanceDept” in Server A is NOT the same as “FinanceDept” local group created in Server B. As both groups contain different SID.

 Thus, if the file NTFS permission was granted Read permission for a Local group (eg: FinanceDept) in Server A, when you migrate the file and file permission to Server B, the permission of “FinanceDept” will become invalid. Reason being the SID of “FinanceDept” is simply not recognized by Server B.

So, as we already created the local group in Server B (as stated in Part 1), a new SID was assign to the newly created group. Thus, we need to prepare a SID matching file and use SubinACL to replace those ServerA SID with ServerB SID. So that domain user ID resides in that group will able to access to the shared folder when you migrate file server into the new server.

1.       1. First you need to create a test file where the content will list out all the group that you want to do the matching and replacement. Each line will represent each group, name the file as Localgroup.txt

2.       2. Create 3 batch files with the following content and file name:
a.       Filename: ListSID.bat
echo off
cls
if exist groupssid.txt del groupssid.txt
for /F "tokens=1" %%a in (localgroup.txt) do call listsid1.bat %%a

b.      Filename: ListSID1.bat
getsid \\ServerA %1 \\ServerB %1 >sid1.txt
for /F "skip=1 tokens=5,7" %%a in (sid1.txt) do call listsid2.bat %%a %%b
                               
Note:  \\ServerA = The source server name (existing file server)
                \\ServerB = The Destination server name (new file server)

c.       ListSID2.bat
echo %1 %2 >>groupssid.txt

3.       3. Save all the file/batch file created in part 3 stated above into a same folder as GetSID.exe

4.       4. Use command prompt, run the ListSID.bat
5.       5. Once it completed, an output file called groupSSID.txt will be created. Open the file and you will see similar content


6.       6. Now edit the content so that it is only contain SID info with this format:
a.       <ServerA Group SID>     <ServerB Group SID>

7.       7. Now the matching file is ready, assuming your file copy using robocopy is completed (must wait till it completed), next we will run SubinACL to read the matching file and do the permission (SID) replacement.

8.       8. Create 2 batch files with following:
a.       Filename: ReplaceMe.bat
for /F "tokens=1,2" %%a in (groupssid.txt) do ReplaceMe2.bat %%a %%b
b.      Filename: ReplaceMe2.bat
subinacl /subdirectories D:\SharedFolder1\*.* /replace=%1=%2

9.       9. Make sure the file above are saved in the same directories as SubinACL.exe
    
            10. At command prompt, run ReplaceMe.bat
Note: You may need to run the command prompt with Administrator Elevated privilege.

      11. Once you run the same batch file against all your folders, then you are Good to Go..! and ready to cut over the new file server as production. 



Hope above steps able to assist you on your File migration… Any suggestion or idea to do the same thing is welcome…

More Details Resources:
You cannot resolve local groups when you migrate files between member servers of different domains