Thursday, April 30, 2015

Microsoft’s New Browser Will Be Called Microsoft Edge

2I8A9578
We knew that Internet Explorer was dead.
We knew a successor was coming.
We just didn’t know the official name, beyond the “Project Spartan” placeholder.
Now we do: Microsoft’s new browser is called Microsoft Edge.
Just announced at the company’s build conference, Edge will be the primary/default browser built into Windows 10.
Details are still light on of what’s unique to Edge, but here’s what we know:
  • It has built-in Cortana support.
  • It has built-in reader, note-taking and sharing features.
  • The design focuses on simplicity and minimalism.
  • The rendering engine is called EdgeHTML.
While no full-size screenshots have been released yet, here’s what we could grab from the demo screen as it debuted:
2I8A9574
2I8A9587
2I8A9586
Update: Here’s the just released “teaser” style video:


Tuesday, April 28, 2015

Keep it simple; move from Windows 7 to Windows 10 in minutes

Windows 10 is on the way and there is more information available about it all the time. In addition to all the great features included in Windows 10, one of the most exciting aspects of it is how quick and easy it is to upgrade from previous versions of Windows.
In the video below, watch a walk-through of the few steps it takes to upgrade from Windows 7 to Windows 10. Even on an older computer, it takes only a few minutes to download the update, launch the application, and start updating. Give it a look to see what you can expect.
Get your computers up to speed on Windows 10 by downloading the Windows 10 Technical Preview. With it, you can test your applications and hardware to prepare for the release of Windows 10.

Wednesday, April 22, 2015

Modern productivity—Office on Windows

Today I’m excited to share that the Office Universal apps preview for Windows 10 for phone is expected to be available by the end of the month. With this announcement, we’re rounding out our Office on Windows line-up, and I wanted to take the opportunity to explain our strategy of Universal and Desktop apps.

Office Universal

Our Office Universal apps are designed for on-the-go productivity. They’re touch-first, built for tablets and phones, and optimized for viewing, quick edits, notes and mark-up. On a tablet, the Universal apps are fast, fluid, and streamlined for an immersive, hands-on experience. They’re fantastic for reading and perfect for touch- and pen-based content creation. On a phone, the Universal apps adapt to the smaller form factor. Commands and controls are moved to the bottom of the screen so you can triage your work and make edits one-handed with your thumb. (That may sound like a small thing—but wait until you try it. It makes all the difference!)
Modern productivity Office on Windows 1
Word Universal for Windows 10 for phones
Modern productivity Office on Windows 2
PowerPoint Universal for Windows tablets

Office Desktop

While on-the-go productivity is increasingly important, people haven’t stopped using the Office Desktop applications for their most important creative work—and we expect that to continue for years to come. The upcoming release of our Windows Desktop apps (Office 2016) will offer our richest feature set ever for professional content creation. These apps are tuned for sophisticated authoring, easy collaboration, pixel-perfect layouts and deep analysis—and are designed for the precision and control of a keyboard and mouse. In Office 2016 some of the key investment areas include:
  • Modern productivityUpdated look and feel—Office 2016 will deliver a modern look and feel that is visually aligned with Office across platforms and devices. So no matter what form factor you’re using, your Office experience will be familiar, consistent, and intuitive. Cloud connections—With a redesigned Backstage experience, we’re making it easier to use cloud services to create, open, edit and save your files directly from the desktop. In addition, new modern attachments in Outlook make it easy to attach files from OneDrive and automatically configure permission for the recipients—all without leaving Outlook.Intelligent experiences—The new Office apps will learn as you work, taking advantage of subtle cues and clues to help you stay focused on priority work. Tell Me, a new search tool available in Word, PowerPoint and Excel, will enable you to find the commands you need by simply typing what you want to do.
  • Business intelligence. Office 2016 will also include a number of valuable business intelligence enhancements built right into Excel. New data visualizations will make sophisticated analysis faster and easier. And Power Query (previously offered as a separate download) will be fully integrated into Excel, giving the app native features for discovering, combining and refining data from different sources.
  • IT control and manageability. For the Enterprise, Office 2016 will deliver improved controls and information management. Word, Excel and PowerPoint will include new Data Loss Prevention (DLP) features to manage sensitive information like credit card or social security numbers. Flexible click-to-run deployment options will allow IT admins more control over Office updates. And improved integration with Microsoft SCCM and Azure Active Directory will give organizations powerful controls for managing the Office apps across devices.
With the preview release of the new Universal apps for Windows 10 for phones, we’ll have an exciting line-up of Windows 10 apps across form factors. The Universal apps will deliver tailored tablet and phone experiences for on-the-go productivity, and the Desktop apps will offer our broadest, deepest feature set for professional content creation. To experience them for yourself, I’d encourage you to download the apps and give them a try. The Universal apps for tablets went live in February with the Windows 10 Technical Preview, the Desktop IT Pro and Developer preview for Office 2016 launched last month, and the Universal apps for Windows 10 for phones are expected to be available with the Windows 10 Technical Preview by the end of April. Stay tuned to the Office blog for more updates on our Windows strategy. It’s an exciting time for Windows and Office, and there’s more to come in the next few weeks.

Friday, April 17, 2015

AD Replication Status Tool is Live

Download the AD replication status tool from here

Hey all, Ned here with some new troubleshooting tool love, courtesy of the ADREPLSTATUS team at Microsoft. I’ll let them do the talking:
The Active Directory Replication Status Tool (ADREPLSTATUS) is now LIVE and available for download at the Microsoft Download Center.
ADREPLSTATUS helps administrators identify, prioritize and resolve Active Directory replication errors on a single DC or all DCs in an Active Directory Domain or Forest. Cool features include:
  • Auto-discovery of the DCs and domains in the Active Directory forest to which the ADREPLSTATUS computer is joined
  • “Errors only” mode allows administrators to focus only on DCs reporting replication failures
  • Upon detection of replication errors, ADREPLSTATUS uses its tight integration with resolution content on Microsoft TechNet to display the resolution steps for the top AD Replication errors
  • Rich sorting and grouping of result output by clicking on any single column header (sort) or by dragging one or more column headers to the filter bar. Use one or both options to arrange output by last replication error, last replication success date, source DC naming context and last replication success date, etc.)
  • The ability to export replication status data so that it can be imported and viewed by source domain admins, destination domain admins or support professionals using either Microsoft Excel or ADREPLSTATUS
  • The ability to choose which columns you want displayed and their display order. Both settings are saved as a preference on the ADREPLSTATUS computer
  • Broad OS version support (Windows XP -> Windows Server 2012 Preview)
ADREPLSTATUs UI consists of a toolbar and Office-style ribbon to expose different features. The Replication Status Viewertab displays the replication status for all DCs in the forest. The screenshot below shows ADREPLSTATUS highlighting a DC that has not replicated in Tombstone Lifetime number of days (identified here by the black color-coding)
image
Click me
Using the Errors Only button, you can filter out healthy DCs to focus on destination DCs reporting replication errors.
image
Click me
The Replication Error Guide has a Detected Errors Summary view that records each unique replication error occurring on the set of DCs targeted by the administrator.
image
Click me
Close up of the Detected Errors Summary view.
image
Click me
Selecting any of the replication error codes loads the recommended troubleshooting content for that replication error. The TechNet Article for AD Replication Error 1256 is shown below.
image
Click me
The goals for this tool are to help administrators identify and resolve Active Directory replication errors before they cause user and application failures, outages or lingering objects caused short and long-term replication failures, and to provide administrators greater insight into the operation of Active Directory replication within their environments.
The current version of ADREPLSTATUS as of this posting is 2.2.20717.1 (as reported by ADREPLSTATUS startup splash screen).
Known Issues
Symptoms
Status
ADREPLSTATUS fails to launch on highly secure computers.

ADREPLSTATUS will not work when the following security setting is enabled on the operating system:

• System cryptography: Use FIPS 140 compliant cryptographic algorithms, including encryption, hashing and signing algorithms
Extra checkmark appears at bottom of column chooser when right clicking on a column header

Known issue and by design.
Support
  • ADREPLSTATUS is a read-only tool and makes no changes to the configuration of, or objects in an Active Directory forest
  • The ADRPLSTATUS tool is supported by the ADREPLSTATUS team at Microsoft. Administrators and support professionals who experience errors installing or executing ADREPLSTATUS may submit a “problem report” on the following web page:

  • If the issue is known, the ADREPLSTATUS team will reply to this page with the status of the issue. The status field will be listed as “known issue”, “by design”, “investigating”, “In progress” or “resolved” with supporting text
  • If a problem requires additional investigation, the ADREPLSTATUS team will contact you at the email address provided in your problem report submission
  • ETA for problem resolution will depend on team workload, problem complexity and root cause. Code defects within the ADREPLSTATUS tool can typically be resolved more quickly. Tool failures due to external root causes will take longer unless a work-around can be found
  • The ADREPLSTATUS team cannot and will not resolve AD replication errors identified by the ADREPLSTATUS tool. Contact your support provider, including Microsoft support for assistance as required. You may also submit and research replication errors on:

Identify the PDC emulator

To identify the PDC emulator

Using the Windows interface

  1. Open Active Directory Users and Computers.
  2. Right-click the domain node, and then click Operations Masters.
  3. On the PDC tab, under Operations masters, view the operations masters that will serve as the PDC emulator.
Notes
  • Performing this task does not require you to have administrative credentials. Therefore, as a security best practice, consider performing this task as a user without administrative credentials.
  • To open Active Directory Users and Computers, click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers.
  • Every domain has only one PDC emulator master. To identify the PDC emulator in a different domain, target the appropriate domain before clicking Operations Masters.

Using a command line

  1. Open Command Prompt.
  2. Type:

    dsquery server -hasfsmo pdc

 

ValueDescription
-hasfsmo
Finds the domain controller (server object) that currently holds the requested operations masters role.
pdc
Requests the PDC emulator master of the current domain.
Notes
  • Performing this task does not require you to have administrative credentials. Therefore, as a security best practice, consider performing this task as a user without administrative credentials.
  • To open a command prompt, click Start, point to All programs, point to Accessories, and then click Command prompt

Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller

Certain domain and enterprise-wide operations that are not good for multi-master updates are performed by a single domain controller in an Active Directory domain or forest. The domain controllers that are assigned to perform these unique operations are called operations masters or FSMO role holders. 

The following list describes the 5 unique FSMO roles in an Active Directory forest and the dependent operations that they perform:
  • Schema master - The Schema master role is forest-wide and there is one for each forest. This role is required to extend the schema of an Active Directory forest or to run the adprep /domainprep command.
  • Domain naming master - The Domain naming master role is forest-wide and there is one for each forest. This role is required to add or remove domains or application partitions to or from a forest.
  • RID master - The RID master role is domain-wide and there is one for each domain. This role is required to allocate the RID pool so that new or existing domain controllers can create user accounts, computer accounts or security groups.
  • PDC emulator - The PDC emulator role is domain-wide and there is one for each domain. This role is required for the domain controller that sends database updates to Windows NT backup domain controllers. The domain controller that owns this role is also targeted by certain administration tools and updates to user account and computer account passwords.
  • Infrastructure master - The Infrastructure master role is domain-wide and there is one for each domain. This role is required for domain controllers to run the adprep /forestprep command successfully and to update SID attributes and distinguished name attributes for objects that are referenced across domains.
The Active Directory Installation Wizard (Dcpromo.exe) assigns all 5 FSMO roles to the first domain controller in the forest root domain. The first domain controller in each new child or tree domain is assigned the three domain-wide roles. Domain controllers continue to own FSMO roles until they are reassigned by using one of the following methods:
  • An administrator reassigns the role by using a GUI administrative tool.
  • An administrator reassigns the role by using the ntdsutil /roles command.
  • An administrator gracefully demotes a role-holding domain controller by using the Active Directory Installation Wizard. This wizard reassigns any locally-held roles to an existing domain controller in the forest. Demotions that are performed by using the dcpromo /forceremoval command leave FSMO roles in an invalid state until they are reassigned by an administrator.
We recommend that you transfer FSMO roles in the following scenarios:
  • The current role holder is operational and can be accessed on the network by the new FSMO owner.
  • You are gracefully demoting a domain controller that currently owns FSMO roles that you want to assign to a specific domain controller in your Active Directory forest.
  • The domain controller that currently owns FSMO roles is being taken offline for scheduled maintenance and you need specific FSMO roles to be assigned to a “live” domain controller. This may be required to perform operations that connect to the FSMO owner. This would be especially true for the PDC Emulator role but less true for the RID master role, the Domain naming master role and the Schema master roles.
We recommend that you seize FSMO roles in the following scenarios:
  • The current role holder is experiencing an operational error that prevents an FSMO-dependent operation from completing successfully and that role cannot be transferred.
  • A domain controller that owns an FSMO role is force-demoted by using the dcpromo /forceremoval command.
  • The operating system on the computer that originally owned a specific role no longer exists or has been reinstalled.
As replication occurs, non-FSMO domain controllers in the domain or forest gain full knowledge of changes that are made by FSMO-holding domain controllers. If you must transfer a role, the best candidate domain controller is one that is in the appropriate domain that last inbound-replicated, or recently inbound-replicated a writable copy of the “FSMO partition” from the existing role holder. For example, the Schema master role-holder has a distinguished name path of CN=schema,CN=configuration,dc=<forest root domain>, and this mean that roles reside in and are replicated as part of the CN=schema partition. If the domain controller that holds the Schema master role experiences a hardware or software failure, a good candidate role-holder would be a domain controller in the root domain and in the same Active Directory site as the current owner. Domain controllers in the same Active Directory site perform inbound replication every 5 minutes or 15 seconds. 

The partition for each FSMO role is in the following list:

FSMO rolePartition
SchemaCN=Schema,CN=configuration,DC=<forest root domain>
Domain Naming MasterCN=configuration,DC=<forest root domain>
PDCDC=<domain>
RIDDC=<domain>
InfrastructureDC=<domain>


A domain controller whose FSMO roles have been seized should not be permitted to communicate with existing domain controllers in the forest. In this scenario, you should either format the hard disk and reinstall the operating system on such domain controllers or forcibly demote such domain controllers on a private network and then remove their metadata on a surviving domain controller in the forest by using the ntdsutil /metadata cleanup command. The risk of introducing a former FSMO role holder whose role has been seized into the forest is that the original role holder may continue to operate as before until it inbound-replicates knowledge of the role seizure. Known risks of two domain controllers owning the same FSMO roles include creating security principals that have overlapping RID pools, and other problems.

Transfer FSMO roles

To transfer the FSMO roles by using the Ntdsutil utility, follow these steps:
  1. Log on to a Windows 2000 Server-based or Windows Server 2003-based member computer or domain controller that is located in the forest where FSMO roles are being transferred. We recommend that you log on to the domain controller that you are assigning FSMO roles to. The logged-on user should be a member of the Enterprise Administrators group to transfer Schema master or Domain naming master roles, or a member of the Domain Administrators group of the domain where the PDC emulator, RID master and the Infrastructure master roles are being transferred.
  2. Click Start, click Run, type ntdsutil in the Open box, and then click OK.
  3. Type roles, and then press ENTER. 

    Note To see a list of available commands at any one of the prompts in the Ntdsutil utility, type ?, and then press ENTER.
  4. Type connections, and then press ENTER.
  5. Type connect to server servername, and then press ENTER, where servername is the name of the domain controller you want to assign the FSMO role to.
  6. At the server connections prompt, type q, and then press ENTER.
  7. Type transfer role, where role is the role that you want to transfer. For a list of roles that you can transfer, type ? at thefsmo maintenance prompt, and then press ENTER, or see the list of roles at the start of this article. For example, to transfer the RID master role, type transfer rid master. The one exception is for the PDC emulator role, whose syntax istransfer pdc, not transfer pdc emulator.
  8. At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the ntdsutil prompt. Type q, and then press ENTER to quit the Ntdsutil utility.

Seize FSMO roles

To seize the FSMO roles by using the Ntdsutil utility, follow these steps:
  1. Log on to a Windows 2000 Server-based or Windows Server 2003-based member computer or domain controller that is located in the forest where FSMO roles are being seized. We recommend that you log on to the domain controller that you are assigning FSMO roles to. The logged-on user should be a member of the Enterprise Administrators group to transfer schema or domain naming master roles, or a member of the Domain Administrators group of the domain where the PDC emulator, RID master and the Infrastructure master roles are being transferred.
  2. Click Start, click Run, type ntdsutil in the Open box, and then click OK.
  3. Type roles, and then press ENTER.
  4. Type connections, and then press ENTER.
  5. Type connect to server servername, and then press ENTER, where servername is the name of the domain controller that you want to assign the FSMO role to.
  6. At the server connections prompt, type q, and then press ENTER.
  7. Type seize role, where role is the role that you want to seize. For a list of roles that you can seize, type ? at the fsmo maintenance prompt, and then press ENTER, or see the list of roles at the start of this article. For example, to seize the RID master role, type seize rid master. The one exception is for the PDC emulator role, whose syntax is seize pdc, not seize pdc emulator.
  8. At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the ntdsutil prompt. Type q, and then press ENTER to quit the Ntdsutil utility.

    Notes
    • Under typical conditions, all five roles must be assigned to “live” domain controllers in the forest. If a domain controller that owns a FSMO role is taken out of service before its roles are transferred, you must seize all roles to an appropriate and healthy domain controller. We recommend that you only seize all roles when the other domain controller is not returning to the domain. If it is possible, fix the broken domain controller that is assigned the FSMO roles. You should determine which roles are to be on which remaining domain controllers so that all five roles are assigned to a single domain controller. For more information about FSMO role placement, click the following article number to view the article in the Microsoft Knowledge Base:
      223346 FSMO placement and optimization on Windows 2000 domain controllers
    • If the domain controller that formerly held any FSMO role is not present in the domain and if it has had its roles seized by using the steps in this article, remove it from the Active Directory by following the procedure that is outlined in the following Microsoft Knowledge Base article:
      216498 How to remove data in active directory after an unsuccessful domain controller demotion
    • Removing domain controller metadata with the Windows 2000 version or the Windows Server 2003 build 3790 version of the ntdsutil /metadata cleanup command does not relocate FSMO roles that are assigned to live domain controllers. The Windows Server 2003 Service Pack 1 (SP1) version of the Ntdsutil utility automates this task and removes additional elements of domain controller metadata.
    • Some customers prefer not to restore system state backups of FSMO role-holders in case the role has been reassigned since the backup was made.
    • Do not put the Infrastructure master role on the same domain controller as the global catalog server. If the Infrastructure master runs on a global catalog server it stops updating object information because it does not contain any references to objects that it does not hold. This is because a global catalog server holds a partial replica of every object in the forest.
To test whether a domain controller is also a global catalog server:
  1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Sites and Services.
  2. Double-click Sites in the left pane, and then locate the appropriate site or click Default-first-site-name if no other sites are available.
  3. Open the Servers folder, and then click the domain controller.
  4. In the domain controller's folder, double-click NTDS Settings.
  5. On the Action menu, click Properties.
  6. On the General tab, view the Global Catalog check box to see if it is selected.
For more information about FSMO roles, click the following article numbers to view the articles in the Microsoft Knowledge Base:
197132 Windows 2000 Active Directory FSMO roles
223787 Flexible Single Master Operation transfer and seizure process

Thursday, April 16, 2015

Farewell, Lync: Microsoft Rolls Out Skype for Business

Skype
Important news for businesses using Microsoft's Lync video and Web conferencing platform. As expected, Microsoft's Skype brand has now formally replaced Lync.
Redmond is rolling out the new Skype for Business client as part of its April monthly update for Office 2013 and Office 365 users worldwide. The rollout is expected to be complete by the end of May, at which point all businesses using Lync Online will be transitioned over to Skype for Business.
"Skype for Business is based on the familiar Skype experience that more than 300 million people use every month to connect with friends and family," the Skype for Business team wrote in a blog post. "It is built right into Office, so features like presence, IM, voice and video calls, and online meetings are an integrated part of the Office experience."
One cool thing about Skype for Business is that you can now search for and connect with anyone in the Skype network — inside or outside your organization. In addition, while Lync already let you instant message and call Skype users, the new software lets you video chat with them as well. Microsoft has also added the Skype call monitor, which keeps an active call visible in a small window when you move to another app.

If your business needs some more time to make the transition, don't fret. Admins for current Lync Online or Lync Server users can switch between Skype for Business and the traditional Lync user interface, and control when the updated experience rolls out to their users.Those who currently use Lync Online in Office 365 will see the new Skype for Business user interface in the coming weeks.