CMRS / Georgia

Step 1:
look at (-h) on dc1-keble, note data type required (existing .csv’s from previous years visible in dc1-keblescriptscsv) – NOTE NO SPACE BETWEEN “,” and [FirstName]!!
match provided data to this format, generating OWL credentials to finalise (use txt file for OWL generation including one name per line (surname,firstname middle(s))

execute from dc1-keble using appropriate flags
Now the data exists in local table

execute localimport.php twice on
this then creates entries in the card and people tables of the database

Back on dc1-keble execute [ -m -c] to check (m) and commit (c) differences in the cars & people tables to active directory, creating the new accounts.


Outlook 2007 to 2010 and NK2

With Outlook 2010+ on Exchange 2010+ NK2 files are deprecated and replaced with server side(ish) secret listings.

To export 2007 NK2’s seamlessly:

1. copy .nk2 file from user dir (in XP that’s “%USERPROFILE%Application DataMicrosoftOutlook*.nk2”

2. create the new directory “%appdata%MicrosoftOutlook” on the recipient machine

3, drop the copied nk2 in (assuming it’s named Outlook.nk2

4. Setup Outlook 2010 on new PC using the Outlook profile (or match name to nk2 name or vice versa)

5. the nk2 is then imported into the users 2010 profile on the server and renamed .file!



Microsoft BitLocker TPM Initialization in Domain

First set the OU containers permissions to allow the NTSELF user of systems to write back TPM-ownerinformation, required when first initializing the TPM client:

1. Open Active Directory Users and Computers.

2. Select the OU where you have all computers which will have Bitlocker turned ON.

3. Right Click on the OU and click Delegate Control.

4. Click Next and then click Add.

5. Type SELF as the Object Name.

6. Select create a custom task to delegate.

7. From the object in the folder, select Computer Objects.

8. Under show these permissions, select all 3 checkbox.

9. Scroll down in permissions and select the attribute Write msTPM-OwnerInformation.

10. Click Finish.

11. CUSTOM: Now add the computer to the AD Group named “bitlocker”

12. CUSTOM: Finally power up client, turn on TPM and then initialize TPM in Windows

13. CUSTOM: Enable bitlocker (must be logged in as local/domain admin) and check AD comp object for keys

Next follow the MS article on configuring AD / Bitlocker


To manage the keys you’ll need to register the BitLocker viewer from RSAT as detailed by MS here

Must be run as a domain admin:     regsvr32.exe BdeAducExt.dll