WINDOWS DESKTOP MANAGEMENT TIPS
How to run the chkdsk utility in Windows 7
Serdar Yegulalp, Contributor
07.06.2010
Rating: -4.00- (out of 5)


Enterprise IT tips and expert advice

Digg This! StumbleUpon Del.icio.us


The most fragile -- yet critical -- component in any computer is the
hard disk. While hard drives have become much more dependable in the
past 15 years, accidents still happen, and when they do, it's your
data that gets chewed up and spat out like digital bubble gum.
To complement the increased reliability of hard drives, the file
systems used with them have also evolved. In Windows, FAT gave way to
FAT32 and now NTFS (New Technology File System) -- or, rather, NTFS
went from a server-only piece of exotica to the file system used on
the desktop.

But a few things haven't changed, and one of them is the tool used to
keep the file system consistent when things go wrong: chkdsk.

What is chkdsk?
Chkdsk's existence is encapsulated in the pronunciation of its name:
check disk. When you run chkdsk from an administrator-level command
line, it analyzes a particular volume -- hard drive, solid-state
drive, removable disk, etc. -- for problems that might indicate an
easily-fixed inconsistency or hardcore data corruption.

The most common form of the chkdsk command is:

chkdsk /f
Where:

is a drive letter, e.g., C:
The /f switch tells chkdsk to fix errors and not simply produce a
report about the state of the disk, which is what happens if you run
chkdsk with the volume name as the only parameter and no other
switches.
Note that running without the /f parameter can return incomplete
information about the nature of the problems on a disk, as shown in
Figure 1.

Figure 1: An instance of chkdsk run without the /f parameter (click to enlarge).


If you run chkdsk without /f, the problems discovered may need to be
fixed before other errors can be repaired. Furthermore, you should
always run chkdsk at least one more time to determine if you need to
repair anything afterwards the initial fix.

Some of the other commonly used switches for chkdsk include the following:

/v -- Runs chkdsk in verbose mode. It explains in great detail which
actions, if any, are being taken as it runs.
/x -- Dismounts the volume to be checked before the check is run. If
you're checking a nonsystem volume, use this option because it
guarantees that the drive will not be accessed by other programs in
the system during the check process. If you don't pass this parameter
and you try to run chkdsk on a volume that's mounted, you'll be asked
if you want to dismount it first. A volume that the system is using,
-- such as the drive with the /Windows directory, can't be dismounted.
Instead, you'll be asked if you want to run the disk check at the next
reboot.
/r -- Attempts to scan for and recover information from bad sectors on
the disk. This option takes a long time to run -- hours on end for
large drives. As a result, it should be used only if you want to
recover information from a damaged disk that's been taken offline from
its host.
/i and /c -- These two options attempt to speed up checking NTFS
volumes by skipping certain indexes and cycles, respectively, within
the folder structure.
For a full list of options, type chkdsk /? in the command line.

Note that chkdsk must always be run with elevated privileges. If you
try to run it as a nonadministrative user, it will print the following
error to the console:

Access Denied as you do not have sufficient privileges. You have to
invoke this utility running in elevated mode.
Chkdsk in action
If chkdsk is needed, it will usually run automatically. For example,
if your system crashes or its power is interrupted, chkdsk may run the
next time the system boots. This happens if one or more of the volumes
in the system has its "dirty bit" set -- a flag on an NTFS volume that
indicates a write was pending for that disk. Chkdsk runs for that
volume to determine if all is well.

Regardless if chkdsk runs automatically or not, you should always run
it on a volume in the following scenarios:

If applications behave strangely or certain files cannot be read after
a blue screen of death (BSOD) or an application crash
If a disk was unmounted from the system without warning (as when a
cable comes unplugged), and it doesn't reliably read when remounted
If a disk appears to have suffered physical damage. Even if it's
readable, it's generally best to inspect it completely if the contents
are critical with the /r option.
The end results of any chkdsk operation are written to the application
log with the event ID 26214, as shown in Figure 2.

Figure 2: The results of a chkdsk operation as written to the
application event log (click to enlarge).


Chkdsk from the Recovery Console
Chkdsk can also run from the Recovery Console in Windows XP. The
options in the Recovery Console version of chkdsk are limited to /p,
which is the same as /f, and /r.

More on desktop management

Book chapter How to run the Chkdsk utility in Windows Vista

Tools Cleaning up PCs with Sysinternals


Running chkdsk from the Recovery Console is one way to determine if
the system volume has been damaged, especially if the system was
unexpectedly shut down and you didn't have an opportunity to schedule
a chkdsk operation beforehand.

Note that running chkdsk from the Recovery Console doesn't log the
output to the application log, since the appropriate services aren't
running.

Chkdsk and self-healing NTFS in Windows 7
Some of the best new features in Windows Vista and Windows 7 were
slipped in under the hood when no one was looking. This includes
Self-Healing NTFS, a feature that improves how errors detected by the
file subsystem would be isolated, scrubbed and repaired in the
background.

As a result of this feature, Chkdsk needs to run less often.

A possible downside of self-healing NTFS is that the spot checks can
silently delete data without the user's knowledge. Personally, I think
this would happen only if you're dealing with flaky disk hardware, but
it's possible to not know about flaky disk hardware until after
something bad occurs.

To that end, Microsoft added BugCheckOnCorrupt to NTFS. This feature
does exactly what you think it does: If the system discovers NTFS
corruption, it throws a blue screen of death and shuts everything down
instead of attempting to spot fix it.

This may sound counterintuitive: Why would you want the system to
crash in such a circumstance? But the idea is to stop the system from
doing anything that might corrupt data, including attempting a repair,
which could do more damage.

Although triggering a bug check may be extreme, it allows you to stop
everything and make an image of the disk, or a backup of the most
crucial data, before attempting a repair operation with chkdsk.

To turn on BugCheckOnCorrupt, issue the following command from an
admin privilege command line:

fsutil behavior set BugcheckOnCorrupt 1
Reboot and then issue the following command, again from an
administrative command line, for each drive you want to check:

fsutil repair set 0x10
The command fsutil repair query determines the repair
status for a given drive. To disable BugCheckOnCorrupt for a
particular drive, use fsutil repair set 0x1; to turn it
off completely systemwide, use fsutil behavior set BugCheckOnCorrupt
0.

Remember, you don't have to set BugCheckOnCorrupt unless you have
doubts about the quality of your disk hardware.

Chkdsk and BugCheckOnCorrupt are critical utilities for monitoring
Windows 7 systems. Knowing how to use them can help you when hardware
goes bad.

EXCHANGE SERVER ADMINISTRATION TIPS
Rebuild an Exchange 2007 server after a crash
Brien Posey, Contributor
06.30.2010
Rating: --- (out of 5)


Exchange Server tips, tutorials and expert advice

Digg This! StumbleUpon Del.icio.us


If you're rebuilding a damaged Exchange 2007 server, the first thing
you need to do is return Windows to a functional state. After
reinstalling Windows you must make sure that your server's disk is
configured identically to how it was on the failed server.

If Windows wasn't damaged during the crash, it's best to leave the
operating system alone. This will save you work, and will also help to
preserve some of the things that are unique to that server.

For example, client access servers almost always have SSL certificates
installed. These certificates are stored locally on the server and
they are not a part of Exchange. Because of this, certificates will
have to be reissued unless you're able to preserve the operating
system.


You also need to install all of Exchange Server's required components,
just as you did when you initially installed Exchange 2007. I also
recommend that you apply the same set of patches to the OS that were
in place before the crash.

After you've installed and configured Windows, you need to attach it
to the domain. And it's critical that you do this correctly. Your
Exchange Server configuration is tied to the computer account, which
is connected to your old server. Before connecting your server to
Active Directory, you must reset the computer account.

To reset the computer account, open Active Directory Users and
Computers and select the Computers container. Next, right-click on the
name of the failed server and select the Reset Account command.
Finally, assign your Exchange Server the same name as the failed
server and then join the domain as you normally would. Do not delete
the old server's computer account. If you do, it will be impossible to
rebuild Exchange Server.

After you've properly configured Windows, it's time to rebuild
Exchange Server 2007. To begin, insert your Exchange installation
media and run the following command:

Setup.exe /M:RecoverServer

Be sure that your installation media includes the same service pack
that was previously installed.

When you execute this command, Setup will:

Check the prerequisite to ensure that all necessary components are installed
Copy Exchange binaries to the server
Use Active Directory to configure the server.
When I first attempted the recovery process, it would not complete
because my edge synchronization had broken. A TechNet article advised
me to use the Exchange Management Shell (EMS) to remove the edge
subscription, then to manually reestablish it once the server was
functioning.

At first I was discouraged because the crash had destroyed the
Exchange Management Console and Exchange Management Shell. However, I
was pleasantly surprised to find that the management tools had been
reinstalled and returned to a functional state when I copied the
Exchange binaries. This made it easy to use the
Remove-EdgeSubscription command to remove my edge subscription. After
that, I was able to rerun Setup and rebuild my server.

About the author: Brien M. Posey, MCSE, is a six-time recipient of
Microsoft's Most Valuable Professional (MVP) award for his work with
Exchange Server, Windows Server, Internet Information Services (IIS),
and File Systems and Storage. Brien has served as CIO for a nationwide
chain of hospitals and was once responsible for the Department of
Information Management at Fort Knox. As a freelance technical writer,
Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D,
Relevant Technologies and other technology companies. You can visit
Brien's personal website at www.brienposey.com.

WINDOWS SYSTEMS AND NETWORK ADMINISTRATION
Alternative PowerShell commands for Active Directory management
Brandon Shell, Contributor
07.06.2010
Rating: --- (out of 5)


Expert advice on Windows-based systems and hardware

Digg This! StumbleUpon Del.icio.us


Previously, we looked at how PowerShell can be used to manage Active
Directory in Windows Server 2008 R2. In this article, we'll cover some
alternatives to the Microsoft cmdlets.

The benefit to these other options is that there are no dependencies
-- well, other than the Active Directory cmdlets themselves. These
cmdlets are provided by Quest Software and my own open source module,
called BSonPosh.


Recent PowerShell columns

Making Windows PowerShell your own

How to customize your Windows PowerShell environment

The terms and commands you absolutely need to know


Quest was really the first on the Active Directory scene, and it has
also been around since the early days of Windows PowerShell (about
four years), so the cmdlets are very mature. They have no dependencies
on anything specific, and while the cmdelts work against all "Active
Directories," they can also target a Quest ActiveRoles Server, which
provides a much higher degree of object management and security.
Outside of that, they behave very much the same as the Microsoft
cmdlets.

The one weakness of these Quest cmdlets is that they don't venture
into the realm of infrastructure management, which is why I wrote the
BSonPosh module to fill the gap. To be clear, my module covers far
more than just Active Directory, but the AD infrastructure management
coverage is pretty good.

While we don't have the time or space to cover the entire set of
cmdlets offered by Quest and BSonPosh, we can take a look at a few of
the more prominent ones in both management categories.

Note: You may notice the Quest cmdlets have a verb prefix of QAD.
This allows
them to play nice with other Active Directory cmdlet providers.

Object management (Quest)

Get-QADUser -- gets a specific user object or does a search for user
objects that match the query

Examples:
# Get the user account for a user with ambiguous name
resolution (ANR)
of BSonPosh
Get-QADUser bsonposh

# Get all the users that have the BSonPosh as manager
Get-QADUser â€"Manager bsonposh
# Get all the users that have the last name "Shell"
using LDAP filter
Get-QADUser -LDAPFilter "(sn=shell)"
For more examples:
Get-help Get-QADUser â€"example

Get-QADComputer -- gets a specific computer object or does a search
for computer objects that match the query

Examples:
# Get all the computers in a given organization unit (OU)
Get-QADComputer -SearchRoot "OU=XenDesktop,DC=Dev,DC=Lab"

# Get all the computers with a given role (i.e. member,
DC, undefined)
Get-QADComputer â€"ComputerRole DC
# Find all Windows 7 machines
Get-QADComputer â€"OSName "Windows 7*"
For more examples:
Get-help Get-QADComputer â€"example

Get-QADGroup -- gets a specific group object or does a search for
group objects that match the query

Examples:
# List all the universal groups
Get-QADGroup -GroupScope 'Universal'

# Get the group members
Get-QADGroup "domain Admins" | select -ExpandProperty
member
# An easier way to get group members
Get-ADGroupMember "Domain Admins"
# Find empty groups
Get-QADGroup â€"empty $true
For more examples:
Get-help Get-QADGroup â€"example

Infrastructure management (BSonPosh)

Get-Forest -- returns the current forest

Examples:
# Get the current forest
Get-Forest

# Get the forest for a specific domain controller (DC)
Get-Forest â€"DomainController CoreDC
For more examples:
Get-help Get-Forest â€"example

Get-Domain -- returns a domain object

Examples:
# Gets the current domain
Get-Domain

# Gets the domain of specified DC
Get-Domain -DomainController CoreDC
For more examples:
Get-help Get-Domain â€"example

Get-DomainController -- returns a domain controller object that
matches the parameters passed

Examples:
# Gets the current domain controller for the user session
Get-DomainController

# Gets domain controllers with specific names (RegEx)
Get-DomainController -Filter "mydc(nyc|dr)\d">
# Returns all DCs in a given domain
Get-DomainController â€"Domain Dev.Lab
For more examples:
Get-help Get-DomainController-example

Get-FSMO -- returns the operation masters for forest/domain

Examples:
# Returns all the Flexible Single Master Operations
(FSMO) for the forest
and domain
Get-FSMO

# Returns just the domain FSMO
Get-FSMO â€"Domain
# Returns the forest FSMO
Get-FSMO â€"Forest
For more examples:
Get-help Get-FSMO â€"example>

Here is a list of all the cmdlets provided with the Quest Active
Directory module:

Add-QADGroupMember

Add-QADMemberOf

Add-QADPasswordSettingsObjectAppliesTo

Add-QADPermission

Approve-QARSApprovalTask

Connect-QADService

Convert-QADAttributeValue

Deprovision-QADUser

Disable-QADUser

Disconnect-QADService

Enable-QADUser

Get-QADComputer

Get-QADGroup

Get-QADGroupMember

Get-QADMemberOf

Get-QADObject

Get-QADObjectSecurity

Get-QADPasswordSettingsObject

Get-QADPasswordSettingsObjectAppliesTo

Get-QADPermission

Get-QADPSSnapinSettings

Get-QADRootDSE

Get-QADUser

Get-QARSAccessTemplate

Get-QARSAccessTemplateLink

Get-QARSApprovalTask

Get-QARSOperation

Move-QADObject

New-QADGroup

New-QADObject

New-QADPasswordSettingsObject

New-QADUser

New-QARSAccessTemplateLink

Reject-QARSApprovalTask

Remove-QADGroupMember

Remove-QADMemberOf

Remove-QADObject

Remove-QADPasswordSettingsObjectAppliesTo

Remove-QADPermission

Remove-QARSAccessTemplateLink

Rename-QADObject

Restore-QADDeletedObject

Set-QADGroup

Set-QADObject

Set-QADObjectSecurity

Set-QADPSSnapinSettings

Set-QADUser

Set-QARSAccessTemplateLink

Unlock-QADUser
And finally, here are all of the Active Directory cmdlets that can be
found in the BSonPosh module:

ConvertTo-DistinguishedName

ConvertTo-DNSName

ConvertTo-Name

ConvertTo-NetbiosName

ConvertTo-Sid

ConvertTo-UACFLag

Get-ADACL

Get-DCConnectionObject

Get-Domain

Get-DomainController

Get-Forest

Get-FSMO

Get-Schema

Get-SchemaClass

Get-SchemaOID

Get-SchemaProperty

Get-SiteLink

Get-Site

New-ADACE

Set-ADACL
You can find more on using these PowerShell cmdlets for Active
Directory object and infrastructure management via the online help for
Quest cmdlets and the source code for BSonPosh.

Miss a column? Check out our Scripting School archive.

ABOUT THE AUTHOR
Brandon Shell has been in the IT industry since 1994. He started out
as a PC tech and general fix-it guy for numerous companies. In 2007,
he joined the PowerShell MVP ranks, and Shell has spent the past
several years building his PowerShell knowledge and helping others
build theirs.