Windows Server 2012 R2: How to create a UPN Suffix

Windows Server 2012 R2

In this post we’ll look at how to create a new User Principal Name (UPN) Suffix. These instructions are also applicable to Server 2008 as well.

The current best practice for new active directory domain naming is a little hazy see my earlier post Active Directory Domain Naming Best Practices.

But for my scenario i decieded to use a sub domain of our registered company domain. This can be confusing for users as their logon name will appear slightly different to their email address.

So to remedy this we can create a new UPN suffix.

In this example I’ve used an ‘ad’ sub domain of my domain. So on initial account creation I only have the domain that i can choose.

ADUC - Create New User

To add a new UPN Suffix, open Active Directory Domains and Trusts, and right click the top level on the left hand side Active Directory Domains and Trusts [] and select Properties.

Active Directory Domains and Trusts - Properties

Type in the alternative UPS Suffixes required, in my case I just want my email domain as an additional UPN suffix, and click Add and click OK.

Active Directory Domains and Trusts - UPN Suffixes

Now back in ADUC, if you select the end user and go to the Account tab you can select the new UPN Suffix.

ADUC - User Logon with UPN Suffix

The end user will now have a username the same as their email address which they will be able to use to login with.

 Related Posts:

1. Active Directory Domain Naming Best Practices

2. How to install Exchange 2013 (SP1) on Windows Server 2012 R2

3. How to reset the Directory Services Restore Mode (DSRM) password

4. How to install Exchange 2010 (SP3) on Windows Server 2012


Active Directory Domain Naming Best Practices

Windows Server 2012 R2

It’s quite uncommon to get to setup a new company Active Directory infrastructure from scratch. Usually a customer has some kind of infrastructure in place already which I then help manage, maintain and enhance.

However recently I’ve been tasked with setting up a brand new company’s infrastructure and one of my first tasks was to name the Active Directory domain.

There are a number of possible scenarios:

  • You could use a .local or other non-routable domain
  • You could use an external domain (Split brain DNS)
  • You could use a similar domain to your fqdn e.g. .net instead of .com
  • You could use a sub domain of your fqdn

But which is best?

I guess that depends on your specific scenario.

Certainly if SSL certificates are going to be involved at all (think Exchange) then non-routable domains are out due to recent changes.

After doing some research on the Internet there is no definitive answer, however I have found lots of articles relating to the best practices when naming an Active Directory domain. Rather than duplicate the work of others I have provided links below to some of the most useful webpages I found:

(Incidentally, I went for a sub domain of the fqdn).

 Related Posts:

1. How to install Exchange 2013 (SP1) on Windows Server 2012 R2

2. How to reset the Directory Services Restore Mode (DSRM) password

3. How to install Exchange 2010 (SP3) on Windows Server 2012

PowerShell: How to clean up the WinSxS folder in Windows Server 2012 R2

Windows Server 2012 R2

In this post we’ll look at how to use PowerShell to reduce the size of the WinSxS folder in Windows Server 2012 R2.

A customer has a very quick SSD based server at a cloud provider, but although it is SSD based it only has a tiny 40GB C:\, which is a very small footprint for the OS, a couple of apps and logs files. So i was asked to take a look and see what i could do to make a bit of room.

The WinSxS folder contains the files for all the Windows Features you can install in the default operating system. Each time you run a windows update files in the WinSxS folder get update and the size will continue to grow.

Since Windows Server 2012 Microsoft have made it very easy to tidy the WinSxS folder up. They introduced a new feature called “Features on Demand”. Rather than the WinSxS containing all the binaries for all the features you could possibly install on the server, “Features on Demand” allows you to remove the files for features you aren’t using.

If at a later date you want to install a feature you have removed from the WinSxS folder you’ll need to specify a location for the source files.

Continue reading

vCenter Server stopped, event id 1827, 1105


In recent months I’ve been mainly focused on Hyper-V installations, but I’ve had an interesting VMware week this week. After 7 years of using ESX and then ESXi in production i experienced my first Purple Screen of Death which although inconvenient at the time i don’t think is too bad going!

Then later in the week and the subject of this post vCenter stopped running on one of our oldest installations.

Continue reading

How to reset the Directory Services Restore Mode (DSRM) password

Windows SBS 2011

The Directory Services Restore Mode (DSRM) password is used for restoring  Active Directory data on a Domain Controller. During an AD restore you can’t authenticate to Acitve Directory because it isn’t started while you boot into the restore mode and there aren’t any local accounts on a Domain Controller, so the DSRM password is used instead. This is a particularly important password to know in a single Domain Controller environment like an Small Business Server domain (although you can add additional DCs). It’s also a very good password to reset if you take on a new client with existing infrastructure that has been setup by someone else.

On SBS 2011 although you are not prompted to specify the DSRM password, it defaults to the password you use to install the server with. On Windows 2008, 2012, 2012 R2 when you promote a Member Server to a Domain Controller, you are asked to specify the password.

Continue reading

Top 10 Blog posts of 2014

Happy New Year!

Following on from 2013’s success, 2014 was a busy blogging year, with 66 posts, 560,000 views and visitors from 218 countries! The blog has gone from strength to strength, there was no major redesign this year but subtle tweaks here and there to make it better. For a hobbyist blog its edging ever closer to the 1,000,000 views mark which is insane!

Below are the top ten articles in 2014

  1. How to install Exchange 2010 (SP3) on Windows Server 2012   (43,232 views)
  2. PowerShell: Get-ADUser to retrieve password last set and expiry information (40,199 views)
  3. How to open Internet Explorer 10 in Desktop Mode on Windows 8   (28,942 views)
  4. PowerShell: Get-ADComputer to retrieve computer last logon date – part 1 (24,922 views)
  5. Exchange PowerShell: How to list all SMTP email addresses in Exchange (21,600 views)
  6. How to display Celsius on the Outlook 2013 Weather Bar (21,108 views)
  7. PowerShell: Get-ADUser to retrieve logon scripts and home directories – Part 1 (20,128 views)
  8. Server 2012: “Your current security settings do not allow this file to be downloaded” (18,817 views)
  9. Exchange PowerShell: How to enumerate Distribution Lists, managers and members (17,954 views)
  10. How to open Internet Explorer 11 in Desktop Mode on Windows 8.1 (16,958 views)

Looking forward to 2015, I intend to work on some Sophos Certifications while trying to find time for a few more Microsoft exams.  I didn’t get around to the SBS migration to Windows / Exchange 2013 last year, but with a number of clients now on the cusp of migrating I’ll be looking at that sooner rather than later! The surprising success if 2014 was my PowerShell posts, these have been hugely popular and enjoyable to write so expect more this year.

I hope you have a great year!

Exchange 2010 SP3 Update Rollup 8 v2 released and installation tips

Microsoft Exchange 2010 SP3 Update Rollup 1 Installtion tips

On 9th December Microsoft released the Exchange 2010 SP3 Update Rollup 8, the update was subsequently pulled and then re-released as Update Rollup 8 v2 a few days later.

See my post regarding the issues: Exchange 2010 SP3 Update Rollup 8 released and then pulled!

Exchange 2010 SP3 UR8v2

The Update Rollup 8 v2 for Exchange Server 2010 SP3 contains the fixes for the security issue that is described in KB2986475.

Update Rollup 8 v2 for Exchange Server 2010 SP3 resolves the issues that are described in the December 2014 security update, and the following Microsoft Knowledge Base (KB) articles:

  • 3004235 Exchange Server meetings in Russian time zones as well as names of time zones are incorrect after October 26, 2014
  • 3009132 Hybrid mailbox moves to on-premises environment but finishes with CompletedWithWarnings status
  • 3008999 IRM restrictions are applied to incorrectly formatted .docx, .pptx, or .xlsx files in an Exchange Server 2010 environment
  • 3008370 Group members are not sorted by display name when HAB is used with OAB in Exchange Server 2010
  • 3008308 Public folder database migration issue in a mixed Exchange Server environment
  • 3007794 Hub Transport server cannot deliver messages when a database fails over to a cross-site DAG in Exchange Server 2010
  • 3004521 An Exchange server loses its connection to domain controllers if a public folder server is down in Exchange Server 2010
  • 2999016 Unreadable characters when you import ANSI .pst files of Russian language by using the New-MailboxImportRequest cmdlet
  • 2995148 Changing distribution group takes a long time in an Exchange Server 2010 environment
  • 2992692 Retention policy is not applied to Information Rights Management protected voice mail messages in Exchange Server 2010
  • 2987982 Issues caused by ANSI mode in Exchange Server 2010
  • 2987104 Email message is sent by using the “Send As” instead of “Send on Behalf” permission in Exchange Server 2010
  • 2982017 Incorrect voice mail message duration in Exchange Server 2013 and Exchange Server 2010
  • 2977279 You cannot disable journaling for protected voice mail in Exchange Server 2013 and Exchange Server 2010

The update can be downloaded from here.

Continue reading