Florian’s Blog

I’m currently playing with MDT to create a (Ultra)LiteTouch-Installation of Windows 7 from Windows XP machines. It’s supposed to work out as a Windows XP to Windows 7 migration with just a few user interaction needed.

One of the things I want is the Deployment Wizard LiteTouch.vbs be as small as possible so that users don’t have to put in data themselves (and therefore mess with the installation) and one (among a couple of many others) thing that I neededto automate was the selection of the time zone. 

To exclude the time zone selection from the Deplyoment Wizard, I added “SkipTimeZone=YES” into CustomSettings.ini and that made it not ask for the time zone. Well done, I thought, but apparently it just assumed that I wanted the default Tijuana time zone and applied that to the machine.

So in case you’re searching for the correct CustomSettings.ini entry for the German (Berlin, Stockholm, …) time zone, it’s either

TimeZoneName=W. Europe Standard Time

or

TimeZoneValue=110

That info isn’t spread widely so I thought I’d just add it here :-)

Update: Here’s a list of TimeZoneValues that should work: http://msdn.microsoft.com/en-us/library/ms145276(SQL.90).aspx

Ha!

I’m still playing with my AD LDS instance and am trying to create a phonebook that I can access via code later. What I’ve found was that none of my ~1000 sample users in my test domain had a telephoneNumber or fascimileTelephoneNumber configured except for my user account.

So I’m trying to find a way to populate some random phone numbers for all those sample accounts - otherwise a corporate phone book in my lab wouldn’t make sense, right? I was thinking about the crappy .NET code that I was going to write when I thought about giving ADMod a try and crawling through the docs at http://www.joeware.net/freetools/tools/admod/usage.htm when I found an awesome ADMod feature: *rnd*.

adfind -default -f “&(objectClass=user)(objectCategory=person)(!telephoneNumber=*)” telephoneNumber -adcsv | admod -unsafe telephoneNumber::{{*rnd*:5:7:0123456789}}So what does that command do? It selects all user objects that have their telephoneNumber attribute “not set”. It then pipes those found objects to ADMod which happily fills the telephoneNumber attribute with random values.

“-unsafe” is there to make ADmod ignore the count of objects being modified. ADMod protects me from being an idiot and modifying too many accounts at the same time. Any modification targeting more than 10 objects at a time makes ADMod stop — you either have to specify the -unsafe switch or specify a new max count number to modify with the -upto switch.

“telephoneNumber::{{*rnd*:5:7:0123456789}}” is where the magic starts. “TelephoneNumber” is the attribute to be modified, followed by the keyword *rnd* which stands for random. The three values following are minimum characters to fill in, max characters to fill in, charset to use. So I told ADmod to fill telephoneNumber with random values that are between 5 and 7 characters long and consist only of numbers.

If I wanted a different charset, I could’ve added them, like here for representation of hex values: {{*rnd*:10:26:0123456789ABCDEF}}.

So now I have dummy users in my lab domain that have telephone numbers. Having a phonebook now starts to make sense.

I’ve been playing with AD LDS lately and it’s surprising how “similar” things work compared to a full-blown AD DS. Authoritatively restoring an object in an AD LDS instance pretty much works the same as in AD DS. The tool you use for that is called “dsdbutil” — and guess what, it feels like ntdsutil ;-)

As you can see from the screenshot, the commands and help files are just the same. There *may* be differences to NTDSUtil but haven’t found any on the first look. Good to know that the process is the same - just in case. Something worth noting here: Before you can actually restore objects, you first need to stop the AD LDS instance. Makes sense, right?

What you see above is my AD LDS instance called “FSFTContacts”. I basically set up an instance that would sync with my live AD from time to time, extracting user objects with a special criteria (based on an LDAP filter). I configured it to only sync some attributes (mostly contact information like phone number, facsimile number, email, …) so that the instance works just like a phone book. Hence the DC=Yellowpages :-)