Mark Minasi's Windows 2000/NT/XP/2003 Newsletter
Issue #31 March 2003

To subscribe, visit To unsubscribe, link to To change e-mail address, switch between HTML or text format, etc., link to  Visit the Archives at  Please do NOT reply to this mail; for comments, please link to  Document copyright 2003 Mark Minasi.

What's Inside

  • News: 
    • "XP Professional for Support Professionals" in Kansas City April 3/4
    • Two NEW Audio CDs: "12 Tips to Secure Your Network" and "Tuning 2000, XP and 2003"
    • Windows Server 2003 Ships On April 24
    • NEW Server 2003/2000 Seminar In Honolulu, LA, DC
    • You Folks Crashed Yahoo! But The Tuning Talk's In Reruns
    • Join Me In Denmark April 29/30!
  • Tech Section
    • Split-Brain And AD-Integrated DNS Sometimes Don't Mix
    • Finding "Search Active Directory"
    • Restoring a Tape in Windows 2000 When NTBACKUP Won't Recognize It
    • Internet Explorer Cannot Save JPEG (.JPG) Files
    • PowerPoint Monopolizes the CPU With More Than 250 Slides
    • Fixing Media Player When It Only Plays Black & White
    • Neat SIDTONAME Utility
  • Conferences
  • Bring a Seminar to Your Site


Hello all --

Happy March and it is indeed a happy one, at least for me -- Mastering Windows Server 2003 is done and so is the new Server class, and a couple of new audio CDs are on the way.  You folks wanted more audio CDs, so I've taken two of my most popular talks and put them on CD.  

I've also got six technical pieces for you this month -- three server-based problems and solutions and three desktop-based problems and solutions, as well as a great free utility.  I hope you'll find something that you find useful.  But first, let me try to keep the news blurbs short:

"XP Professional for Support Professionals" in Kansas City April 3/4

Take the next step in becoming a complete XP guru in KC early next month with the course that picks up where Mastering Windows XP Professional left off.  We've got a few seats left -- read the course brochure at and get signup info at Other cities there too!

Two New Audio CDs: "12 Tips to Secure Your Network" and "Tuning 2000, XP and 2003"

Many of you have liked the other audio CDs and want to know when more are coming... so here they are, and if you act quickly, you can get them at a special price if you buy before 10 April 2003.  On that date I will start shipping a two-CD talk "12 Tips to Secure Your Network," an expanded version of a talk that thousands have attended, and a one-CD talk "Tuning 2000, XP and 2003" the lowdown on getting the most out of your systems.  Info on the security talk at and info on the tuning talk at

NEW Server 2003/2000 Seminar In Honolulu, LA, DC

After two successful years, my popular two-day Windows 2000 Server seminar needed a refresh and restructuring, and it got it.  Now its sole focus is in getting AD running and keeping it working, with loads of neat VMWare demos and equal time for 2000 and 2003.  The seminar outline is at and you can find public seminar dates at

You Folks Crashed Yahoo! But The Tuning Talk's In Reruns

It was great to hear so many positive things from the thousands of you that tuned into TechTarget's Webcast last month on tuning.  I was sorry to hear that so many of you couldn't hear it or got dropped off.  Apparently so many of you tried to tune in on the tuning talk that you actually tripled the previous maximum audience for a TechTarget talk.  They run it on Yahoo! Enterprise Services and apparently there was too little bandwidth and too many of you ... so the servers just fell over.  All I can say is that I'm honored by your support, and thank you.

But if you do want to hear the broadcast, it's still around at although of course it's not live.

Join Me In Denmark April 29/30!

My European friends often e-mail to ask when I'll be speaking on The Continent.  Now I've got an answer -- April 29/30 in Denmark.  The IT Solutions Group has hired me to present several topics over two days, including an overview of what's new in Windows Server 2003, some in-depth discussion of AD maintenance, troubleshooting and migration, how to secure a network, and how to tune systems.  It'll be fast-paced, educational and fun, so I hope you'll come join me!  More info at

Tech Section

This month: more DNS, the skinny on searching Active Directory, forcing 2000's Backup to recognize a tape and restore from it, what to do when IE won't let you save JPG files, cracking the mystery of PowerPoint's CPU hogging behavior, and knowing what it means when Media Player only plays in black and white.

Split-Brain And AD-Integrated DNS Sometimes Don't Mix

I've covered proper DNS setup in past newsletters, but I've not taken up a special problem that can occur called "island DNS."  Under island DNS, you get a situation wherein each domain controller/DNS server registers itself in its copy of DNS, but no other domain controllers, so every DNS server/DC machine essentially lives on its own "island."  (Remember that in AD-integrated DNS, you can anoint multiple domain controllers as DNS servers and they all then behave as if they are the primary DNS server for that zone.)

Island DNS only pops up in a particular combination of circumstances:

  • It can only happen in your forest's root domain, the first domain created in your Active Directory.
  • Island DNS only happens when you're using AD-integrated zones.
  • It only happens when you're doing split-brain DNS.
  • Island DNS can only occur if you have more than one domain controller in the forest root domain acting as a DNS server.  If you were, in contrast, to only use one DC as an AD-integrated DNS server and put DNS on some member server and put it in the role of a secondary DNS server for the domain's zone, then you don't have to worry about island DNS.

If you're doing all four things -- running AD-integrated DNS for the root domain in your forest using more than one DC as a DNS server and doing split-brain DNS -- then there's a workaround.  Normally in split-brain DNS you'd configure every DNS server's "preferred DNS server" to point to itself, but in an island DNS situation, follow these rules:

  • Choose one DC/DNS server in the forest root domain; any one will do.  Let's call it the "DNS master."  Point it to itself.
  • For all other DC/DNS servers, first point them to the DNS master.  Then point them to another DNS server.  But never point them to themselves.

For example, suppose we've got two DNS servers in domain, named DC1 and DC2.  We'd make DC1 the "master DNS" server and then configure the servers like so:

  • DC1: set preferred DNS to DC1, and don't set an alternate DNS.
  • DC2: set preferred DNS to DC1, and, as there are no other DNS servers around to act as the alternate, don't set an alternate either.

If we had three DNS servers -- DC1, DC2, and DC3 -- then we'd set it up this way:

  • DC1: set preferred DNS to DC1, and don't set an alternate DNS.
  • DC2: set preferred DNS to DC1, and set alternate to DC3.
  • DC3: set preferred DNS to DC1, and set alternate to DC2.

Never point DC2 or DC3 to itself, and you'll no longer be marooned on DNS Island.

Finding "Search Active Directory"

As Active Directory becomes more prevalent and Microsoft updates more and more of its software, the day draws nearer when we'll be able to shut off NetBIOS forever.  But when we do, we'll also shut off Network Neighborhood forever, and the days of doubleclicking on server icons in NetHood are also over.

But people often ask, "then how do I find shares on file servers?"  I really have to get around to writing an article on the details of this, but the short version is that you put an entry in the Active Directory describing the file share's contents and location, and then people search the AD to find that share.  (It's also called "publishing a share in AD."  The problem then becomes, "how do I search the AD?"

In my opinion, Microsoft's dropped the ball on this one, as finding the particular interface to search the AD can be a nightmare.  First of all, the "search the AD" icon lives in different places depending on (1) which OS you're running -- 2000, XP, 2003 or the earlier ones with the AD client, (2) whether or not your system is connected to an AD at the moment, and (3) in the case of XP, what theme you've got loaded -- for example, I learned early on to turn off Folder Tasks pretty quickly, but it's only with Folder Tasks enabled that you can get to the "search the AD" icon.

MR&D Forum member Michael D'Angelo pointed out in a recent online discussion that you can always get to the "search the AD" dialog box by typing this command:

rundll32.exe dsquery.dll,OpenQueryWindow

You can alternatively create a shortcut to it and place it on users' desktops.  By the way, case is important -- openquerywindow won't work, OpenQueryWindow will.  Thanks, Michael!

And by the way, in case you're wondering how to find "Search Active Directory" from the 2000 and XP GUIs, here's how.  (I include this because it's one of my Top Five questions this month for some reason.) In all cases, the icon only appears if you're sitting at a computer that is a member of an Active Directory while you're logged in with an account that is a member of that Active Directory.

From Windows 2000, it's fairly simple.

  1. Open My Network Places.
  2. Open "Entire Network."
  3. Open the "Directory" icon.
  4. You'll see an icon for your domain; right-click it and choose "Find..."

From there you can search your AD from 2000.  From XP, the process is a bit longer.

  1. Open My Network Places
  2. Open "Entire Network."
  3. Click Tools/Folder Options.
  4. Choose "Show common tasks in folders."
  5. Click OK.
  6. Widen the window sufficiently that "Network Tasks" is visible on the left-hand part of the window; one of the options will be "Search Active Directory."

Now you can search your AD.  Once you've enabled "show common tasks in folders," then you'll always have the "Search Active Directory" icon in your "Network Tasks" list.

Restoring a Tape in Windows 2000 When NTBACKUP Won't Recognize It

I probably ought to buy Backup Exec or ArcServe or Ultrabac or some other tape backup program, but I continue to use the built in ntbackup.exe program on my Windows 2000 servers for two reasons:  first, I'm cheap, and second, I really want to use the stuff that came free in the box.  I really liked NT 4.0's version of NTBACKUP despite its limitations, as I could at least script it without too much trouble.  But Windows 2000's version of NTBACKUP drives me crazy due to its integration with 2000's Removable Storage Manager (RSM), something that was probably a great idea for folks with big complex backup systems but that has horribly confused the process of using one tape drive to back up a server.

As I explained in an article in Windows and .NET Magazine about a year or so ago, I use two tapes a week to back up my network.  I do a full backup once a week, put that tape away, and then insert another tape and just do differential backups on that tape for the rest of the week.  The whole thing works in batch files with a bit of fiddling, as my article explains (and before you ask yes, I do use more than just two tapes and I rotate them).

I needed to restore a file from a recent backup, so I popped my most recent "full backup" tape into the drive and told NTBACKUP to restore some files from it.  NTBACKUP responded by telling me to insert the tape.  As just HAD inserted the tape, I tried again, but every time it insisted that I hadn't inserted the correct "media."  Grrr... the backups are there, you stupid program... restore them!  But it wouldn't.

I finally surrendered and called Microsoft, as I really needed the file.  (And before you ask yes, that DID cause me to do the how-much-would-I-have-saved-if-I'd-bought-Ultrabac-instead-of-paying-for-this-call? calculation.  Spilled milk and all that.)  The fellow that I talked to was quite helpful, directing me to a Knowledge Base article with this advice.  If you've got a server with a single stand-alone tape drive and you're trying to restore files from a tape but NTBACKUP doesn't recognize that you've inserted the tape, then do this.

  1. Eject the tape from the drive.
  2. Start NTBACKUP (Start/Program Files/Accessories/System Tools/Backup) and click the Restore tab.
  3. You'll see an icon with the name of your backup tape drive -- mine's called "DLT," for example -- you'll see one or more backup sets.  Delete them all.  Note that this does not delete any tapes; it just deletes the (defective) table of contents that Windows 2000's Backup program keeps of your tapes.  When it asks if you're sure, tell it that you are indeed sure.
  4. Reinsert the tape into the tape drive.
  5. Backup will raise a dialog named "New Import Media," asking what to do with this "new" tape.  Choose "Allocate this media to Backup now."
  6. In the Resore pane of Backup, you'll see a tape icon with a name like "Media created <some date> at <some time>;" right-click it an choose Catalog.
  7. The system will run the tape a while, reading its contents and building a catalog of the tape.
  8. Once finished cataloging the tape, you can restore any and all files from it, as you normally would.

Had I used the right search phrases I could have found this for myself but, as anyone who frequents the Knowledge Base knows, sometimes it's just a matter of luck whether or not you find your article.  But my thanks go to the KB, the article saved my data!

Internet Explorer Cannot Save JPEG (.JPG) Files

Since my last newsletter, I've run into a handful of desktop problems with Internet Explorer, PowerPoint, and Media Player.  In every case these irritations seemed to arise out of nowhere and, thankfully, I was able to resolve them all... but it was also true that in every case the solutions were completely unexpected.

The first one appeared in Internet Explorer.  As you probably know, you can save a local copy of a JPG or GIF file by right-clicking on the file and choosing "Save as..."  I tried it a few weeks back and found that IE wouldn't give me the option to save as a JPG or GIF -- it only offered .BMP, the Windows Bitmap format!  A bit more experimentation showed that if I put an MPEG or MP3 file on my Web site, visited my Web site and tried to save the file by right-clicking it, then "Save As..." no longer appeared at all.

The solution?  Apparently when the space set aside for "Temporary Internet Files" fills up, then for some reason IE can no longer save graphics as anything but bitmaps, and it gives up altogether for some other formats, including MPEGs and MP3s.  The fix was to click Tools/Internet Options and the General tab, and then, in the "Temporary Internet files" section, click the "Delete Files..." button and tell IE to wipe out all of the cached files.  Then IE's "Save As..." functionality is restored.

PowerPoint Monopolizes the CPU With More Than 250 Slides

Okay, maybe I'm the only guy who'd ever care about this, but I thought I'd pass it along.

In the process of building the new Mastering Windows Server 2003/2000 class, I was surprised to note that Task Manager reported that PowerPoint 2000 was sucking up 92 percent of the CPU time on my workstation... even when I'd minimized PowerPoint and hadn't touched it in an hour!

To make things even odder, I found that simply opening PowerPoint and not feeding it any slides caused its CPU usage to drop to nil.  Opening my presentation cranked the usage to 92 percent again.  So I started paring away slides to figure out if a particular slide had something strange on it that was causing the problem.  After some testing, I found out that giving PowerPoint more than 250 slides caused the CPU drain.  So I guess if you're building a large PowerPoint presentation, break it up into 250-slide groups.

Fixing Media Player When It Only Plays Black & White

I recently noticed that whenever I played MPEG, AVI, or WMV files, they would only play in black and white.  This seemed very odd, as they played in color on every system except my main desktop system.  It'd been doing this for the past few months, but inasmuch as I don't watch all that many videos on my desktop -- I've never quite grasped why anyone would want to watch a movie on a little PC screen -- I didn't think much about it.

I had a few minutes free and the whole thing was bugging me, so I Googled "Media Player troubleshooting" and found a link to a nice Media Player site at and checked it out in the hopes of finding a solution.  (There wasn't one, but I include the link because there is a ton of great Media Player info at the site.)

So I looked at the settings (Tools/Options/Player/Advanced) in Media Player 9 and found that disabling a few of the settings in Video Acceleration -- disabling "Use Overlays" was the most helpful -- returned some of the videos to color.  To bring them all back, I had to go to my Display Properties (on XP or 2003, right-click desktop, choose Properties, then Settings, then the "Advanced" button, then the "Troubleshooting" tab.  On that tab, you'll see a slider labeled "Hardware acceleration."  After playing with it I found that choosing the setting "Disable all DirectDraw and Direct3D accelerations, as well as all cursor and advanced drawing accelerations..."  The videos would then play in color.

But I was still puzzled as to why this had started working all of a sudden on a workstation that was about 15 months old.  Then I remembered that I'd recently purchased a new monitor, the first one that was so clear that I could run my desktop at 1600x1200 and like it!  I restored all of my acceleration and overlay settings and changed my desktop to 1024x768, and once again the colors returned.

What, then, was the root cause?  Simple:  not enough video memory.  I don't really play any graphics-intensive games or even really use much in the way of graphics other than the basic boring text and simple graphics that normal word processing, e-mail, Web browsing and domain administration requires.  As a result, I always buy systems with the simplest, least expensive video card available so I have more to spend on RAM.  In this particular case, however, I outfoxed myself by buying a significant monitor upgrade without considering that I needed to upgrade my video RAM as well.

Neat SIDTONAME Utility

Last week I needed a program that could take a Security ID (SID) and return the user's name.  The Resource Kit and has a free utility called getsid that will convert a user's name to the user's SID, but not the other way around.  I was pleased, then, to stumble across, where the kindly Joe has posted a number of utilities, including sidtoname.exe.

Sidtoname.exe is a pretty smart program; most sid converters need you to tell them what machine to use to go look up a SID in order to return a user name, but sidtoname.exe can usually figure out where to go.  And it's free!  Well worth adding to your toolkit.


I hope you'll join me for a seminar but if you can't attend a class then please consider attending another show:

TechMentor New Orleans April 8-12

A terrific show, headed for a great location.  Great sessions and even better speakers make this real deal.  Industry experts like Bill Boswell, Roberta Bragg, Brian Komar and Jeremy Moskowitz (to name but a few) make this a reliably information-packed event.  Even better, it's located this April in the Wonderful Food Capital of America, New Orleans.  Or, if you're just coming to work, work, work, then you'll like the fact that you can take Microsoft certification tests at half price.  Info at

I will be keynoting with my new talk "The 2003 Report Card."  Server 2003 will be on the eve of shipping so it'll be very timely.  If you can make it then I surely hope to see you there!

IT Solutions Group Copenhagen April 29/30

I'm coming to Denmark April 29/30, where I'll present several topics over two days, including an overview of what's new in Windows Server 2003, some in-depth discussion of AD maintenance, troubleshooting and migration, how to secure a network, and how to tune systems.  It'll be fast-paced, educational and fun, so I hope you'll come join me.  More info at

FREE -- Windows Decisions Chicago May 14-16

Once again TechTarget delivers a Windows 2000/XP/2003 conference with excellent content... free.  Last year's show featured a whole bunch of great speakers on a wide variety of topics and, of course, the price is right, if you qualify.  Visit to apply and we'll see you in Chicago!

Windows Magazine Live! May 18-21 in Phoenix

The magazine that I write for, Windows and .NET Magazine, holds its next Windows Magazine Live! conference in Phoenix this May.  It's a jam-packed set of great talks by some great speakers including of the industry's foremost megacephaloids like Mark Russinovich, Intel's Sean Deuby, IIS Answer Man Brett Hill, Uberscripter Bob Wells and more -- great speakers all and really smart guys.  I'm also doing three talks, including two new ones:  "How To Troubleshoot Any Network Problem" and "The 2003 Report Card," as well as my "Tuning XP, 2000 and 2003" talk.  Watch for more info.  The Phoenix site is always great, don't miss it.

Bring Mark to your site to teach

I'm keeping busy doing Windows Server 2003/2000 seminars and writing, but I've still got time to visit your firm.  In just two days, I'll make your current NT techies into 2000 and/or 2003 techies.  To join the large educational, pharmaceutical, agricultural, aerospace, utility, banking, government, transportation, and other organizations that I've assisted, either take a peek at the course outline at, mail our assistant Jean Snead at, or call her at (757) 426-1431 (only between 9-5 Eastern time, weekdays, please).

Until Next Month...

Have a quiet and safe month.     

Please share this newsletter; I'd like very much to expand this newsletter into a useful source of NT/2000/.2003/XP information.  Please forward it to any associates who might find it helpful, and accept my thanks.  We are now at over 25,000 subscribers and I hope to use this to get information to every single Mastering XP, NT and 2000 Server reader. Thanks for letting me visit with you, and take care -- the economy's coming back soon, I'm sure of it!  Many, many thanks to the readers who have mailed me to offer suggestions, errata, and those kind reviews.  As always, I'm at and please join us at the Forum with technical questions at

To subscribe, visit To change e-mail, format, etc., link to  To unsubscribe, link to Visit the Archives at Please do NOT reply to this mail; for comments, please link to

All contents copyright 2003 Mark Minasi. You are encouraged to quote this material, SO LONG as you include this entire document; thanks.