INSTALL AD MODULE IN WINDOWS SERVER 2008

There is no ActiveDirectory Module available on the Windows Server 2008 Domain Controller, you need to install the Active Directory Management Gateway Service/Active Directory Web Service on the Windows Server 2008 or Windows Server 2008 SP2.  .Net Framework 3.5 SP1 and 2 Hotfix may required if you get the alert "The update does not apply to your system".  
And then, on the Windows 7 client (Domain Computer with Domain Admin Right) you need to install the RSAT and use the following power shell command (case sensitive) to import the Active Directory module:

Import-module ActiveDirectory 

You may download the Active Directory Management Gateway Service/Active Directory Web Service from URL as below:

https://www.microsoft.com/en-us/download/details.aspx?id=2852

You may download the RSAT for Windows 7 from URL as below:

https://www.microsoft.com/en-us/download/details.aspx?id=7887 

2 Hotfix may required as URL below:
https://support.microsoft.com/en-us/kb/969166
https://support.microsoft.com/en-us/kb/967574 

Or you may download the Hotfix KB 969166 from my source, this file I got it from PSS.  Because on the KB 969166 article page not provide the link/source to download.
https://drive.google.com/drive/folders/0B4E0ILJDNhMSdmxodEt3TWZCdlk?usp=sharing    

UPDATE STATISTIC AT SQL SERVER

Example steps to perform Update Statistic as below;

1. Open new query on the SSMS (SQL Server Management Studio).
2. Write it the query as below

use <Database_Name>
Exec sp_updatestats

3. Select the query and click the button query.

use <Database_Name>
Exec sp_updatestats

4. On the result pane, you should see the result as below, and the status query is executed successfully.

Updating [sys].[queue_messages_1977058079]
[queue_clustered_index], update is not necessary...
{queue_secondary_index], update is not necessary...
0 index(es)/statistic(s) have been updated, 2 did not require update.

5. Done.

ACTIVE DIRECTORY HEALTH CHECK SCRIPT

Hi, I just want to share a script for AD health check. Usually I run this script to gather the information on each domain controller, and from the data outcome, I will identify and create a health check document. 

Below is the scripts that I use it and I hope everyone can use it also.  InsyaAllah.. You may copy it and paste to the notepad, save it as a batch file (*.bat). If you run it on the domain controller, it will create a folder at path C:\%computername% and all the output data will stored in this folder.

"md c:\%computername%
cd c:\%computername%
whoami >loginacc.txt
systeminfo >sysinfo.txt
netdom query fsmo >fsmo.txt
repadmin /replsum >replsum.txt
repadmin /showrepl >showrepl.txt
repadmin /showreps >showreps.txt
repadmin /queue >queue.txt
dcdiag /v >dcdiagv.txt
dcdiag /test:dns >dnstest.txt
ipconfig /all >ipconfig.txt
net share >netshare.txt
w32tm /query /source >w32tm.txt
end"

You may download the batch file from this URL https://drive.google.com/file/d/0B4E0ILJDNhMSZHdycE03aXBaWkk/view?usp=sharing 

TROUBLESHOOT ACCOUNT LOCKED OUT ON ACTIVE DIRECTORY

1. If the user accessing email (MS Exchange) using smart phone/ipad, please make sure user configure using the right username & password. 
2. Services - verify and check if this user has registered her account on the services.
3. Clear save password - In Windows Vista, 7 and 8 you can check your WINDOWS VAULT (similar to the Mac Keychain) using the CREDENTIAL MANAGER which can be found in the Control Panel.
4. Clear virus – Conficker, Downadup and others will try to make network connections over and over again and will lock your account.  You can try a free safety scan on this URL  https://www.microsoft.com/en-us/security/pc-security/malware-removal.aspx.

For further troubleshooting we can use Account Locked Out tools and refer to the article below:
https://www.microsoft.com/en-us/download/details.aspx?id=15201
http://social.technet.microsoft.com/wiki/contents/articles/4585.account-locked-out-troubleshooting-eventcombmt.aspx
http://social.technet.microsoft.com/wiki/contents/articles/15997.using-url-rewrite-to-block-certain-clients-from-exchange.aspx

Exchange Active Sync Related
http://blogs.technet.com/b/messaging_with_communications/archive/2012/06/26/activesync-disabled-accounts-and-devices-continuing-to-sync.aspx
http://blogs.technet.com/b/messaging_with_communications/archive/2012/06/27/part-ii-outlook-amp-owa-disabled-accounts-and-users-still-being-able-to-access.aspx

FORCE MOVE ACTIVE MAILBOX WHEN THE ACTIVE MAILBOX FAILED

We found this problem happen on the Microsoft Exchange 2010 Mailbox server. Suddenly, one of the member of DAG (Exch01 server) with Active mailbox is down, because the storage issue. So the user request to move the Active mailboxes to another DAG member (Exch02 server), based on checking before the problem happen the replication status is healthy. So we decided to move active mailboxes by using the command as below;

move-activemailboxdatabase -identity  mailbox_db1  -activateonserver Exch02 -mountdialoverride:none -skip activationchecks -skiplagchecks -skipclientExperiencechecks

FAILED TO MOUNT DATABASE ON EXCHANGE 2010

We found a problem to mount the mailbox database on Exchange 2010 server, below is the error details & screen capture. 

An Active Manager operation failed. Error An Active Manager operation encounter an error.  To perform this operation, the server must be a member of a database availability group and the database availability group must have quorum.  Error: Automount consensus not reached.

Based on my troubleshooting, the issue resolved after we start the DAG with ExchangeShell command as below;

Start-DatabaseAvailabilityGroup -Identity "DAG_Name" -MailboxServer "MBX_name"

To identify the DAG name you may run this command on exchange shell
 
Get-DatabaseAvailabilityGroup

UNABLE TO REMOVE LAST MAILBOX IN EXCHANGE 2010

We are planning to remove our Microsoft Exchange 2010, mailbox server. During the installation process, we get the error below:

Error:
This mailbox database contains one or more mailboxes, mailbox plans, archive mailboxes, or arbitration mailboxes. To get a list of all mailboxes in this database, run the command Get-Mailbox -Database <Database ID>. To get a list of all mailbox plans in this database, run the command Get-MailboxPlan. To get a list of archive mailboxes in this database, run the command Get-Mailbox -Database <Database ID> -Archive. To get a list of all arbitration mailboxes in this database, run the command Get-Mailbox -Database <Database ID> -Arbitration. To disable a non-arbitration mailbox so that you can delete the mailbox database, run the command Disable-Mailbox <Mailbox ID>. To disable an archive mailbox so you can delete the mailbox database, run the command Disable-Mailbox <Mailbox ID> -Archive. Arbitration mailboxes should be moved to another server; to do this, run the command New-MoveRequest <parameters>. If this is the last server in the organization, run the command Disable-Mailbox <Mailbox ID> -Arbitration -DisableLastArbitrationMailboxAllowed to disable the arbitration mailbox. Mailbox plans should be moved to another server; to do this, run the command Set-MailboxPlan <MailboxPlan ID> -Database <Database ID>.

Based on our experience during removing/clean up all the mailbox users and this is the last database that we unable to remove, so it's may because of the mailbox arbitration. To verify, just run the command as below:

Get-Mailbox -Arbitration -Database <databasename>

 

After verified, run the command to disable last arbitration mailbox, as below:

Get-Mailbox -Arbitration | Disable-Mailbox -Arbitration -DisableLastArbitrationMailboxAllowed



To confirm choose A to Yes to all.  After that we can manually remove the last mailbox and uninstall the mailbox server.