Technically Speaking

Using the command line to manage things in Active Directory is just one of several options available. Using Active Directory Users and Computers, Using VB Script, and using DS Commands and the command shell. All of these can be of use to get and modify information about Active Directory Objects, making management of these objects easier to handle.

While looking around the Internet at commands and utilites to cover here I decided to look into something from the command line that will display a list of inactive user accounts.

Why should inactive accounts matter?

Paying attention to inactive accounts can help administrators track accounts that need to be deleted or located accounts that have been deactivated and need to be reactivated.

For example, Steve from Research and Development goes on a six week sabbatical in Africa, his account is disabled while he is away to prevent the security risks of leaving the account active where a compromised password could cause problems. When he returns, his account can be reactivated which will allow him to log on and access all the same resources as before he left.

Note: Deleting the user account will remove the SID for the account which removes all of the group and security properties for the account. Recreating the account with the same name and other common items will not help as the SID will be different.

The command line entries for finding inactive accounts is

dsquery <objecttype> -inactive n

The syntax for dsquery specifies an object type (user, computer, OU, etc) and a parameter, in this case inactive, and then the length of time which the object has been inactive.

To work with the above example for inactive users you would enter dsquery user -inactive 3

This will look for all of the user accounts in the environment that have been inactive for 3 weeks. The dsquery can look in multiple Organizational Units (OUs) throughout the directory.

For more information

There are many uses for the DS Command set, however the listing of inactive accounts can help an administrator determine quickly how many accounts with an inactive status exist anywhere in the environment. A single command line seems to be a very efficient way to retrieve this information.

While this command may not be the most advanced thing in the world for working with Active Directory it is a place to start. More info about the DSQuery command can be found here.

Recently, Microsoft began moving support documents to a couple of new locations. The change is to help organize content in a more user friendly way and help them be found more easily by those needing support.

The documents affected are the Knowledge base (or KB articles) that are usually located at support.microsoft.com. The reorganization of kb documents will move the content for developers and IT Professionals to two new locations:

MSDN

Developer related content will be moved to MSDN to allow those looking for programming support or help in development. The content can be found at msdn.microsoft.com/kb. Specific articles found here can be accessed by entering the article id on the end of the above URL (/<article #>).

TechNet

Content for IT Professionals needing support with the use of existing products like Office or Active Directory will be migrated over to TechNet. The content can be found at technet.microsoft.com/kb. Specific articles found here can be accessed by entering the article id on the end of the above URL (/<article #>).

How does that help me?

Being an IT manager is a rough task at times, and knowing about the migration to TechNet for support documents will help in many ways. The integration with TechNet can further make the site a one stop shop for everything IT Pros are looking for.

Progress

According to a blog at Microsoft, the process of migration began this week. The test program will look at a subset of the massive quantity of articles to ensure that search engines are finding the content in its new location. Once all is well there, the entire batch of content will be moved.

So far I like this idea alot. The landing page for the TechNet side of things is quite pleasing.

The new support landing page at TechNet

The new site for support (at least on the IT Pro side) is very well organized and lays out a number of useful options right up front. I look forward to using the site for support and see this as the right move.

I also tried a search for Windows XP from the new search page and the results presented were in a very useful format as well.

A search for "Windows XP" using new support site

I also like the fact that from these pages I can get to other services offered at TechNet. This transition brings all of these resources together for specific groups, keeping them on the site longer.

Surely the habit of visiting support.microsoft.com will die hard. The site has been the place to get support documents for quite a while and will continue to get traffic as I for one will forget about the move when in a hurry.

Do you feel this is a good change for Microsoft to be making or are other things more important to you? Let me know in the comments.

Doing support may or may not fall within your scope of duties day to day as an IT Manager, however you are likely responsible for the help desk and its proper opperation and assistance to users. Making sure the help desk is doing its best to get the users what they need is something that is worth monitoring very closely.

Many times the help needed by the users isnt something that an automated alert can tell you, only when the ticket, or email, or phone call comes in are you alerted to the need for help. It is these cases in particular that I am focussing on here.

How are your staff members handling help desk cases?

In the very least an expected response time with notes or contact with the user should be a habit to make sure the user has not been forgotten. Being in a single person shop, I have forgotten to follow up with someone about an issue they were seeing, and it isnt a good feeling when the need to be constantly reminded (in person or by automated email) continues to occur.

Being responsive to the needs of your team and the users they support will end up in your realm of responsibility at some point and some of the things you are presented with will need to be farmed out to others, but some will be yours and yours alone. User support is definately one of these things and being as proactive and helpful to all who approach you will do wonders for both yourself and your department in the eyes of the organization and most importantly, its users.

When asked for help about…

It is likely that help requests at some point will be insane. Every five minutes there will be something coming to the help desk. When this happens, ensure that your help desk staff has the tools they need to understand the problem: Listening skills and the ability to take notes.

Usually when someone asks for help, they do it as quickly as they can. Not sure why this seems to be a habit, but it sure seems that way to me. When the question is being asked, is most certainly not the time to fill in the blanks as to what the problem might be.

Remember in the movie office space when Tom Smykowski is rambling on about the perfect idea for a jump to conclusions mat:

“It was a “Jump to Conclusions” mat. You see, it would be this mat that you would put on the floor… and would have different CONCLUSIONS written on it that you could JUMP TO.”

While very funny in the movie, this should be the last thing that happens when someone asks the help desk for assistance. Doing this will likely become very off putting to the people in your organization.

Be careful to remind your staff, and sometimes even yourself, that the need to listen is high and the only way the user will get the best support around is if they are heard and understood before troubleshooting begins.

But sometimes it just happens

Filling in the blanks when being asked a question happens. I have done it and once I realized I had done it I felt rather bad. It is important to listen actively to what you are being asked and to take notes as needed. Taking notes will help get all the details fleshed out up front and allow you to get to the bottom of the issue rather than constantly asking questions about the details of the user.

A good way to instill this habit, or at least get started, is to take notes and actively listen every chance you get. This is especially true when talking to your staff. Leading by example here can be a great help and motivator for those working with you.

Microsoft releases a ton of information every day. Surely as an IT Manager or someone working in IT, this comes as no surprise. In recent days I have been looking through the volume of information I get in the form of newsletters, RSS feeds, general emails, and the occasional postal mail and was quite amazed at all of this information. This got me thinking about the notifications they send out for application updates or knowledgebase bulletins. Now that Patch Tuesday is here and we receive updates monthly rather than all the time, things are somewhat easier to manage, but what about the notifications?

What is the best way to get notified of an update to a bulletin or KB article? Please post your preferred method in the comments, it would be interesting to see what is being used.

When it comes to notifications I have looked to a third party service, www.kbalertz.com to send an email whenever a kb document changes. This way it is a digest of things that were updated with the last scan.

How does Kbalertz work?

When you sign up for the site, it will alert you whenever a Microsoft KB article (in one of the categories you choose) is updated. The site scans for new updates every night and sends out alerts the following day.
That is pretty much it. The sign up is simple, enter your email address and a password, then select your mail preferences (text only or HTML) and choose the categories you want to know about. Click Done and you are all set.

If your preferences for KB articles change, simply visit the site, login, and change the products you wish to be notified about.

Hopefully KB Alertz will help you get a handle on some of the massive amounts of information that Microsoft sends out.

Many companies today have policies in place to aid management and human resources in the coverage of the corporate behind when it comes to employee privacy. Typically when these policies are produced they remined employees of the following items:

1. Data created on computer systems owned by Company X is the property of Company X
2. Use of computer systems owned by Company X for non-work related tasks is not allowed without supervisor approval
3. Email messages sent using the Information systems of Company X can be retrieved and reviewed as deemed appropriate by Company X.

Things like this exist to ensure the employees of an organization are performing the tasks they are being paid to perform and to keep unrelated Internet and resource use to a minimum. Also, the above list is purely a sampling of items that might appear, I am sure many organizations have lists far bigger than this.

Why are you discussing privacy policy? There is a manual for policy.

When dealing with co-workers within your organization they will expect all kinds of things and probably ask for things that are not supported. This is their right and to be perfectly honest, their role. It keeps IT staffs and managers on their toes.

The written policy that protects the organization is also in place to help the user. The points in a written policy are there to answer questions about what is, and what is not acceptable. Being considerate of the privacy of others is something everyone around you will appreciate, even if they do not notice.

Unless required.

Sometimes an employee will do things that violate some policy or rule. If these involve a computer, the IT Manager and staff will be called upon to assist in finding data that violated the rules and determining all kinds of things. This is something that should fall upon the IT Manager. Take responsibility for finding these things out. Work with your staff to ensure this process goes smoothly, but keep in mind that the IT staff should not dig through all of the files and emails of other workers.

Unless given a reason to look there should be no reason.

Just a reinforcement

The purpose of this post was to reinforce the idea that we as IT staff and Managers should give the users, who are our co-workers the benefit of the doubt. Yes there will be times when upper management or an employees supervisor asks for information, and within reason it should be provided. Care should also be taken when the employee comes to you and asks

“Hey can you get back an email I lost from last week?”

This should be perfectly ok, to look for the missing email. Ask the employee about the email, sent date, received date, etc. Keep in mind that this is not a green light to read all of the email messages the user has ever sent without cause.

Your co-workers will appreciate it if you can give them as much privacy as possible and the benefit of the doubt most of the time.

Keeping your organizations IT operations moving with little interruption is the ultimate goal of the IT department and the responsibility of the IT manager. Here I am going to review an application that I found a few years back which helps ensure that my environment stays working.

 Loading ...

The application is IP Sentry by RGE software. IPSentry monitors computer systems and will send an alert to notify the necessary parties that one of the monitored systems is unavailable or not working as desired. I have found that it works quite better to know when a server or service is unavailable before others in the company call or stop by to alert you.

Note: Alerts are sent via email. Additional steps (covered later in this post) will be required to ensure even your email server can be monitored.

IP sentry can watch computer systems for the following events:

• Availability
• Service Availability
• Room temperature (with the use of external temp probes)

Once the event is chosen, the alert method will need to be configured. Alerts can be of the following types:

• Audible – if the server running IP Sentry has speakers, an sound can be played when a condition triggers the alert.
• Visual – IP Sentry can have an external light source hooked up to it, such as a siren light, to alert visually.
• Email – Alerts can be sent via email or SMS message to specified users when a condition is triggered

These alerts can also be triggered on recovery. As an example of how the application works, suppose the application is set to watch a server for availability (is the server up or not) and another alert is checking the status of a service on that same server. The app will check the status of the condition at intervals you specify, for example every 10 minutes.

How does the application work?

IP Sentry can ping a server to see if it is available. If the ping is not successful, the alert will be sent. As in the example above, if the server comes back online, another status alert will be sent to recipients to let them know the server is back online.

When working with services, IP Sentry can restart a service when it is found to be unavailable as the alert is being sent.

The recovery alert has been quite useful in situations where you need to let a group of people know that a service, like the Exchange Information Store, is back up and running. Configuring an alert that fires when this service is recovered, will send the alert out to let them know the service is back online.

The initial interface for IP Sentry is shown below in figure 1.
Figure 1

Initial interface of application

When minized or exited, the application will close to the system tray and quietly watch for items that require notification. To edit or add devices select the action menu and then the Edit devices option. This is shown in figure 2.

Figure 2

An entry for a monitored device, name cleared to protect the innocent (servers)

Once devices have been added, they will be listed here. Each device begins with its own entry, if you create a device and set it to depend on another device, it will appear as a sub-item for the parent. This is helpful when you are checking applications. For example, a device to check SQL Server could be dependent on another device to check the server’s availability. If the server is down, the database doesn’t need to be checked.

In the edit/add devices window, select Action and choose add new device to display a screen allowing you to define the device. Double clicking an existing device will show the same screen with information populated for the selected device. The add/edit details screen is shown below in figure 3.

Figure 3

Setting up monitoring

Populating the device name, description, IP address and monitor type is configured on the general tab shown above. When choosing a type of monitor, the dropdown list shows all available types, if add-ons are used, these will appear here as well. Once these items are configured click alerts to specify the notification type used.

Note: for this post I am only showing e-mail alerts as they are the most common type I have used. Pager/Cell alerts are very similar.

On the screen shown in figure 4 you will specify the mail server settings, sender information (used to login if required by your mail server) and recipient information.

Figure 4

Configure email alerts for monitored device

When all of the options necessary are configured, click the test alert button to ensure the alert can be sent out. When you are all configured click OK to add the device. Clicking OK on the list of devices will return you to the monitoring screen. To test all the items entered, press control N, which will scan devices now.

All in all

This application does what it promises, and works to alert you when systems meet or do not meet specified conditions.

Microsoft produces applications that will manage or assist with server systems and keep them running at a high level, getting IT management the information they need to ensure the proper operation of the organization. The products they market work very well and if the budget and other resources permit, they arent a bad choice, but for smaller shops or tighter budgets, the lower cost of licensing at approximately $500/site IP Sentry might be the way to get the alerts your organization needs.

Would something like this help you manage your environment?

Being a manager, in Information Technology or any other field, is a busy job. There will be questions about how applications work and how to customize them to better meet the needs of the organization, as well as questions about the reason for the newly implemented Saturday support shift. These are all things that you as the manager will see at sometime in your career. You may be a department of 100 or simply a department of 1, no matter the size of the team you need to take some time for yourself. This post is to serve as a reminder to benefit your occupation and your well being in all you do. It will help make you a better manager.

Read to learn

Usually when we start out in school, we as childeren have aspirations of being astronauts or athletes or even doctors, very few know that they want to be IT managers. We learn to read and read at increasing levels as we progress through school. Most of us read because it will aid us in passing the test at the end of the semester. Once you get into and beyond college, reading can open doors to new things from job offers to entertainment.

Do not forget that learning is important no matter how far along you are in your career. I do not mean to suggest that all your learning should be career focussed, but simply that learning something new can improve your situation. Suppose you deal with Microsoft Active Directory for the majority of your day, learning about Active Directory is helpful, but learning how to use your new digital camera so you can take pictures at the family reunion is fun. The same is true of reading. Opening up a magazine or blog about a topic you are passionate about will refresh your mind and might even provide you something to learn along the way.

Try something outside of your comfort zone

Many of us grow into our jobs. As we enter the land of management we grow into the role of manager and work to have the best relationships with co-workers and staff and to become the best managers we can be. These skills as a manager will get us noticed in our company in many cases and keep us moving forward on our career path. To keep your skills evolving and ensure you remain fresh in technologies that will help you along the way try new things or things you do not get to practice all that often.

If you are a wizard when it comes to Microsoft Excel and its formulas, but speaking in front of groups makes you want to have the flu, take the time to create presentations and attend meetings where you will have the opportunity to share information. You can help others learn things about a passion you have and help yourself to overcome a fear of speaking.

I still struggle with presentations and sometimes letting others read things I write but this blog has been a great experience and is just getting started. I will likely spend some time developing training presentations in the future to improve that as well.

Showing your employees and co-workers that you also have a willingness to learn and try things which may not be the best fit for you can increase their motivation to do the same.

Provide feedback frequently to help employees

I think this one falls in the best interest of many a manager. When managers have individuals reporting to them, constant communication and feedback, both positive and negative are surely on the list of best intentions. However many managers get into their ususal habits, just like everyone else, and provide necessary feedback in most cases. Putting yourself out there as a manager who provides feedback whenever possible will raise your standing with your employees in many situations.

An example would be to ensure you take the time to recognise when someone helps you (or your team) out with a project or when someone does something positive that would go unnoticed by other managers. Take the time to provide positivie reinforcement and ensure you provide negative feedback as soon as possible.

Note: Positive feedback is something to be shared with all in most cases, but negative feedback is not. It might work best to share positives at a weekly staff meeting with your team, but remember to ensure others within the company know about these positives as well. Negative feedback on the other hand, should be shared privately with the parties involved to avoid gossip and unneeded discussion.

If you take the time to learn new things and help your employees learn new things, either through budgeting for training or simply holding a weekly meeting with your team to brainstorm ideas and learn as a group, you will be a better manager and maintain a sense of being “up with technology” even when a busy schedule seeems to prevent this growth.

Organizations large and small are trying to make the most of any investment dollars they spend to improve infrastructure and reliability. It seems that more with less is the most common statement in IT shops today and with good reason. The recession is causing many employers of all shapes and sizes to consider any ways possible to save money.

Changing technology

Even the rather dismal economy doesnt slow down the changing technologies that move through corporate IT departments. From Netbooks to Windows 7 and the latest social media sites, there is and always will be some new and unbelievable technology to deal with, making IT employees giddy with opportunity. These changes can continue to be a good thing by allowing all employees to continue learning things that can and will set them apart from others.

In the recent past, companies were taken down the application server path. This led oraganizations and their employees to consider purchasing a separate server for each application needed in the organization. This is an effective way to ensure each application running within your organization has the needed firepower to operate at its best. In fact many shops still operate this way, and if the equipment exists and it works as needed, that is ok.

More servers, less money… long term

The organization I work for has a pile of servers. We have servers for each application that we have running and one for purely back office/IT operations. Keeps things nice and separated and for the most part everything is humming along nicely. We also have an edict to use or purchase less servers because we should not need that many servers to function. The number of servers we run should certainly not need to go up in the short term. If anything the way to move forward would allow for some initial investment to obtain a couple of rather high end servers with loads of processor and memory as well as a SAN to store our data on.

Implementing these hardware items and a virtualization platform like Hyper-V or VM Ware would allow us to create multiple machines on less hardware. Which in reality would provide almost an infinite number of servers while allowing the amount of physical hardware stays the same.

There will be an initial outlay for hardware and software because many organizations will not have enough horsepower in only a few of their server systems to ensure all of their applications (with the exception of a couple) can be moved to virtual servers. After this initial investment, when the existing servers begin migrating to the virtual environment and their physical counterparts are repurposed or taken off line, the organization should see a reduction in power consumption resulting in a smaller carbon footprint and lower operating costs.

The idea is that less physical servers running require less power. This will get an organization moving down the path to being green, or at least greener which is good for the environment and remains a very popular buzz word.

Being virtual saves power… but how does that help?

When you need a server for testing or a new application, you can create a clone of an existing server or build a brand new virtual machine within your environment. This will provide as many servers as necessary in very few clicks. The VM boxes will use a portion of the available hard disk space and memory within the physical server on which the machine is running which will limit the number of virtual machines that can be used and active at one time only by the physical server constraints in the environment.

For an IT manager, there will be discussion and justification needed to implement the project and initially go virtual, but over time the discussion needed to bring a server online will be more about usefulness than justification of hardware purchase. When the IT department can bring a server online in just a few clicks for testing or production use the overall cost of IT projects should go down, both within the organization and due to the purchasing of additional hardware.

Recommendation: There are certain server systems that are best left to their own servers in production environments. These include Exchange (up to version 2003) and Active Directory Domain controllers acting as global catalog servers. It seems to be beneficial to run these boxes as physical servers, but as advancements in both technologies continue to role out and as virtualization improves it stands to reason that these too will become exceptional candidates for virtualization. Besides keeping a few servers around to help hold down the rack isnt a bad idea, as long as they work.

Hopefully this post has provided some food for thought about ways to make wise investments with your IT dollars and reduce costs in the long run.

I have included a quick poll below to get an idea how the teams managed by readers of this blog communicate. As it is my first poll it is rather simple and to the point, hopefully these are a useful addition and will help gather more information in future posts.

 Loading ...

Learning things can be one of the most challenging things for an IT manager to remember. Not necessarily remembering things like “Hey I should learn how to…” fill in the blank with your latest adventure in knowledge, but learning as a tool to help yourself and those you work with grow and provide better value to themselves and the organization.

I have found that learning takes a good amount of focus and determination which can be present in varying degrees depending on the subject matter, the cost of the training, and a myriad of other reasons. Training will take you only so far. The manual or book that you can use to understand a concept or discuss material in a classroom cannot present too many real world scenarios that will determine if the student has understood the material.

Be sure to provide opportunities

Because of the daily changes in technology it is important to ensure that those on your staff with any desire to learn something, no matter how small in the grand scheme of things, have the chance to learn their chosen technology.

For example, when a member of your team suggests a training class in SQL queries to help them better understand how to retrieve information from the database, you as a manager need to work with this person to determine their interest level in the subject and to find out where this will benefit both the company and the individual.

Working with those members of your team who show definite interest in learning can show other employees on the team that learning is a positive experience. The goal with learning isnt to force employees to learn things that are of no interest to them. Doing this may reach the goal of completion of a project, which is necessary, but may ultimately be a waste of time and money if the employee doesn’t take enough interest in the subject to continue using the knowledge.

Try not to confuse training and learning

It is true that users or IT staff members are likely to learn something when they attend a training class. Usually something new comes out of any attempt to learn. However this does not always have to be the case. Think of a time when you were watching television and something you may not have known was presented to you; how to prepare a meal or desert perhaps. Now think of the last training session you attended. Were there some parts of the class that felt as though they were necessary and no new information was presented?

It is far easier to train for something than it is to learn it, however the two are not mutually exclusive. I liken training to the vehicle for learning. If you attend a seminar or training class on a topic, there is a good chance that you might come away having learned something. If you as a manager provide ample opportunities for learning and the training to facilitate that learning, your staff and co-workers will thank you for it.

Follow up

After an employee has learned a new skill, help them put it into practice. You do not need to test them, but provide them projects that will showcase the skills they learned. This will help to keep them from losing the skills they have learned.

Keeping a steady flow of new knowledge accessible to those in your organization who want it can be quite rewarding all the way around. It may bring new opportunities for employees to move between positions or just bring out the best in someone because a manager within their organization listened to their needs to get some training and additional knowledge. This can grow your employees respect for you as a manager and add value to your organization.