Contents tagged with Windows Server 2008 R2

  • How to use PowerShell to populate Active Directory with plenty enough users for SharePoint

    Tags: Active Directory, Windows Server 2008 R2, SharePoint

    When testing SharePoint or any other software that uses Active Directory or any kind of data storage it is important to test with lot of data, data with variations and real life data. One area that is often forgotten is Active Directory, ok you create 10 or 20 test users, perhaps 50 or 100 users called Mr. Test Testson32 or similar, but that is not enough. I like to use some real world data for my Active Directories both for testing and for sure it looks more fancy when doing a demo with SharePoint (especially with these new social features in SharePoint 2013). So I’m going to show you some of my scripts I use for this.

    Getting me some data

    imageFirst of all we need users. And not these test users called Test1, Test2, or you pet names (well I usually throw in my kids once in a while). One fantastic source of data is the Fake Name Generator. This amazing service can get you up to 50.000 randomly generated identities in bulk. You can choose the name sets, which countries they should come from and what properties you would like. Perfect for getting data that matches your clients! For this post I retrieved 25.000 users from Sweden, US etc and using both European and Chinese names! I chose to use the following properties; Given Name, Surname, Street Address, City, State, Postal Code, Country Abbreviation, E-mail, Username, Telephone, and occupation. All this gets emailed to me as a CSV files in just a couple of minutes.

    Importing the data

    Now on to the fun stuff with PowerShell. I’m going to take this CSV file import it into a PowerShell object, transform it a bit and then just create Active Directory accounts from them. Let’s start with some preparations.

    First of all I create a specific OU (“Demo Users”) to place all these accounts in, and I also set some password restrictions (well, this is a demo).

    Import-Module ActiveDirectory
    $dn = (Get-ADDomain).DistinguishedName
    $forest = (Get-ADDomain).Forest
    Set-ADDefaultDomainPasswordPolicy $forest -ComplexityEnabled $false -MaxPasswordAge "1000" -PasswordHistoryCount 0 -MinPasswordAge 0
    $ou = Get-ADOrganizationalUnit -Filter 'name -eq "Demo Users"'
    if($ou -eq $null) {
        New-ADOrganizationalUnit -Name "Demo Users" -Path $dn
        $ou = Get-ADOrganizationalUnit -Filter 'name -eq "Demo Users"'

    Once this is done it’s time to start fiddling with the data. First of all I import the CSV file into a PowerShell object like this (of course you need to replace the file name with yours):

    $data = Import-Csv .\FakeNameGenerator.com_d7a08270.csv

    Then we’ll refine the CSV data into a new PowerShell structure, you can mix and fiddle with this as you like. Notice that my structure uses the parameter names of the New-ADUser cmdlet, so if you want to add cell phone and other attributes to your AD accounts, here’s the place to add them.

    $refineddata = $data | select  @{Name="Name";Expression={$_.Surname + ", " + $_.GivenName}},`
             @{Name="SamAccountName"; Expression={$_.Username}},`
             @{Name="UserPrincipalName"; Expression={$_.Username +"@" + $forest}},`
             @{Name="GivenName"; Expression={$_.GivenName}},`
             @{Name="Surname"; Expression={$_.Surname}},`
             @{Name="DisplayName"; Expression={$_.Surname + ", " + $_.GivenName}},`
             @{Name="City"; Expression={$_.City}},`
             @{Name="StreetAddress"; Expression={$_.StreetAddress}},`
             @{Name="State"; Expression={$_.State}},`
             @{Name="Country"; Expression={$_.Country}},`
             @{Name="PostalCode"; Expression={$_.ZipCode}},`
             @{Name="EmailAddress"; Expression={$_.EmailAddress}},`
             @{Name="AccountPassword"; Expression={ (Convertto-SecureString -Force -AsPlainText "WictorRocks!")}},`
             @{Name="OfficePhone"; Expression={$_.TelephoneNumber}},`
             @{Name="Title"; Expression={$_.Occupation}},`
             @{Name="Enabled"; Expression={$true}},`
             @{Name="PasswordNeverExpires"; Expression={$true}}

    As you can see I fix the Name and DisplayName properties and makes sure that the UPN uses the DNS name from the forest etc. I also enable all the users.

    And now all that is left is to add them to Active Directory! I don’t just add them to the OU created above, instead I actually create one OU for each Country – this makes it more easier to manage and also gives me an opportunity to test accounts in different OU’s. So here’s the snippet to add the users and create the other OU’s:

    $refineddata | % {
        $subou = Get-ADOrganizationalUnit -Filter "name -eq ""$($_.Country)""" -SearchBase $ou.DistinguishedName        
        if($subou -eq $null) {
            New-ADOrganizationalUnit -Name $_.Country -Path $ou.DistinguishedName
            $subou = Get-ADOrganizationalUnit -Filter "name -eq ""$($_.Country)""" -SearchBase $ou.DistinguishedName        
        $_ | Select @{Name="Path"; Expression={$subou.DistinguishedName}},* | New-ADUser   

    For 25.000 users this will run for a while, but it’s worth it!

    Note that you’ll get some errors while running this with lots of users normally. This is due to that some of the usernames are repeated. Of course with some handy PowerShell magic that can be fixed as well…

    And here’s the result

    If we now take a look in the Active Directory Users and Computers snap-in it should look something like this:


    And then if we drill down into one of the OU’s there should be tons of users:

    Lotsa users

    All with nice details:

    An account


    Now you’ve seen a very simple and fast way to generate lots of demo data for Active Directory. Of course you can modify the snippets above and adapt to your requirements. And you don’t need 25.000 users in your development environment remember it will take some time to sync and crawl with SharePoint…

  • Do you want to know more about the Microsoft Certified Master or Architect programs?

    Tags: SharePoint, SQL Server, Windows Server 2008 R2

    I bet you will!

    Microsoft LearningThe Advanced Certification Team at Microsoft Learning will start a new Live Meeting series where you can learn more about the Microsoft Certified Master and Microsoft Certified Architect programs. It will be regularly held meetings where they will go into details about the programs. The program managers will make you understand the program mission and vision, how to prepare for a certification, how to apply for participation and the value of the programs. If you're interested in one or more of these programs I recommend you to attend one of the live meetings or watch the recordings. Of course attending the live meetings will allow you to directly ask questions to the program managers!

    There will be live meetings for each product category (SharePoint Server 2010, Lync Server 2010, Exchange 2010, SQL Server 2008 and Active Directory).

    To register for one of the live meetings head on over to the Microsoft World Wide Events site and get your slot. Currently there are two planned sessions:

  • Tips for doing SharePoint demos on virtual machines

    Tags: SharePoint, Windows 7, SharePoint 2010, Windows Server 2008, VMWare, Windows Server 2008 R2

    It's Friday and thought that I should share some small tips on how to make your SharePoint demonstration experience better. I assume that you have a quite powerful laptop with virtual machines running SharePoint.

    I used to do my demos directly in the virtual machine, in full screen mode. This requires that I have all the necessary client components installed such as Office, SharePoint Designer, the Windows Server Desktop Experience feature enabled etc. All this of course take resources such as memory and CPU from the virtual machine. Also Internet Explorer consumes CPU cycles and if you're using Firefox in the demo you get another memory hog in your virtual machine.

    A better approach is to use you local workstation as the client, In my case I have Windows 7 and VMWare running (yea, I like to promote them...) the virtual machines. This allows me to show a more realistic case when doing demos.

    The Network

    Networks The first tip here is how to configure the network for the virtual machines. I normally have one AD server and one SharePoint server which are connected using a separate network, so that I can use static IP addresses. Then I have a secondary network on the SharePoint VM which is host-only with known IPs, that is I can access the VM from the client using a browser or an Office application. I also have a third network on the VM which is connected to the Internet. I only enable this third NIC if I need to access web services and such from my VM.

    Then I add entries to the hosts (...\system32\drivers\etc\hosts) file with the IP numbers from the host-guest network so that I can use domain names instead of IP-numbers.


    I never have the host and clients on the same domain. My laptop is connected to my company's domain and the VMs all use their own directories. To get rid of annoying authentication prompts I use the Windows Vista/Windows 7 feature to store credentials - the Credential Manager.

    Credential Manager

    The Credential Manager allows you to save Windows credentials for a specific Internet or network address. Just add the name of the server, which you added to the hosts file, and then your default user username and password. Voila! You can now directly from your client/host browse to your virtual server using a good looking URL and without any authentication prompts.

    Firefox, Safari and other obscure browser does not use this credential manager and I use them to log in as other users.

    If you don't do this and log on to your server from the web browser you will be asked for the credentials every time you open an Office document from the server or when you open the site using SharePoint Designer.

    If you use these small tips you will have a much better experience when doing demos, developing or configuring your SharePoint virtual machines.

    Have a nice weekend!

  • My SharePoint 2010 development rigs

    Tags: SharePoint 2010, VMWare, Virtual PC, Windows Server 2008 R2

    SharePoint 2010 is one greedy beast and you can’t settle with your plain old laptop; first of all you need a x64 bit environment and second of all you need some RAM. Developing for SharePoint 2007 required just a 32-bit machine, less than 4 gigs of RAM and Virtual PC and you could do most of your work without complaining to much. SharePoint 2010 requires some more thought through development environment .

    First of all you need a 64-bit platform and at least 8GB of RAM, that’s what I’m having now on my HP EliteBook 6930p. So far this machine has worked really smooth; I run Windows 7 as the main OS on it.

    Second, you can’t use Virtual PC – it’s 32 bit only! So if you like to live in the Microsoft world you have to install a Windows Server OS on your laptop of use Windows 7 VHD boot. I want to have access to my desktop applications and my main OS so I’ve walked down the VMWare path a couple of months ago and I’m currently using VMWare Workstation 7 – it’s an awesome virtualization software and I am not going back!

    Third, you need disk space – go get some USB or ESATA hard drives. If you are going to have a single setup of your SharePoint 2010 virtual machine – this may not be necessary, but if you are like me and like to be able to create snapshots, have multiple clones, non-expanding virtual disks then most probably your internal laptop disk won’t last long.

    I have two main sets of SharePoint 2010 development rigs right now:

    • A single virtual machine approach
    • A multiple virtual machine approach

    Single Machine Approach

    The single virtual machine SharePoint 2010 is an easy option; it’s a Windows Server 2008 R2 machine with 4-6GB of RAM and it runs everything from Active Directory to SQL Server to SharePoint to Visual Studio 2010. This rig is great if I want to do something quick.

    Multiple Machine Approach

    This rig is more complex, but also offers a better flexibility. VMWare Workstation offers you to create teams of virtual machines and I’ve set up a team of three servers:

    • 1 Windows Server 2008 R2 Core running Active Directory with 512 MB of RAM
    • 1 Windows Server 2008 R2 running SQL Server 2008 with 1024 MB of RAM
    • 1 Windows Server 2008 R2 running SharePoint 2010 and all apps with 4096 MB of RAM

    I find this multiple machine approach to be better performing, although it takes longer to start up and to shut down. Creating the Server Core machine with AD is probably the best thing about it, took me some time to get acquainted to the Server Core environment, but with some PowerShell love it worked like a charm.

    Only drawback with the VMWare team approach is that you can’t run your machines in Unity mode.

    I will try a third option; AD on Server Core on one machine and the rest on a single server – I think it will work great as well.

    Other machines

    I also have a Windows 7 virtual machine, that is joined to the domain and a Ubuntu Linux machine – which I’m using for demoing Office Web Applications and the SharePoint 2010 interface.

    All these setups are made with clean and compressed snapshots so that I easily can clone up a new empty environment whenever I need it.

    How is your SharePoint 2010 development environment?

  • Fix the SharePoint DCOM 10016 error on Windows Server 2008 R2

    Tags: SharePoint, Security, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2

    If you have been installing SharePoint you have probably also seen and fixed the DCOM 10016 error. This error occurs in the event log when the SharePoint service accounts doesn't have the necessary permissions (Local Activation to the IIS WAMREG admin service). Your farm will still function, but your event log will be cluttered.

    On a Windows Server 2003 or Windows Server 2008 machine you would just fire up the dcomcnfg utility (with elevated privileges) and enable Local Activation for your domain account.

    But for Windows Server 2008 R2 (and Windows 7, since they share the same core) you cannot do this, the property dialog is all disabled due to permission restrictions. It doesn't matter if you are logged in as an administrator or using elevated privileges. The change is probably due to some new security improvements.

    DCOMCNG - all disabled

    The reason for it being disabled is that this dialog is mapped to a key in the registry which the Trusted Installer is owner of and everyone else only has read permissions. The key used by the IIS WAMREG admin is:


    Registry permissions on R2 Registry permissions on R1

    Image on the left shows the default permissions for Windows Server 2008 R2 and on the right the default settings for Windows Server 2008.

    To be able to change the Launch and Activation Permissions with dcomcnfg you have to change the ownership if this key. Start the registry editor (regedit), find the key, click Advanced in the Permissions dialog of this key and select the Owner tab. Now change the owner of the key to the administrators group for example, then set full control to the administrators group. Make sure not to change the permissions for the TrustedInstaller.

    Now you have to restart the dcomcnfg application and once find the IIS WAMREG application and then set the Launch and Activation settings that you need to get rid of the DCOM 10016 error.


    Good luck!

    WARNING: Changing the registry may seriously damage your server. All is on your own risk!

About Wictor...

Wictor Wilén is the Nordic Digital Workplace Lead working at Avanade. Wictor has achieved the Microsoft Certified Architect (MCA) - SharePoint 2010, Microsoft Certified Solutions Master (MCSM) - SharePoint  and Microsoft Certified Master (MCM) - SharePoint 2010 certifications. He has also been awarded Microsoft Most Valuable Professional (MVP) for seven consecutive years.

And a word from our sponsors...