If in doubt, reboot........ the train........

My journey into work is normally quite uneventful. Since the move out to Kent it generally takes 20 minutes longer but the journey is actually fairly pleasant. Today was the exception.

About 20 minutes into the journey the trains brakes come on pretty hard slamming the train to a stop and we sat there for a couple of minutes before the guard come onto the tannoy to explain that there was a problem with the trains brakes (really?!) and that there were going to try a fix... This is the point that they REBOOTED the train. I kid you not, the annunciator at both ends of the coach went out, the air con died and the lights all went out......... A few minutes in the quiet and everything came back on but I would have loved to have seen a BIOS start up message scroll across the annunciators!

As a side note in this case the fix didn't work and the train was taken out of service at Orpington but I swear that's the first time I've been on a train that's needed a reboot!

FSMO Confusion in multiple domains

When I teach classes on Active Directory I will cover various domain models including the empty root domain model, this model has several security,delegation and political based benefits that I will cover in a future article suffice to say it uses two domains and the child domain is the production domain and the empty root just contains certain FSMO roles and forest-wide groups.

When I teach this model I will always ask the class to tell me how many FSMO roles there are and if the class is awake I will generally get the correct answer of five. I will then point to the empty root domain model and ask the class where the 8 FSMO roles should be placed, invariably I will get a look of confusion because there are only five.....

What a lot people forget is the minimum number of FSMO roles you can have in a domain is three and the maximum is five. Lets look at that empty root domain again - The empty root is just a windows domain that just happens to be the first in the domain to be created and as such will hold five FSMO roles. The roles are Schema Master, Domain Naming Master, PDC Emulator, RID Master and Infrastructure Master. The first two are forest wide so will only ever exist in one domain of the tree whereas the other three are domain wide and will exist in each and every domain created and this seems to be where the confusion comes in.
Your very first domain (the empty root in this example) will have FIVE FSMO roles, the child domain will hold THREE. Five+three equals eight which explains how you can have eight FSMO roles across two domains.

Creating a Default User Profile

One of the things that annoys me about windows is the Default User profile. This is the profile that a new user who logs onto a machine (or server will get).
The way it works on NT, 2000, XP and 2003 is pretty much the same.
Under the documents and settings folder on 2000, XP and 2003 are a series of folders for each person that logs on to the machine.

Hidden in here is also a profile called 'Default User' and whatever is in here gets copied to the logon name of any NEW person that logs on.

Microsoft provide a somewhat tortuous way of customising this profile by creating an additional local user which is fine unless you have already spent time customising the profile you have logged on as.

Facing this situation yesterday I realised that the easiest fix is to just log off the machine which unloads the user profile and then you can copy the existing profile over the top of default user and so have a working default user profile in seconds..... Permissions might need to be adjusted as need be but it was a quick and painless way to take an existing and cofigured profile and make it a default.