首頁

Install Postfix On FreeBSD 11.0(Minimal+ports+src+sshd_enable+disable sendmail)

詳細內容
分類: BSD
發佈: 2017-12-05, 週二 07:17
作者 Super User
點擊數: 37428

freebsd-update fetch
freebsd-update install
reboot

update ports
portsnap fetch
portsnap extract

portsnap fetch update

Install Mysql
cd /usr/ports/databases/mysql57-server
make install WITH_CHARSET=utf8 WITH_XCHARSET=all WITH_COLLATION=utf8_general_ci BUILD_OPTIMIZED=yes BUILD_STATIC=yes WITH_NDB=yes clean

Install Apache + Php
cd /usr/ports/www/apache24
make install clean

cd /usr/ports/lang/php56
make config
add
[X] MAILHEAD   Enable mail header patch

make install clean

cd /usr/ports/lang/php56-extensions
make install clean
add
[X] FTP         FTP support
[X] GD          GD library support
[X] IMAP        IMAP support
[X] MBSTRING    multibyte string support
[X] MCRYPT      Encryption support
[X] MYSQL       MySQL database support
[X] MYSQLI      MySQLi database support
[X] ZIP         ZIP support
[X] ZLIB        ZLIB support


cd /usr/ports/www/mod_php56
make config
add
[X] MAILHEAD   Enable mail header patch
make install clean

cp -rp /usr/local/etc/php.ini-production /usr/local/etc/php.ini

vi /usr/local/etc/apache24/httpd.conf
ServerName www.jason-tang.com
change
DirectoryIndex index.html
to
DirectoryIndex index.html index.htm index.php

AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps


Install Named
cd /usr/ports/dns/bind910
make install clean
vi /usr/local/etc/namedb/named.conf
change
      listen-on       { 127.0.0.1; };
to
//      listen-on       { 127.0.0.1; };

vi /etc/resolv.conf
change to
nameserver 127.0.0.1
nameserver 8.8.8.8

vi /etc/rc.conf
syslogd_enable="YES"
syslogd_flags="-ss"
mysql_enable="YES"
apache24_enable="YES"
named_enable="YES"


reboot


cat /root/.mysql_secret

mysql -u root -p
ALTER USER 'root'@'localhost' IDENTIFIED BY 'test';
exit

/usr/local/etc/rc.d/mysql-server restart


Install Cyrus-sasl
cd /usr/ports/security/cyrus-sasl2
make install clean

vi /usr/local/lib/sasl2/smtpd.conf
pwcheck_method:authdaemond
log_level:3
mech_list: PLAIN LOGIN
authdaemond_path:/var/run/authdaemond/socket

Install Postfix
cd /usr/ports/mail/postfix
make install clean
add
[X] MYSQL     MySQL database support
[X] SASL      Cyrus SASL support (Dovecot SASL is always built in)


Installing postfix-3.1.4,1...
===> Creating groups.
Using existing group 'mail'.
Creating group 'maildrop' with gid '126'.
Creating group 'postfix' with gid '125'.
===> Creating users
Creating user 'postfix' with uid '125'.
Adding user 'postfix' to group 'mail'.
Would you like to activate Postfix in /usr/local/etc/mail/mailer.conf [n]?n


echo 'postfix:  root' >> /etc/aliases
/usr/local/bin/newaliases
chown postfix:postfix /etc/opiekeys

pw groupadd vmail -g 500
pw useradd vmail -u 500 -g 500 -s /sbin/nologin -d /dev/null
mkdir /home/domains
chown -R vmail:vmail /home/domains
chmod -R ug+rwx,o-rwx /home/domains

mkdir /usr/local/etc/postfix/TLS
cd /usr/local/etc/postfix/TLS
openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 7300

Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Hong Kong
Locality Name (eg, city) []:Hong Kong
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Jason Tang Ltd
Organizational Unit Name (eg, section) []:IT
Common Name (eg, YOUR name) []:Jason Tang
Email Address []: Email住址會使用灌水程式保護機制。你需要啟動Javascript才能觀看它

vi /usr/local/etc/postfix/main.cf
myhostname = mail.jason-tang.com
mydomain = jason-tang.com
myorigin = $mydomain
mydestination = $myhostname localhost localhost.$mydomain
mynetworks = 127.0.0.1/32
inet_interfaces = all

virtual_mailbox_base = /home/domains/
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf

virtual_uid_maps = static:500
virtual_gid_maps = static:500

virtual_transport = maildrop
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1

message_size_limit = 51200000
virtual_mailbox_limit = 209715200

broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_security_options = noanonymous
smtpd_sasl_path = smtpd
smtpd_banner=$myhostname ESMTP $mail_name ($mail_version)

smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /usr/local/etc/postfix/TLS/smtpd.pem
smtpd_tls_cert_file = /usr/local/etc/postfix/TLS/smtpd.pem
smtpd_tls_CAfile = /usr/local/etc/postfix/TLS/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

mime_header_checks = regexp:/usr/local/etc/postfix/mime_header_checks.regexp


vi /usr/local/etc/postfix/master.cf
smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING


vi /usr/local/etc/postfix/mysql_virtual_alias_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address
additional_conditions = AND active = '1'

vi /usr/local/etc/postfix/mysql_virtual_domains_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = domain
select_field = description
where_field = domain
additional_conditions = AND active = '1'

vi /usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = maildir
where_field = username
additional_conditions = AND active = '1'

vi /usr/local/etc/postfix/mime_header_checks.regexp
/filename=\"?(.*)\.(bat|cmd|com|pif|exe)\"?$/ REJECT

vi /etc/rc.conf
postfix_enable="YES"

Install Sudo
cd /usr/ports/security/sudo
make install clean

vi /usr/local/etc/sudoers
www ALL=(vmail) NOPASSWD: /usr/local/bin/postfixadmin-mailbox-postcreation.sh, /usr/local/bin/postfixadmin-mailbox-postdeletion.sh, /usr/local/bin/postfixadmin-domain-postdeletion.sh

Install Postfixadmin
cd /usr/ports/mail/postfixadmin
make install clean
add
[X] MYSQL  MySQL database support

1. Copy *.sh Files
cp -rp /usr/local/share/postfixadmin/ADDITIONS/postfixadmin*.sh /usr/local/bin
chmod 755 /usr/local/bin/postfixadmin*.sh

vi /usr/local/bin/postfixadmin-mailbox-postcreation.sh
change
basedir=/var/spool/maildirs
to
basedir=/home/domains

change
maildirmake "$maildir"
to
/usr/local/bin/maildirmake "$maildir"


vi /usr/local/bin/postfixadmin-mailbox-postdeletion.sh
change
basedir=/var/spool/maildirs
trashbase=/var/spool/deleted-maildirs
to
basedir=/home/domains
trashbase=/home/domains


vi /usr/local/bin/postfixadmin-domain-postdeletion.sh
change
basedir=/var/spool/maildirs
trashbase=/var/spool/deleted-maildirs
to
basedir=/home/domains
trashbase=/home/domains


2. Create the MySQL Database
mysql -u root -p
test
CREATE DATABASE postfix;
GRANT ALL ON postfix.* TO postfix@localhost IDENTIFIED BY "postfix";
exit

3. Configure PostfixAdmin
vi /usr/local/www/postfixadmin/config.inc.php
$CONF['configured'] = true;
$CONF['database_type'] = 'mysqli';
$CONF['database_password'] = 'postfix';

$CONF['admin_email'] = Email住址會使用灌水程式保護機制。你需要啟動Javascript才能觀看它';

$CONF['aliases'] = '0';
$CONF['mailboxes'] = '0';
$CONF['maxquota'] = '0';
$CONF['domain_quota_default'] = '0';

$CONF['domain_quota'] = 'NO';

$CONF['vacation'] = 'YES';
$CONF['vacation_domain'] = 'autoreply.jason-tang.com';

$CONF['footer_text'] = 'Return to mail.jason-tang.com PostfixAdmin';
$CONF['footer_link'] = 'http://mail.jason-tang.com/postfixadmin';

$CONF['mailbox_postcreation_script']='/usr/local/bin/sudo -u vmail /usr/local/bin/postfixadmin-mailbox-postcreation.sh';
// $CONF['mailbox_postedit_script'] = '';
$CONF['mailbox_postdeletion_script']='/usr/local/bin/sudo -u vmail /usr/local/bin/postfixadmin-mailbox-postdeletion.sh';
// $CONF['domain_postcreation_script'] = '';
$CONF['domain_postdeletion_script']='/usr/local/bin/sudo -u vmail /usr/local/bin/postfixadmin-domain-postdeletion.sh';

$CONF['new_quota_table'] = 'NO';


4. Configure Apache
vi /usr/local/etc/apache24/httpd.conf
Alias /postfixadmin "/usr/local/www/postfixadmin/"
<Directory "/usr/local/www/postfixadmin">
        Options Indexes
        AllowOverride ALL
        Require all granted
</Directory>

/usr/local/etc/rc.d/apache24 restart

5.http://IP/postfixadmin/setup.php
You should see a list of 'OK' messages.

Change setup password
Setup password           <-------- Input your Setup Password
Setup password (again)   <-------- Input your Setup Password again

And then click "Generate password hash"

If you want to use the password you entered as setup password, edit config.inc.php or config.local.php and set

$CONF['setup_password'] = '8c487e1722baa627e55712178141b21b:518761bc455e27d52eb1ed0faffecb8aeea2c90e';

vi /usr/local/www/postfixadmin/config.inc.php

$CONF['setup_password'] = '8c487e1722baa627e55712178141b21b:518761bc455e27d52eb1ed0faffecb8aeea2c90e';

You should see a list of 'OK' messages.

Create superadmin account
Setup password      <-------- Input your Setup password
Admin:              <-------- Input your Email address(Just for postfixadmin)
Password:           <-------- Input your Password
Password (again):   <-------- Input your Password again

And then click "Add Admin"

The admin Email住址會使用灌水程式保護機制。你需要啟動Javascript才能觀看它 has been added!

You are done with your basic setup.

You can now login to PostfixAdmin using the account you just created.

mv /usr/local/www/postfixadmin/setup.php /usr/local/www/postfixadmin/setup.php.disabled
chmod 000 /usr/local/www/postfixadmin/setup.php.disabled


Install Courier-imap
cd /usr/ports/mail/courier-imap
make install clean
add
[X] AUTH_MYSQL   MySQL support

chmod +x /var/run/authdaemond

vi /usr/local/etc/authlib/authdaemonrc
authmodulelist="authmysql"
authmodulelistorig="authmysql"

vi /usr/local/etc/authlib/authmysqlrc
MYSQL_SERVER            localhost
MYSQL_USERNAME          postfix
MYSQL_PASSWORD          postfix
MYSQL_SOCKET            /tmp/mysql.sock
MYSQL_DATABASE          postfix
MYSQL_USER_TABLE        mailbox
MYSQL_CRYPT_PWFIELD     password
MYSQL_UID_FIELD         '500'
MYSQL_GID_FIELD         '500'
MYSQL_LOGIN_FIELD       username
MYSQL_HOME_FIELD        concat('/home/domains/',maildir)
MYSQL_NAME_FIELD        name
MYSQL_MAILDIR_FIELD     concat('/home/domains/',maildir)
MYSQL_QUOTA_FIELD       concat(quota,'S')
MYSQL_WHERE_CLAUSE      active='1'


cp -rp /usr/local/etc/courier-imap/pop3d.cnf.dist /usr/local/etc/courier-imap/pop3d.cnf
/usr/local/share/courier-imap/mkpop3dcert

cp -rp /usr/local/etc/courier-imap/imapd.cnf.dist /usr/local/etc/courier-imap/imapd.cnf
/usr/local/share/courier-imap/mkimapdcert

/usr/local/share/courier-imap/mkdhparams

vi /usr/local/etc/courier-imap/pop3d-ssl
TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@..."

vi /usr/local/etc/courier-imap/imapd-ssl
TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@..."


vi /etc/rc.conf
courier_authdaemond_enable="YES"
courier_imap_pop3d_enable="YES"
courier_imap_pop3d_ssl_enable="YES"
courier_imap_imapd_enable="YES"
courier_imap_imapd_ssl_enable="YES"

Install Maildrop
cd /usr/ports/mail/maildrop
make WITH_AUTHLIB=yes install clean
[X] AUTH_MYSQL   MySQL support

vi /usr/local/etc/postfix/master.cf
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}

Install Squirrelmail
cd /usr/ports/mail/squirrelmail
make install clean

cd /usr/ports/mail/squirrelmail-translations
make install clean

chown -R www:www /usr/local/www/squirrelmail
/usr/local/www/squirrelmail/configure
10->1->zh_TW->2->utf-8->S->Q

vi /usr/local/etc/apache24/httpd.conf
Alias /webmail "/usr/local/www/squirrelmail/"
<Directory "/usr/local/www/squirrelmail">
        Options Indexes
        AllowOverride ALL
        Require all granted
</Directory>


reboot


Test:
http://IP/postfixadmin
http://IP/webmail


Install clamav
cd /usr/ports/security/clamav
make install clean
[X] MILTER        Compile the milter interface

vi /usr/local/etc/clamav-milter.conf
AddHeader Yes

vi /etc/rc.conf
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
clamav_milter_enable="YES"

/usr/local/etc/rc.d/clamav-clamd restart

/usr/local/bin/freshclam

Install SpamAssassin
cd /usr/ports/security/p5-IO-Socket-SSL
make config
Add
[X] IDN        International Domain Names support
OK

make install clean

cd /usr/ports/mail/spamassassin
make install clean

/usr/local/bin/sa-update

vi /usr/local/etc/mail/spamassassin/local.cf
rewrite_header Subject *****SPAM*****
report_safe 1
required_score 5.0
use_bayes 1
bayes_auto_learn 1


vi /etc/rc.conf
spamd_enable="YES"
spamd_flags="-u spamd -H /var/spool/spamd"

/usr/local/etc/rc.d/sa-spamd restart
chown -R spamd:spamd /root/.spamassassin

cd /usr/ports/mail/spamass-milter
make install clean

vi /usr/local/etc/rc.d/spamass-milter
change
: ${spamass_milter_socket_mode="644"}
to
: ${spamass_milter_socket_mode="777"}


vi /etc/rc.conf
spamass_milter_enable="YES"

vi /usr/local/etc/postfix/main.cf
milter_connect_macros = b j _ {daemon_name} {if_name} {if_addr}
smtpd_milters =
      unix:/var/run/clamav/clmilter.sock
      unix:/var/run/spamass-milter.sock
milter_default_action = accept


Install Virtual Vacation
1. Create a local account
pw groupadd vacation -g 501
pw useradd vacation -u 501 -g 501 -s /sbin/nologin -d /nonexistent -c "Virtual Vacation"

2. Install vacation.pl
mkdir /var/spool/vacation
cp -rp /usr/local/share/postfixadmin/VIRTUAL_VACATION/vacation.pl /var/spool/vacation/vacation.pl
chown -R root:vacation /var/spool/vacation
chmod -R 750 /var/spool/vacation

3. Setup the transport type
vi /usr/local/etc/postfix/master.cf
vacation  unix  -       n       n       -       -       pipe
  flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} -- ${recipient}

4. Setup the transport maps file
vi /usr/local/etc/postfix/main.cf
transport_maps = hash:/usr/local/etc/postfix/transport

vi /usr/local//etc/postfix/transport
autoreply.jason-tang.com       vacation

/usr/local/sbin/postmap /usr/local/etc/postfix/transport

5. Configure vacation.pl
vi /var/spool/vacation/vacation.pl
change
#!/usr/bin/perl -X
to
#!/usr/local/bin/perl -X

our $db_type = 'mysql';
our $db_username = 'postfix';
our $db_password = 'postfix';
our $db_name     = 'postfix';
our $vacation_domain = 'autoreply.jason-tang.com';


/usr/local/etc/rc.d/postfix reload

cd /usr/ports/databases/p5-DBD-mysql/
make install clean

reboot

Active Directory Migration From Windows Server 2000 to Windows Server 2016

詳細內容
分類: Windows
發佈: 2017-12-05, 週二 08:40
作者 Super User
點擊數: 47679

Active Directory Migration From Windows Server 2000 to Windows Server 2008 R2. Then Migration From Windows Server 2008 R2 to Windows Server 2016

WIN2K --> WIN2K8-R2
https://www.stevejenkins.com/blog/2010/01/migrating-an-active-directory-domain-controller-from-windows-2000-to-windows-2008-r2/
https://www.youtube.com/watch?v=OUQq0drYs24
http://www.jason-tang.com/files/it/operating-system/windows/AD-Win2000-To-Win2008-R2.mp4

SMC-FS:

AdsiEdit.msc
Domain NC[smc-fs.jason-tang.com]
->DC=smc,DC=com,DC=hk
->->OU=Domain Controllers
Delete SMC_NT

Run...
cmd
cd c:\winnt\system32
.\regsvr32.exe schmmgmt.dll
OK
mmc
Console-->Add/Remove Snap-in...
Add-->Active Directory Schema-->Add-->Close-->OK
Right Click "Active Director Schema" --> Operations Master...
Click the box before "The Schema may be modified on this Domain Controller."--> OK

Install SFU2-KB919938-X86 to C:\temp
cd C:\temp
C:\temp\Idmschupg.exe
C
......
52 entries modified successfully.

The command has completed successfully


Copy support Folder from WIN2K8-R2 DVD to C:\

cmd

cd C:\support\adprep

adprep32 /forestprep
C
......
Adprep successfully updated the forest-wide information. (<-If you don't get this Information, you can run adprep32 /forestprep again.)



adprep32 /domainprep
Running domainprep ...


Adprep detected that the domain is not in native mode
[Status/Consequence]
Adprep has stopped without making changes.
[User Action]
Configure the domain to run in native mode and re-run domainprep

Start-->Programs-->Administrative Tools-->Active Directory Users and Computers
Right Click-->jason-tang.com-->Properties-->General-->Domain mode--->Change Mode-->Yes-->Apply-->OK-->OK

Check the "Domain mode" on the smc-bs domain controller server(It took 10 minutes to finish in my test)



adprep32 /domainprep

Running domainprep ...

Adprep successfully updated the domain-wide information.

The new cross domain planning functionality for Group Policy, RSOP Planning
Mode, requires file system and Active Directory Domain Services permissions
to be updated for existing Group Policy Objects (GPOs). You can enable this
functionality at any time by running "adprep.exe /domainprep /gpprep" on the
Active Directory Domain Controller that holds the infrastructure operations
master role.
This operation will cause all GPOs located in the policies folder of the
SYSVOL to be replicated once between the AD DCs in this domain.
Microsoft recommends reading KB Q324392, particularly if you have a large
number of Group policy Objects.



adprep32 /domainprep /gpprep

Running domainprep ...


Domain-wide information has already been updated.
[Status/Consequence]
Adprep did not attempt to rerun this operation.



....

Adprep successfully updated the Group Policy Object (GPO) information.


WIN2K8-R2(smc-pdc and smc-bdc)  join the AD(windows 2000 server) and then login as DOMAIN administrator

Start --> Check firewall status --> Turn Windows Firewall on or off --> Turn all the firewalls off

SMC-PDC:

dcpromo.exe

Click the box before "Use advanced mode installation" --> Next --> Next --> Existing forest --> Add a domain controller to an existing domain --> Next --> jason-tang.com -->
My current logged on credentials(SMC\administrator) --> Next --> Next --> Yes --> Next --> Next(DNS GC) --> Yes --> Replicate date over the network from an existing doman controller --> Next
Use this specific domain controller: --> smc-fs.jason-tang.com --> Next --> Next --> Password (and Confirm password) --> Next --> Export settings... --> Desktop --> smc-pdc --> Save --> OK --> Next --> Click the box before "Root on completion"

repadmin /syncall
......
CALLBACK MESSAGE: SyncAll Finished.
SyncAll terminated with no errors.

SMC-BDC:

dcpromo.exe

Click the box before "Use advanced mode installation" --> Next --> Next --> Existing forest --> Add a domain controller to an existing domain --> Next --> jason-tang.com -->
My current logged on credentials(SMC\administrator) --> Next --> Next --> Yes --> Next --> Next(DNS GC) --> Yes --> Replicate date over the network from an existing doman controller --> Next
Use this specific domain controller: --> smc-bs.jason-tang.com --> Next --> Next --> Password (and Confirm password) --> Next --> Export settings... --> Desktop --> smc-bdc --> Save --> OK --> Next --> Click the box before "Root on completion"

repadmin /syncall
......
CALLBACK MESSAGE: SyncAll Finished.
SyncAll terminated with no errors.


Transfer FSMO Roles and Set Up Any Additional Roles
1.Relative ID (RID) Master
2.PDC Emulator
3.Infrastructure Master
4.Domain Naming Master
5.Schema Master

smc-pdc:
Administrative Tools-->Active Directory Users and Computers
Right Click (jason-tang.com) --> Operations Masters...
-->RID---> Change...--> Yes -->OK
-->PDC---> Change...--> Yes -->OK
-->Infrastucture---> Change...--> Yes -->OK --> Close
repadmin /syncall

smc-fs:
Programs --> Administrative Tools --> Active Directory Users and Computers
Right Click (jason-tang.com) --> Operations Masters... --> Check the settings --> Close


smc-pdc:
Administrative Tools --> Active Directory Domains and Trusts
Right Click (Active Directory Domains and Trusts [smc-pdc.jason-tang.com]) --> Operations Master... --> Change... --> Yes --> OK --> Close
repadmin /syncall

smc-fs:
Programs --> Administrative Tools --> Active Directory Domains and Trusts
Right Click (Active Directory Domains and Trusts) --> Operations Master... Check the setting --> Close


smc-pdc:
Run...
cmd
cd c:\windows\system32
.\regsvr32.exe schmmgmt.dll
OK
mmc

File --> Add/Remove Snap-in...
Active Directory Schema --> Add --> OK
Right Click (Active Directory Schema[smc-fs.jason-tang.com])  --> Change Active Directory Domain Controller...
Current Directory Server:
smc-fs.jason-tang.com
Change to:
smc-pdc.jason-tang.com
--> OK --> OK
Right Click (Active Directory Schema[smc-pdc.jason-tang.com])  --> Operations Master... --> Change... --> Yes --> OK --> Close
repadmin /syncall
netdom query fsmo
Schema master               smc-pdc.jason-tang.com
Domain naming master        smc-pdc.jason-tang.com
PDC                         smc-pdc.jason-tang.com
RID pool manager            smc-pdc.jason-tang.com
Infrastructure master       smc-pdc.jason-tang.com
The command completed successfully.


smc-fs:
Run...
cmd
mmc
Console --> Add/Remove Snap-in... --> Add --> Active Directory Schema --> Add --> Close --> OK
Right Click (Active Directory Schema)  --> Operations Master... --> Check the setting (Current Focus:smc-pdc.jason-tang.com) --> Cancel
netdom query fsmo
Schema master               smc-pdc.jason-tang.com
Domain naming master        smc-pdc.jason-tang.com
PDC                         smc-pdc.jason-tang.com
RID pool manager            smc-pdc.jason-tang.com
Infrastructure master       smc-pdc.jason-tang.com
The command completed successfully.

How to migrate a DHCP database from Windows 2000 Server to Windows Server 2008 or Windows Server 2008 R2:
https://blogs.technet.microsoft.com/networking/2009/11/09/how-to-migrate-a-dhcp-database-from-windows-2000-server-to-windows-server-2008-or-windows-server-2008-r2/

smc-fs:
Run...
cmd
net stop dhcpserver
cd %systemroot%\system32\dhcp
jetpack dhcp.mdb temp.mdb

Compacted database dhcp.mdb in 0.250 seconds.
moving temp.mdb => dhcp.mdb
jetpack completed successfully.

Install the Dhcpexim.exe utility, and then start the Dhcpexim.exe utility.
cd C:\Program Files\Resource Kit
Dhcpexim.exe
Click "Export configuration of the local service to a file" --> OK --> Enter a file name in the "File name" box: C:\dhcpdatabase.txt --> Save
Click the scope --> Click the check box before "Disable the selected scopes on local machine before export" --> Export --> OK (The operation completed successfully.)

Click Start --> Programs --> Administrative Tools --> Services
Right click "DHCP Server" --> Stop
Right click "DHCP Server" --> Properties --> Startup type: Disabled --> OK --> Close


smc-fs and smc-bs:
Change the IP addresses of DNS.

smc-fs:
Run...
cmd
dcpromo.exe --> Next --> OK --> Next --> Enter the password and confirm password --> Next --> Next --> Finish --> Restart Now

smc-bs:
Run...
cmd
dcpromo.exe --> Next --> Next --> Enter the password and confirm password --> Next --> Next --> Finish --> Restart Now

smc-fs and smc-bs login as local administrator:
Uninstall DNS,DHCP,WINS
Start --> Settings --> Control Panel --> Add/Remove Programs --> Add/Remove Windows Components --> Networking Services --> Details...
Unclick (DNS, DHCP, WINS) --> OK --> Next --> Next --> Finish --> Close

smc-fs and smc-bs:
Change the name and IP address of the servers.
smc-fs --> smc-fs-old (IP: 192.168.1.249 --> 192.168.1.246)
smc-bs --> smc-bs-old (IP: 192.168.1.253 --> 192.168.1.251)



Copy the file C:\dhcpdatabase.txt from smc-fs to smc-pdc C:\dhcpdatabase.txt.
smc-pdc:
Click Start --> Administrative Tools --> Server Manager --> Roles --> Add Roles --> Next --> Select the "DHCP Server" --> Next --> ...(Follow the instructions in the Add Roles Wizard to complete the installation.)... --> Install --> Close

Run...
cmd
netsh dhcp server import C:\dhcpdatabase.txt all

Command completed successfully.


Click Start --> Administrative Tools --> DHCP
Change the IP addresses of Time,DNS and WINS Server.


smc-pdc and smc-bdc:
Change the IP addresses of DNS.

WINS:
WIN2K8-R2(smc-pdc and smc-bdc) install WINS Server and Add Replication Partnet each other:
Click Start --> Administrative Tools --> Server Manager --> Features --> Add Features --> Select "WINS Server" --> Next --> Install --> Close

smc-pdc:
Click Start --> Administrative Tools --> WINS ---> SMC-PDC[192.168.1.250] --> Right click "Replication Partners" --> New Replication Partnet... --> Enter SMC-BDC ---> OK

smc-bdc:
Click Start --> Administrative Tools --> WINS ---> SMC-BDC[192.168.1.252] --> Right click "Replication Partners" --> New Replication Partnet... --> Enter SMC-PDC ---> OK



smc-pdc:
repadmin /syncall
Start --> Administrative Tools --> Active Directory Users and Computers
Right Click jason-tang.com --> Raise domain functional level...
Current domain functional level:
Windows 2000 native
Select an available domain functional level:
Windows Server 2008 R2
--> Raise --> OK --> OK
repadmin /syncall


Start --> Administrative Tools --> Active Directory Domains and Trusts
Right Click (Active Directory Domains and Trusts [smc-pdc.jason-tang.com]) --> Raise Forest Functional Level...
Current forest functional level:
Windows 2000
Select an available forest functional level:
Windows Server 2008 R2
--> Raise --> OK --> OK


Start --> Administrative Tools-->Active Directory Users and Computers
Right Click jason-tang.com --> Computers
Delete smc-fs and smc-bs





WIN2K8-R2 --> WIN2016:
https://www.youtube.com/watch?v=RCX_1A_-UZU
http://www.jason-tang.com/files/it/operating-system/windows/AD-Win2008-R2-To-Win2016.mp4

WIN2016(smc-fs and smc-bs) join the AD(windows 2008 server) and restart

Login WIN2016(smc-fs and smc-bs) as DOMAIN administrator and then install AD DS and Add as a domain controller to an existing domain.

smc-fs(WIN2016):
Start --> Server Manager --> Add roles and features --> Next --> Next --> Select a server from the server pool (smc-fs) --> Next
Click "Active Directory Domain Services" --> Add Features --> Next --> Next --> Next --> Install --> Click "Promote this server to a domain controller"
Click "Add a domain controller to an existing domain" --> Domain: jason-tang.com --> SMC\administrator(Current user) --> Next
Type the password and confirm password of DSRM --> Next --> Next --> Replicate from: smc-pdc.jason-tang.com --> Next --> Next --> Next --> Install

This server was successfully configured as a domain controller.<-- The server will restart automatically.

smc-bs(WIN2016):
Start --> Server Manager --> Add roles and features --> Next --> Next --> Select a server from the server pool (smc-fs) --> Next
Click "Active Directory Domain Services" --> Add Features --> Next --> Next --> Next --> Install --> Click "Promote this server to a domain controller"
Click "Add a domain controller to an existing domain" --> Domain: jason-tang.com --> SMC\administrator(Current user) --> Next
Type the password and confirm password of DSRM --> Next --> Next --> Replicate from: smc-bdc.jason-tang.com --> Next --> Next --> Next --> Install

This server was successfully configured as a domain controller.<-- The server will restart automatically.


smc-fs(WIN2016):
Login smc-fs as domain administrator
netdom query fsmo
Schema master               smc-pdc.jason-tang.com
Domain naming master        smc-pdc.jason-tang.com
PDC                         smc-pdc.jason-tang.com
RID pool manager            smc-pdc.jason-tang.com
Infrastructure master       smc-pdc.jason-tang.com

Start --> Windows Administrative Tools --> Active Directory Users and Computers --> Right click "jason-tang.com" --> Operations Masters... --> RID --> Change... --> Yes -->OK
PDC --> Change... --> YES --> OK --> Infrastructure --> Change... --> YES --> OK --> Close
netdom query fsmo
Schema master               smc-pdc.jason-tang.com
Domain naming master        smc-pdc.jason-tang.com
PDC                         smc-fs.jason-tang.com
RID pool manager            smc-fs.jason-tang.com
Infrastructure master       smc-fs.jason-tang.com
The command completed successfully.

Start --> Windows Administrative Tools --> Active Directory Domains and Trusts --> Right click "Active Directory Domains and Trusts[smc-fs.jason-tang.com]" --> Operations Master... Change... --> Yes -->OK --> Close
netdom query fsmo
Schema master               smc-pdc.jason-tang.com
Domain naming master        smc-fs.jason-tang.com
PDC                         smc-fs.jason-tang.com
RID pool manager            smc-fs.jason-tang.com
Infrastructure master       smc-fs.jason-tang.com
The command completed successfully.

Run...
cmd
cd c:\windows\system32
.\regsvr32.exe schmmgmt.dll
OK
mmc
File --> Add/Remove Snap-in... --> Active Directory Schema --> Add --> OK
Right click (Active Directory Schema[smc-pdc.jason-tang.com])  --> Change Active Directory Domain Controller...
Current Directory Server:
smc-pdc.jason-tang.com
Change to:
smc-fs.jason-tang.com
--> OK --> OK
Right click (Active Directory Schema[smc-fs.jason-tang.com])  --> Operations Master... --> Change --> Yes --> OK --> Close
netdom query fsmo
Schema master               smc-fs.jason-tang.com
Domain naming master        smc-fs.jason-tang.com
PDC                         smc-fs.jason-tang.com
RID pool manager            smc-fs.jason-tang.com
Infrastructure master       smc-fs.jason-tang.com
The command completed successfully.


Migration from 2008 R2 server to 2016 DHCP:
https://www.youtube.com/watch?v=EMZerVfdxpI
http://www.jason-tang.com/files/it/operating-system/windows/DHCP-Win2008-R2-To-Win2016.mp4

smc-pdc(WIN2008):
Run...
cmd
netsh dhcp server export C:\dhcpbackup.txt all
Command completed successfully.
Click Start --> Administrative Tools --> Services
Right click "DHCP Server" --> Stop
Right click "DHCP Server" --> Properties --> Startup type: Disabled --> OK --> Close


smc-fs(WIN2016):
Click Start --> Server Manager --> Manage --> Add Roles and Features --> Next --> Next --> Next --> Select the "DHCP Server" --> Add Features --> Next --> Next --> Next --> Install --> Close(Installation succeeded on smc-fs.jason-tang.com)

Copy the file C:\dhcpbackup.txt from smc-pdc(WIN2008) to smc-fs(WIN2016) C:\dhcpbackup.txt.
cmd
netsh dhcp server import C:\dhcpbackup.txt all
Command completed successfully.

Click Start --> Windows Administrative Tools --> DHCP --> Scope Options
Change the IP addresses of Time,DNS and WINS Server.


smc-fs and smc-bs:
Change the IP addresses of DNS.

WINS:
smc-pdc and smc-bdc:
Click Start --> Administrative Tools --> Services
Right click "WINS" --> Stop
Right click "WINS" --> Properties --> Startup type: Disabled --> OK --> Close


WIN2016(smc-fs and smc-bs) install WINS Server and Add Replication Partnet each other:
Click Start --> Server Manager --> Manage --> Add Roles and Features --> Next --> Next --> Next --> Next --> Select "WINS Server" --> Add Features --> Next --> Install --> Close(Installation succeeded on smc-fs.jason-tang.com)

smc-fs:
Click Start --> Windows Administrative Tools --> WINS ---> SMC-PDC[192.168.1.249] --> Right click "Replication Partners" --> New Replication Partnet... --> Enter SMC-BS ---> OK
smc-bs:
Click Start --> Windows Administrative Tools --> WINS ---> SMC-BDC[192.168.1.253] --> Right click "Replication Partners" --> New Replication Partnet... --> Enter SMC-FS ---> OK

smc-pdc and smc-bdc:
Change the IP addresses of DNS.

smc-pdc:
Run...
cmd
dcpromo.exe --> Next --> OK --> Next --> Enter the password and confirm password --> Next --> Next --> Click Reboot on completion
Start --> Right click "Computer" --> Properties --> Change settings --> Change... --> Click "Workgroup" --> Type WORKGROUP --> OK --> OK --> OK --> OK --> Close --> Restart Now

smc-bdc:
Run...
cmd
dcpromo.exe --> Next --> OK --> Next --> Enter the password and confirm password --> Next --> Next --> Click Reboot on completion
Start --> Right click "Computer" --> Properties --> Change settings --> Change... --> Click "Workgroup" --> Type WORKGROUP --> OK --> OK --> OK --> OK --> Close --> Restart Now


Migrate File Server Keep NTFS Permission:
https://www.youtube.com/watch?v=uLFvkUqKpeU
http://www.jason-tang.com/files/it/operating-system/windows/Migrate-File-Server-Keep-NTFS-Permission.mp4

Start --> Server Manager --> Manage --> Add Roles and Features --> Next --> Next --> Next --> Next --> Click the box before ".NET Framework 3.5 Features" --> Next
Click "Specify an altemate source path" --> Path: "F:\sources\sxs"(F:<--The driver which is the WIN2016 DVD in) --> OK --> Install --> Close

Install File Server Migration Toolkit 64 bit
Click "File Server Migration Wizard" --> New... --> Next --> Type Name: and Location: --> Next --> Yes --> Click "Use the following DSF root server" --> Next --> Type Location: D:\Share --> Finish
Add Server... --> Server: smc-fs-old --> OK --> Click + --> Chose the Share Folders you want to migrate --> Continue --> OK --> Continue --> Continue --> Yes --> Success - Migration --> OK --> Close

Disabled Downloaded Maps Manager:
Start --> Windows Administrative Tools --> Services --> Right click "Downloaded Maps Manager" --> Properties --> Startup type: Disabled --> OK --> Close