Looking at MDT 2010 beta

 

While testing the betas of Windows 7 and Windows Server 2008 R2 these days like many others Ive also had a look at the beta of the next version of Microsoft Deployment Toolkit.
I installed it on the Windows Server 2008 R2 server and deployed Windows 7 on a virtual machine. Haven
t noticed any bugs so far.
It doesnt seem to be that many noticeable changes from the current 2008-version of the MDT. The GUI looks exactly the same, but there are some new features of course.

The list below is copied from the “Whats New In MDT 2010 Guide” on the Microsoft Connect website for MDT 2010 beta.

 

The MDT 2010 Beta 1 release includes the following new features:

· Support for Windows 7 Beta. Deploy Windows 7 Beta by using MDT 2010 Beta 1.

· Support for Windows Server 2008 R2 Beta. Deploy Windows Server 2008 R2 Beta by using MDT 2010 Beta 1.

· Support for Windows Automated Installation Kit (Windows AIK) version 2.0. Deployment of Windows 7 Beta and Windows Server 2008 R2 Beta by using MDT 2010 Beta 1 requires the use of Windows AIK version 2.0.

· Support for Windows User State Migration Toolkit (USMT) version 4.0. USMT 4.0 is required to support Windows 7 Beta deployments. Specifically, the following new features of USMT 4.0 are supported in LTI-based deployments:

· Support for USMT 4.0 hardlink migration. USMT 4.0 includes a new method of saving user state called hardlink migration. Hardlink migration creates a snapshot of current user data files before reinstallation, which keeps data in the same location on the disk while upgrading the system and rebuilds the links after Windows 7 Beta is installed. Hardlink migration dramatically reduces the time required to migrate user state, because the data is never moved, which is faster than copying the user data to another disk.

· Support for USMT 4.0 shadow copy. USMT 4.0 supports the ability to archive files that are in use by using the shadow copy feature in Windows 7 Beta and Windows Server 2008 R2 Beta.

· Support for the Deployment Image Servicing and Management (DISM) tool. The new DISM tool (Dism.exe) allows for servicing offline images, mounting and unmounting Windows Imaging format (WIM) files, and customizing Windows Preinstallation Environment (Windows PE) boot images. The DISM tool replaces many of the tools in previous versions of the Windows AIK, including Package Manager (Pkgmgr.exe), the International Settings Configuration Tool (Intlcfg.exe), and the Windows PE command-line tool (PEimg.exe).

· Support for Windows PE version 3.0. Windows PE 3.0 is included as a part of the Windows AIK version 2.0 and is required to deploy Windows 7 Beta and Windows Server 2008 R2 Beta by using MDT 2010 Beta 1.

· Support for the Boot Configuration Data (BCD) management tool. MDT 2010 Beta 1 uses the new BCDEdit command-line tool to manage BCD files. MDT 2008 Update 1 used the BitLocker™ Drive Preparation Tool (BdeHdCfg.exe) to manage boot configuration.

· Support for Windows 7 Beta default disk partition configuration. In MDT 2010 Beta 1, the disk partition configuration for Windows 7 Beta will be similar to the Windows BitLocker Drive Encryption disk configuration, where the operating system is installed on Disk 0, Partition 2, and the system partition is on Disk 0, Partition 1.

 

 

The new DISM tool which replaces ImageX and Peimg from the previous versions of Windows AIK seems to be really powerful. There isnt any official documentation yet, but I found this forum post which got some useful information.

It doesnt seem like MDT 2010 will contain any PowerShell features (snapins, modules or cmdlets) for administration or operations, so I guess this will come in the next version.

Upgrading from MDT 2008 to MDT 2010 is pretty straightforward, so if your using MDT today you will be well prepared for Windows 7 when MDT 2010 is released.

Exchange 2007 e-mail address policy error

Today I was creating a new e-mail address policy on an Exchange 2007 server, and got this message when applying the new policy:

 

Warning:
Failed to update recipient "domain.local/Department/User 1". The following exception occurred: Exchange Server 2007 server.domain.local returned an error -2147023653 from the Address List Service..

Warning:
Failed to update recipient "domain.local/Department/Distribution List 1". The following exception occurred: A proxy generator DLL on server server.domain.local could not be found or failed to initialize.  Proxy addresses for the current recipient cannot be calculated.  Please ensure that all the proxy address generator DLLs have been installed on the target server..

Warning:
Failed to update recipient "domain.local/Department/User 3". The following exception occurred: Exchange Server 2007 server.domain.local returned an error -2147023653 from the Address List Service..

Warning:
Failed to update recipient "domain.local/Department/User 4". The following exception occurred: Exchange Server 2007 server.domain.local returned an error -2147023653 from the Address List Service..

 

I didn`t find any resolution when Googling for the error number.
I then tried changing the policy from a custom format to a standard format like %g.%s@domain.com, and then the policy applied successfully.

When reading things like “proxy genererator DLL” I started to fear that something was wrong with missing files on the server, so I do think that this error message could have been more decriptive like “Wrong syntax in policy” or something similar.

That being said, Exchange 2007 is a great product!

Tips when scripting users in SBS 2008

If youre like me you like to automate repetitive tasks. Today I was setting up a Windows Small Business Server 2008, and got an Excel spreadsheet with the users to be created.
I customized the spreadsheet and saved it as a csv-file. This is the headers I used in the csv-file:

givenname,middlename,sn,displayname,name,telephonenumber,samaccountname,userprincipalname,company,parentcontainer

I then installed Quests PowerShell AD Cmdlets to use when creating the user accounts. PowerShell was already installed since Exchange 2007 are installed on SBS 2008.

This the PowerShell code i used:

  1. import-csv "C:tempusers.csv" |   
  2. foreach-object { $username = $_.samaccountname;New-QADUser -FirstName $_.givenname -LastName $_.sn -ParentContainer $_.ParentContainer -SamAccountName $_.samaccountname -Name $_.name -displayname $_.displayname -userprincipalname $_.userprincipalname -Company $_.company -Department $_.department -PhoneNumber $_.telephonenumber | Set-QADUser -UserPassword Password1 -ObjectAttributes @{homeDrive= ‘F:’ ;homeDirectory= "\domain.localDataUsers$username" ;scriptPath=‘netlogon.bat’}|Enable-QADUser} 

SBS 2008 arent actually meant for using other tools than the SBS Console, i.e. users should not be created using “Active Directory Users and Computers”. Instead there is a wizard for creating users in the SBS Console. When using this several things happens in the background, like creating home folders, mailboxes, permissions, group membership, and so on…

Also users which are not created using the SBS Console wizard does not show up in the user list in the SBS Console. I knew there is a attribute on the AD objects which the wizard stamps so they are shown in the SBS Console, but I couldnt remember the name of the attribute. So I asked my very good friend Mr Google, and he gave me a link to a post on the SBS Blog. There I found the name of the attribute which is “msSBSCreationState”, and was planning to script the value of this attribute to the users Ive just scripted.
Then I read this part of the blogpost:

“If you have users that do not show in the SBS Console, you can get them to show by using the Change user role for user accounts wizard. It is important to notice that this wizard does much more than correctly “stamping” the user’s msSBSCreationState attribute. Using this wizard is only a work around to get the users to show in the SBS Console that were not created using the SBS provided tools. As shown above, the only recommended way adding new users are using the Add a new user account or Add multiple user accounts wizard.”

Then I ran the “Change user role for accounts wizard” to set the account type to “Standard user” for all the scripted user accounts, and afterwards the “magic” of permissions, group membership, mailbox creation and so on were applied. So the tips when scripting user accounts in SBS 2008 is to run this wizard afterwards.

If anyone got any reasons not to create users this way in SBS, please let me know.

You might wonder if there was so many users to be created on a SBS-server which is too much to be done manually, the number was 40 and Im just too lazy to do that manually :)