Archive | November, 2008

PowerGUI, a graphical user interface and script editor for Windows PowerShell!

27 Nov

What is PowerGUI?

PowerGUI is an extensible graphical administrative console for managing systems based on Windows PowerShell. These include Windows OS (XP, 2003, Vista), Exchange 2007, Operations Manager 2007 and other new systems from Microsoft. The tool allows to use the rich capabilities of Windows PowerShell in a familiar and intuitive GUI console.

PowerShell is built-in feature under Windows Server 2008

Download PowerShell for Windows Vista, Windows 2003 and Windows XP

Download PowerGUI

Power Packs

Active Directory:

Microsoft Operations Manager (MOM):


Microsoft Exchange:




User manuals

For PowerGUI and QAD cmdlets user manuals and FAQ please visit PowerGUI wiki.


Latest PowerGUI and QAD cmdlets news can be found at our team members’ blogs:

Videos and Flash Demos

Don’t forget to post your comments 🙂


XP as Domain Controller :)

27 Nov

This is very funny XP machine as a domain controller

1) Create a share called SYSVOL on an XP machine

2) Try to unshare the directory you shared as SYSVOL.

3) You will get a nice warning stating:

“This share is required for the machine to act properly as a domain controller. Removing it will cause a loss of functionality on all clients that this domain controller serves. Are you sure you wish to stop sharing SYSVOL?”


But do not worry – unsharing SYSVOL on XP will not break your AD. This is just an example of code reuse that Microsoft does.

Don’t forget to post your comments 🙂


Useful Blog:
Guy Teverovsky:

ADRestore GUI version

27 Nov

Accidentally deleted user, computer account or OU’s from Active Directory. Don’t worry, now you can get them back using ADRestore tool using GUI interface.

Though there is a command line version of tombstone reanimation tool called adrestore – sysinternals, many people are not CLI savvies and having a GUI version of this functionality could really help them out.

Insight on tombstone: Reanimating Active Directory Tombstone Objects – By Gil Kirkpatrick
Gil Kirkpatrick’s article at Technet

Main features:

  • Browsing the tombstones
  • Domain Controller targeting
  • Can be used with alternative credentials (convenient if you do not logon to your desktop as Domain Admin, which you should never do anyway)
  • User/Computer/OU/Container reanimation
  • Preview of tombstone attributes

Here are some sceenshots:

Enumerating tombstones

Previewing the tombstone attributes

Restoring a deleted user account

Notice that if you delete an OU with accounts in it, you will have to restore first the OUs the accounts were in, otherwise the reanimation of the child object will fail. It is not enough to create an OU with the same name as this will be a totally new object in AD and child object’s lastKnowParent attribute will still reference the deleted OU. Here is a walthrough:

Initial state:

TestOU organizational unit is deleted:

State of tombstones (notice that lastKnownParent attribute of user and computer accounts reference the deleted OU):

OU is restored (lastKnowParent points to the restored OU’s distinguished name):

Both computer and user accounts that resided in TestOU are reanimated:

Download ADRestore.NET

Don’t forget to post your comments 🙂


Useful Blogs:

ADRestore Rewrite: 
Reanimating Active Directory Tombstone Objects:

Hyper-V Videos by John Savill

27 Nov

One of the most useful videos I have found on the internet, for Hyper-V. Thanks to John Savill for his efforts and time.

Don’t forget to post your comments 🙂


32-bit Memory Management Explained

20 Nov

Windows 32-bit Operating Systems implement a virtual memory system based on a flat 32-bit address space.  32-bits of address space translates into 4GB of virtual memory.  A process can access up to 4GB of memory address space (using the /3GB switch changes this behavior – and we’ll cover that in a later post).

You can’t have a discussion of Memory Management basics, without distinguishing between Kernel-mode and User-mode memory.  The system space (aka Kernel space) is the portion of the address space in which the OS and kernel-mode drivers reside.  Only kernel-mode code can access this space.  User-mode threads can access data only in the context of their own process.  User-mode threads cannot access data within another processes space directly, nor can it access the system address space directly.  Kernel-mode drivers are trusted by the OS and can access both kernel and user space.  When a driver routine is called from a user thread, the thread’s data remains in the user-mode space.  However, the kernel-mode driver can access the user-mode data for the thread and access the kernel-mode space.


OK – so looking at the diagram above, we can see how the 4GB memory address space is divided.  Windows allocates the lower half of the 4GB address space (from 0x00000000 to 0x7FFFFFFF) to processes for their own unique private storage, and reserves the other half (from 0x80000000 to 0xFFFFFFFF) for the Operating System’s use.  Virtual memory provides a view of memory that does not necessarily correspond to the physical layout of memory.

Kernel memory chart for Windows 2003 Server:


Default                            ( /PAE for 6-16GB )



Free System PTE: 51k          Paged Pool: 282MB 
Non Paged Pool: 212MB

Free System PTE: 32k          Paged Pool: 163MB 
Non Paged Pool: 131MB


Free System PTE: 196k          Paged Pool: 360MB 
Non Paged Pool: 262MB

Free System PTE: 16k          Paged Pool: 262MB
Non Paged Pool: 131MB


Free System PTE: 195k         Paged Pool: 360MB
Non Paged Pool: 262MB

Free System PTE: 14k
Paged Pool: 262MB
Non Paged Pool: 131MB


Free System PTE: 106k          Paged Pool: 336MB 
Non Paged Pool: 285MB

Free System PTE: 15k          Paged Pool: 258MB 
Non Paged Pool: 154MB


Free System PTE: 186k          Paged Pool: 366MB 
Non Paged Pool: 262MB

Free System PTE: 12k          Paged Pool: 239MB 
Non Paged Pool: 131MB


Free System PTE: 182k          Paged Pool: 366MB 
Non Paged Pool: 262MB

Free System PTE: 12k          Paged Pool: 225MB 
Non Paged Pool: 131MB


Free System PTE: 175k          Paged Pool: 366MB 
Non Paged Pool: 262MB

Free System PTE: 12k         Paged Pool: 196MB 
Non Paged Pool: 131MB


Free System PTE: 167k          Paged Pool: 366MB 
Non Paged Pool: 262MB

Free System PTE: 12k          Paged Pool: 169MB 
Non Paged Pool: 131MB

What is /3GB?:

/3GB is a switch used within the Boot.ini to Increase the size of a user process address space from 2 GB to 3G B. This in-turn reduces the Kernel space from 2 GB to 1 GB. This is a positive aspect for virtual-memory-intensive applications such as database servers a larger address space can improve their performance. For an application to take advantage of this feature, however, two additional conditions must be met: the system must be running Windows 2000 Advanced Server or Datacenter Server or Windows 2003 (All Editions) and the application .exe must be flagged as a 3-GB-aware application

With the /3GB switch we enable 3 GB area of  user-mode memory for programs to use. This feature can expand the virtual address range for user-mode memory from 0x0000000 through 0xBFFFFFF (the user-mode address range is typically from 0x00000000 through 0x7FFFFFFF). The range of memory that is available for kernel-mode components shrinks from 0x80000000-0xFFFFFFFF to 0xC0000000-0xFFFFFFFF.


What is /USERVA?:

Windows 2003 Servers and Windows XP SP1 incorporate a new /USERVA switch to work in conjunction with /3GB switch. You can use the /userva= switch for more precise tuning of user and kernel virtual memory space in the Windows Server 2003 family. Use this new switch with the /3GB switch in the Boot.ini file to tune the User-mode space to a value between 2 and 3 gigabytes (GB), with the difference being given back to Kernel mode.


Useful Blogs:

Windows Internals Mark Russinovich’s: 
Memory Management – Demystifying /3GB :
Memory Management:

Performance Analysis of Logs (PAL) Tool

20 Nov

Tired of parsing the Perfmon (*.blg) manually. Let PAL make your job easier, give you html output and highlight high thresholds.


Project Description
Ever have a performance problem, but don’t know what performance counters to collect or how to analyze them? The PAL (Performance Analysis of Logs) tool is a new and powerful tool that reads in a performance monitor counter log (any known format) and analyzes it using complex, but known thresholds (provided). The tool generates an HTML based report which graphically charts important performance counters and throws alerts when thresholds are exceeded. The thresholds are originally based on thresholds defined by the Microsoft product teams and members of Microsoft support, but continue to be expanded by this ongoing project. This tool is not a replacement of traditional performance analysis, but it automates the analysis of performance counter logs enough to save you time. This is a VBScript and requires Microsoft LogParser (free download).


  • Thresholds files for most of the major Microsoft products such as IIS, MOSS, SQL Server, BizTalk, Exchange, and Active Directory.
  • An easy to use GUI interface which makes creating batch files for the PAL.vbs script.
  • A GUI editor for creating or editing your own threshold files.
  • Creates an HTML based report for ease of copy/pasting into other applications.
  • Analyzes performance counter logs for thresholds using thresholds that change their critieria based on the computer’s role or hardware specs.

Download Link:  

To use PAL

The PAL tool is primarily a VBScript that requires arguments/parameters passed to it in order to properly analyze performance monitor logs. In v1.1 and later of PAL, a GUI interface has been added to help with this process.


Operating Systems
PAL runs successfully on all of the following operating systems: Windows XP SP2, Windows Vista, and Windows 2003 Server. 32-bit only due to OWC11 requirements.
Note: The optional GUI (windows form) portion of PAL requires the Microsoft .NET Framework v2.0.

Log Parser 2.2
Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key data sources on the Windows® operating system such as the Event Log, the Registry, the file system, and Active Directory®. PAL uses the Log Parser tool to query perform logs and to create charts and graphs for the PAL report.

Microsoft Office Web Components 2003
Log Parser requires the Office Web Components 2003 in order to create charts.

Watch online at:
Download it ( from:

Related Blogs and Reviews
Clint Huffman’s Windows Performance Analysis Blog
Mike Lagase’s Exchange Performance Analysis Blog
Two Exchange Server Tools You Should Know About


Failover Clustering Windows 2008 Videos by John Savill

19 Nov

One of the most useful videos I have found on the internet, for failover clustering. Thanks to John Savill for his efforts and time.

Don’t forget to post your comments 🙂