MMC tales…
In this post we will discuss some issues we had when using Microsoft Management Consoles to manage DNS (dnsmgmt.msc), Group Policy Objects (rsop.msc, gpmc.msc) and AD accounts (dsa.msc). No, we don’t use just powershell or command line tools to manage a Microsoft infrastructure: We click a lot 🙂
DNS
- You cannot manage a Windows 2008R2 DNS server with dnsmgmt.msc running on a Windows XP/2003 computer. This is because on a Windows 2008R2 DNS server the RPC security has been raised by requiring an integrity test, read this KB for more details. The command line tool dnscmd.exe running on a Windows 2003/XP will also fail to run properly, don’t forget to update any scheduled task or script when migrating your DCs to 2008R2.
- Under Windows 2008R2 the DNS management console will freeze when deleting glue records, use (the right version) of dnscmd.exe to accomplish this task.
GPOs
- Group Policy Preferences settings are not displayed when using rsop.msc on a target computer. However, if you use gpmc.msc to find out what Group Policy settings are applied you will get this information. Just use the Group Policy Results Wizard:
- You cannot install gpmc.msc on a Windows 2003 x64 server, unless you edit the MSI package with a tool like Orca. VBS sample scripts located under %Programfiles%\Microsoft Group Policy\GPMC Sample Scripts\ will not work correctly, when calling CreateObject(“GPMGMT.GPM”) you will get the following error:
Microsoft VBScript runtime error: ActiveX component can’t create object: ‘GPMGMT.GPM’
Registering gpmgmt.dll did not solve this problem, if you know any workaround, do not hesitate to post it.
ADAC or DSA.MSC
When you use the RSAT dsa.msc you have a new tab called attribute editor which allows you almost to get rid of the good old adsiedit.msc console:
- If you manage an AD 2000/2003 forest with the RSAT you will not see this tab when editing an object, unless you modify the Configuration directory partition.
- In an AD 2008R2 forest this tab shows up in ADUC only when browsing, if you do a search and then open the object, the tab will not be available. However if you use ADAC, you will see the attribute editor tab in the “Extensions” section after performing a search.
Nevertheless I still like to manage my servers with a friendly GUI, otherwise I will be deploying Windows Server Core only, even for servers dedicated to administration… Hopefully I do not need to save that much storage (see Less disk space required chapter) 😉
This post is also available in: French
3 Comments
Other Links to this Post
RSS feed for comments on this post. TrackBack URI
By Ammesiah, July 28, 2011 @ 3:24 pm
Oh yeah we kiff the “Less Disk Space required”
By saji, August 4, 2011 @ 10:30 am
i would like to know about how do we will get GPP in windows 2003 Ent Server.
By ldap389, August 4, 2011 @ 12:41 pm
Hello,
Unfortunalty this is not possible to get GPP settings using a GPMC runing on a Windows 2003 server (with Group Policy Results). You need to use RSAT (Windows 7, Vista, Windows 2008).
For GPP settings to work on a Windows 2003/XP client you need to apply this patch http://support.microsoft.com/kb/943729