Friday, July 24, 2015

Backing up to network share using Local System account

When using Windows Server Backup with a destination location of network share, during the schedule setup wizard it wants you to provide a user name and password.  Since normal user accounts would often change passwords, this would eventually cause backup failures.  The alternative of using service accounts is possible, but its not all that necessary and just adds to the overhead.  Using Local System (ie. the computer account) allows you to not have to worry about passwords or accounts that might get compromised (or locked out).  To set up the backup, you will need to go through the gui using an account that does have access, and has a password.  Once you have the backup scheduled, you can edit it with schtasks.

First of all, you need to set up the shared folder.  Ensure the share permissions and ntfs permissions allow both the computer account of the machine that is being backed up, and the account creating the task initially.

After this, run through the GUI wizard to schedule the backup.  This creates a scheduled task in Task Scheduler Library -> Microsoft -> Windows -> Backup.

To edit this task in schtasks.exe you will need to provide the path details in addition to the task name, which should be "Microsoft-Windows-WindowsBackup".  So the full task name is "\Microsoft\Windows\Backup\microsoft-windows-windowsbackup".

To edit it to use the System account:

C:\>schtasks /change /tn "\Microsoft\Windows\Backup\microsoft-windows-windowsbackup" /ru "nt authority\system"

SUCCESS: The parameters of scheduled task "\Microsoft\Windows\Backup\microsoft-w
indows-windowsbackup" have been changed.

Thursday, July 23, 2015

Finding domain controllers replicating from a particular server

This will look at all ntds server connections in each site to find which servers (listed in the distinguishedname attribute) are replicating from a particular machine (in the fromServer attribute).

get-adobject -searchbase `
("CN=Sites," + (get-adforest).partitionscontainer.substring(14)) `
-ldapfilter "(objectclass=nTDSConnection)" `
-Properties distinguishedname,fromServer |select distinguishedname,fromServer |
where {$_.fromserver -match "servername"}