blog.saalmink.nl

Reminder: Look in registry for EnableUPLS and set 1 to 0.

save current installed packages to textfile

dpkg -l | grep ^ii | awk '{print $2}' > installed.txt

re-install packages from textfile

sudo apt-get install $(cat installed.txt)

Plenty of stuff you can find on the internet.
But for my own references:

Basic Ubuntu LTS installation.
If you’re on a public ip, first get your firewall in order. Then install Unifi.

Firewall
Make sure you’re root (sudo -s), then:

apt-get install netfilter-persistent
service netfilter-persistent start
invoke-rc.d netfilter-persistent save
mkdir /etc/iptables/

In this example:
1.2.3.4 = trusted machine that is allowed to connect to the Unifi controller. Probably your own pc
4.5.6.7 = site 1 with AP’s and other ubiquiti stuff
6.7.8.9 = site 2 with AP’s and other ubiquiti stuff

Ports tcp/8080 and udp/3478 are all you need between your ubiquiti equipment and your controller (see link)

Save the following to firewall.sh and execute (replace ip’s with real ip’s):

#!/bin/bash

# Resetting ...
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F

# Setting default policy on incoming traffic
iptables -P INPUT DROP                                                  # DENY INCOMING CONNECTIONS
iptables -P FORWARD DROP                                                # THIS IS NOT A ROUTER

# Exceptions to default policy
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT        # FOR INITIATED CONNECTIONS FROM THIS HOST
iptables -A INPUT -i lo -j ACCEPT                                       # MUSTHAVE (e.g. for MongoDB bind to localhost)
iptables -A INPUT -p tcp --dport 22 -j ACCEPT                           # SSH
iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT                       # PING

# unify test
iptables -A INPUT -p tcp --dport 8443 -s 1.2.3.4 -j ACCEPT       # Connections from management host

iptables -A INPUT -p tcp --dport 8080 -s 4.5.6.7 -j ACCEPT       # UNIFI - INFORM - site1
iptables -A INPUT -p udp --dport 3478 -s 4.5.6.7 -j ACCEPT       # UNIFI - STUN   - site1
iptables -A INPUT -p tcp --dport 8080 -s 6.7.8.9 -j ACCEPT        # UNIFI - INFORM - site2
iptables -A INPUT -p udp --dport 3478 -s 6.7.8.9 -j ACCEPT        # UNIFI - STUN   - site2

# Make persistent
iptables-save >/etc/iptables/rules.v4

Install Unifi
Make sure you’re root (sudo -s), then:

echo 'deb http://www.ubnt.com/downloads/unifi/debian stable ubiquiti' | sudo tee /etc/apt/sources.list.d/100-ubnt-unifi.list
apt-key adv --keyserver keyserver.ubuntu.com --recv 06E85760C0A52C50
apt-get update
apt-get install unifi

.. last but not least, go to: https://ipaddress:8443/

Recent versions of Ubuntu use a built-in firewall. Therefor iptables doesn’t persist after a reboot.
Here’s how:

# Start
sudo service netfilter-persistent start
#Add to startup
sudo invoke-rc.d netfilter-persistent save

$ apt-get install build-essential irssi-dev libglib2.0-dev libssl-dev cmake git
$ git clone https://github.com/falsovsky/FiSH-irssi.git
$ cd FiSH-irssi
$ cmake .
$ make
$ cd src

$ sudo cp libfish.so /usr/lib/i386-linux-gnu/irssi/modules/
or
$ sudo cp libfish.so /usr/lib/irssi/modules/
or 
$ sudo cp libfish.so /usr/lib/x86_64-linux-gnu/irssi/modules/

Favorite settings:

/set mark_encrypted  ·
/set mark_position 0
/save

Get lftp source from http://lftp.yar.ru/get.html
Unpack.

./configure --without-gnutls --with-openssl=/usr/include/openssl/
make

Use the following settings

set ssl:verify-certificate no
set ftp:ignore-pasv-address no
set ftp:prefer-epsv false
set ftp:passive-mode true

dpkg --add-architecture i386
apt-get update
apt-get install libc6:i386 libc6-i386

This is actually not Ubuntu 16 specific, but i need to write it down because i tend to forget this.

Comment the sendmail line in “/etc/smokeping/config.d/pathnames”:

#sendmail = /usr/sbin/sendmail

Set the cgiurl line in “/etc/smokeping/config.d/General”:

cgiurl = http://YOURIPADDRESS/cgi-bin/smokeping.cgi

Add the stuff to “/etc/apache2/conf-available/serve-cgi-bin.conf” so it looks like:

<IfModule mod_alias.c>
        <IfModule mod_cgi.c>
                Define ENABLE_USR_LIB_CGI_BIN
        </IfModule>

        <IfModule mod_cgid.c>
                Define ENABLE_USR_LIB_CGI_BIN
        </IfModule>

        <IfDefine ENABLE_USR_LIB_CGI_BIN>
                ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
                <Directory "/usr/lib/cgi-bin">
                        AllowOverride None
                        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                        Require all granted
                </Directory>
                Alias /smokeping /usr/share/smokeping/www
                <Directory “/usr/share/smokeping/www”>
                        Options FollowSymLinks
                </Directory>
        </IfDefine>
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Enable CGI:

sudo a2enmod cgi

Restart apache and smokeping:

sudo service apache2 restart
sudo service smokeping restart

Initial linear LVM

Create the Pysical Volumes

root@lvmtest:~# pvcreate /dev/sdb /dev/sdc
  Physical volume "/dev/sdb" successfully created
  Physical volume "/dev/sdc" successfully created

Create the Volume Group

root@lvmtest:~# vgcreate MAIN /dev/sdb /dev/sdc

Create the Logical Volume

root@lvmtest:~# lvcreate -n LVMAIN -l 100%FREE MAIN
  Logical volume "LVMAIN" created

Create the filesystem, mount it

root@lvmtest:~# mkfs.xfs /dev/MAIN/LVMAIN

root@lvmtest:~# mkdir /mnt/mylvmvolume

root@lvmtest:~# mount /dev/MAIN/LVMAIN /mnt/mylvmvolume

root@lvmtest:~# df -h | grep MAIN
/dev/mapper/MAIN-LVMAIN   64G   33M   64G   1% /mnt/mylvmvolume

Create extra space

Add two new disks

root@lvmtest:~# pvcreate /dev/sdd /dev/sde
  Physical volume "/dev/sdd" successfully created
  Physical volume "/dev/sde" successfully created

Add the disks to the volumegroup

root@lvmtest:~# vgextend MAIN /dev/sdd /dev/sde

Make it stripe

Now.. you can’t move PE’s between logical volumes. So you have to do a little trick.
Create a mirror (-m 1) of the current data to the recently added space. And make it stripe (—stripes <number of disks>).
Do this in a screen. This can take days, depending on the size!

root@lvmtest:~# lvconvert -m 1 --mirrorlog core --stripes 2 /dev/MAIN/LVMAIN /dev/sdd /dev/sde
  Using default stripesize 64.00 KiB
  MAIN/LVMAIN: Converted: 0.0%
  MAIN/LVMAIN: Converted: 1.0%
  MAIN/LVMAIN: Converted: 2.4%
  MAIN/LVMAIN: Converted: 3.7%
  MAIN/LVMAIN: Converted: 5.1%

While the mirroring is in progress, we look at the stats…
Notice there is only one disk reading (sdb) and two are writing (the striped disks). Perfect!

root@lvmtest:~# iostat -m 2 /dev/sd[b-e]
Linux 3.16.0-45-generic (btrfs)         03/30/2016      _i686_  (2 CPU)

avg-cpu:  %user   %nice %system %iowait  %steal   %idle
           0.00    0.00    1.26    0.00    0.00   98.74

Device:            tps    MB_read/s    MB_wrtn/s    MB_read    MB_wrtn
sdb             117.50        58.75         0.00        117          0
sdc               0.00         0.00         0.00          0          0
sdd             117.50         0.00        29.38          0         58
sde             117.50         0.00        29.38          0         58

.. and a little further down the progress data is read from sdc.

Device:            tps    MB_read/s    MB_wrtn/s    MB_read    MB_wrtn
sdb               0.00         0.00         0.00          0          0
sdc             134.50        67.25         0.00        134          0
sdd             134.50         0.00        33.62          0         67
sde             134.00         0.00        33.50          0         67

Cleanup

Let’s break the mirror and go live with the new disks:

root@lvmtest:~# lvconvert -m0 MAIN/LVMAIN /dev/sdb /dev/sdc
  Logical volume LVMAIN converted.

Remove the old disks from the volume group:

root@lvmtest:~# vgreduce MAIN /dev/sdb /dev/sdc
  Removed "/dev/sdb" from volume group "MAIN"
  Removed "/dev/sdc" from volume group "MAIN"

Remove the pysical volumes:

root@lvmtest:~# pvremove /dev/sdb /dev/sdc
  Labels on physical volume "/dev/sdb" successfully wiped
  Labels on physical volume "/dev/sdc" successfully wiped

There ya go. No downtime. Hot migrated from linear to striped!

When creating full images from one of my rootdisks …

dd if=/dev/sda | bzip2 >/opt/backup/sda.img.bzip2

… i noticed the backups were growing, but the amount of data on the device was not.

Since dd is a full blocklevel- and not a filebased backup, there must be some free space containing old bits and bytes.
The sfill utility can overwrite the freespace with zeroes, giving me better compressed images.

sfill -f -l -l -z /mnt/mountpoint

My script to clean up some stuff.
Seems that those kernel header packages are eating up all inodes on small ext volumes.

#!/bin/sh
nr_of_removed_packages=`dpkg -l | egrep "^rc" | cut -d" " -f3 | wc -l`
nr_of_active_kernels=`ls /boot/vmlinuz* | wc -l`
active_kernels=`ls /boot/vmlinuz* | cut -d" " -f9 | sed -r 's/\/boot\/vmlinuz-//' | sed -r 's/-generic//'`
nr_of_headers_to_be_cleaned=`dpkg -l | grep linux-headers | grep -v headers-generic | cut -d" " -f3 | grep -v "$active_kernels" | wc -l`

if [ "$nr_of_removed_packages" -gt "0" ]; then
  echo "Purge configuration files for removed packages ($nr_of_removed_packages)"
  dpkg --purge `dpkg -l | egrep "^rc" | cut -d" " -f3`
else
  echo "No removed packages"
fi

if [ "$nr_of_headers_to_be_cleaned" -gt "0" ]; then
  echo "Cleaning old kernel headers, but skipping active kernels:"
  echo "$active_kernels"
  echo ""
  echo "Going to clean:"
  dpkg -l | grep linux-headers | grep -v headers-generic | cut -d" " -f3 | grep -v "$active_kernels"
  echo "Wait 5 seconds or break now!!"
  sleep 5
  dpkg --purge `dpkg -l | grep linux-headers | grep -v headers-generic | cut -d" " -f3 | grep -v "$active_kernels"`
else
  echo "No kernel headers to be cleaned"
fi

echo "Done!"

Build/format/mount encrypted LVM volume

cryptsetup -y -v luksFormat /dev/sdc1
cryptsetup luksOpen /dev/sdc1 encrypted-sdc1
pvcreate /dev/mapper/encrypted-sdc1
vgcreate MAIN /dev/mapper/encrypted-sdc1
lvcreate -n LVMAIN -l 100%FREE MAIN
mkfs.ext4 /dev/MAIN/LVMAIN
mount /dev/MAIN/LVMAIN /mnt/lvmtest

Build expansion volume

cryptsetup -y -v luksFormat /dev/sdc2
cryptsetup luksOpen /dev/sdc2 encrypted-sdc2
pvcreate /dev/mapper/encrypted-sdc2

Extend the volumegroup and Logical Volume

vgextend MAIN /dev/mapper/encrypted-sdc2
vgdisplay (and look for the free PE's)
lvextend -l +1830 /dev/MAIN/LVMAIN

(Online) grow the filesystem

resize2fs /dev/MAIN/LVMAIN

Shutdown procedure

umount /mnt/lvmtest
vgchange -an MAIN
cryptsetup luksClose /dev/mapper/encrypted-sdc2
cryptsetup luksClose /dev/mapper/encrypted-sdc1

Start again

cryptsetup luksOpen /dev/sdc1 encrypted-sdc1
cryptsetup luksOpen /dev/sdc2 encrypted-sdc2
vgscan --mknodes
vgchange -ay
mount /dev/MAIN/LVMAIN /mnt/lvmtest

This example hot-migrates an existing LVM volume spanned over 3 disks to a new LVM volume spanned over 3 disks.

Prerequisites:

• lvm2 (apt-get install lvm2)
• 3 disks to start with
• 3 new disks to be added. Disks in this example are 100% identical!

Current LVM

This first part you probably already have, since you want to migrate this volume. But i’m going to create it anyway as part of the whole documentation.
I’m not going to work with partitions and just use the whole disks.

Create the Pysical Volumes

root@lvmtest:~# pvcreate /dev/sdb /dev/sdc /dev/sdd
  Physical volume "/dev/sdb" successfully created
  Physical volume "/dev/sdc" successfully created
  Physical volume "/dev/sdd" successfully created

Create the Volume Group

root@lvmtest:~# vgcreate MAIN /dev/sdb /dev/sdc /dev/sdd

Create the Logical Volume

root@lvmtest:~# lvcreate -n LVMAIN -l 100%FREE MAIN
  Logical volume "LVMAIN" created

Create the filesystem, mount it

root@lvmtest:~# mkfs.xfs /dev/MAIN/LVMAIN

root@lvmtest:~# mkdir /mnt/mylvmvolume

root@lvmtest:~# mount /dev/MAIN/LVMAIN /mnt/mylvmvolume

root@lvmtest:~# df -h | grep MAIN
/dev/mapper/MAIN-LVMAIN   24G   33M   24G   1% /mnt/mylvmvolume

Put some data on it

root@lvmtest:/mnt/mylvmvolume# dd if=/dev/zero of=blabla.txt bs=1M count=1000
1000+0 records in
1000+0 records out
1048576000 bytes (1.0 GB) copied, 5.93346 s, 177 MB/s

Add new disks and create the mirror

Add new disks to the machine.

Prepare the new disks:

root@lvmtest:~# pvcreate /dev/sde /dev/sdf /dev/sdg
  Physical volume "/dev/sde" successfully created
  Physical volume "/dev/sdf" successfully created
  Physical volume "/dev/sdg" successfully created

Add the disks to the existing Volume Group

root@lvmtest:~# vgextend MAIN /dev/sde /dev/sdf /dev/sdg

Create a mirror (-m1) of the current data to the recently added space.
Do this in a screen. This can take days, depending on the size!

root@lvmtest:~# lvconvert -m1 --corelog MAIN/LVMAIN /dev/sde /dev/sdf /dev/sdg
  MAIN/LVMAIN: Converted: 0.0%
  MAIN/LVMAIN: Converted: 2.8%
  MAIN/LVMAIN: Converted: 10.6%
  MAIN/LVMAIN: Converted: 20.2%
  MAIN/LVMAIN: Converted: 29.9%
  MAIN/LVMAIN: Converted: 39.1%
  MAIN/LVMAIN: Converted: 48.8%
  MAIN/LVMAIN: Converted: 58.3%
  MAIN/LVMAIN: Converted: 67.8%
  MAIN/LVMAIN: Converted: 77.5%
  MAIN/LVMAIN: Converted: 87.1%
  MAIN/LVMAIN: Converted: 96.8%
  MAIN/LVMAIN: Converted: 100.0%

The mirror is live.

During the conversion, you might see some nice figures using iostat

Device:            tps    MB_read/s    MB_wrtn/s    MB_read    MB_wrtn
sdb             126.00         0.00        63.00          0        126
sdc               0.00         0.00         0.00          0          0
sdd               0.00         0.00         0.00          0          0
sde             126.00        63.00         0.00        126          0
sdg               0.00         0.00         0.00          0          0
sdf               0.00         0.00         0.00          0          0
sda               0.00         0.00         0.00          0          0
dm-0              0.00         0.00         0.00          0          0
dm-1           1004.00        62.75         0.00        125          0
dm-2           1008.00         0.00        63.00          0        126

Break the mirror and go live with the new disks

Create 0 copies (-m0) for the devices that will be removed, a.k.a. breaking the mirror.

root@lvmtest:~# lvconvert -m0 MAIN/LVMAIN /dev/sdb /dev/sdc /dev/sdd

Remove the devices from the Volume Group

root@lvmtest:~# vgreduce MAIN /dev/sdb /dev/sdc /dev/sdd
  Removed "/dev/sdb" from volume group "MAIN"
  Removed "/dev/sdc" from volume group "MAIN"
  Removed "/dev/sdd" from volume group "MAIN"

Remove the Physical Volumes

root@lvmtest:~# pvremove /dev/sdb /dev/sdc /dev/sdd
  Labels on physical volume "/dev/sdb" successfully wiped
  Labels on physical volume "/dev/sdc" successfully wiped
  Labels on physical volume "/dev/sdd" successfully wiped

That’s it.. Hot migrated!

root@lvmtest:~# df -h | grep MAIN
/dev/mapper/MAIN-LVMAIN   24G   11G   14G  42% /mnt/mylvmvolume

HP’s website didn’t seem to work today. Just when i needed an offline ACU iso.

Seems they can be found here:

ftp://ftp.hp.com/ftp1/pub/softlib2/software1/pubsw-windows/p1067040366/

After swapping a couple of defective harddisks, i was wondering why i never got a predictive failure from my Areca controller.
The weird thing is: the logging shows warnings:

2014-08-24 23:15:37  IDE Channel #08  Reading Error
2014-08-24 23:15:28  IDE Channel #08  Reading Error
2014-08-24 23:15:19  IDE Channel #08  Reading Error
2014-08-24 23:15:10  IDE Channel #08  Reading Error

However.. the controller doesn’t seem to do anything with the s.m.a.r.t. values.
Here’s a script you might want to use as a base to get your monitoring up and running.

#!/bin/bash

CLI="/path/to/cli32"

NR_OF_PORTS=`$CLI disk info | wc -l`
# subtract 4 to get rid of the formatting and determine the real number of disks
NR_OF_PORTS=`expr $NR_OF_PORTS - 4`
echo "Controller has $NR_OF_PORTS ports"

for (( i=1; i<=$NR_OF_PORTS; i++ ))
do
  RELOC_SECT=`$CLI disk smart drv=$i | grep "Reallocated Sector Count" | awk '{print $9}'`
  if [ -z "$RELOC_SECT" ]; then
    echo "Port $i = No Disk"
  else
    echo "Port $i = $RELOC_SECT"
  fi
done

Quest active directory powershell module has this nice property for user and computer objects: ParentContainer
Microsoft’s native ActiveDirectory module doesn’t.
I’m using this property a lot because it looks much more friendly than the CanonicalName.
Here’s a simple function to achieve the same.

function CanonicalName_to_ParentContainer ($cname)
{
  try
  { 
    $lastslash = $cname.lastindexof("/")
    $cname.substring(0,$lastslash)
  }
  catch
  {
    $cname
  }
}

My lifesaver:

create and chmod +x the file:

/etc/grub.d/15_Windows

Add this code:

#! /bin/sh -e
echo "Adding Windows" >&2
cat << EOF
menuentry "Windows" {
set root=(hd0,1)
chainloader +1
}
EOF

for grub2:

grub2-mkconfig -o /boot/grub2/grub2.cfg

or:

grub-mkconfig -o /boot/grub/grub.cfg

By default, powershell uses your regional settings. So when importing data from external files, a simple get-date or typecast to [DateTime] does not always give the correct value.
With the template below, you can interpret any format.

PS> $timeinfo = '12 07 2012 18 02'
PS> $template = 'HH mm yyyy dd MM'
PS> [DateTime]::ParseExact($timeinfo, $template, $null) 
Samstag, 18. Februar 2012 12:07:00

Values can be:

d     Day of month 1-31
dd    Day of month 01-31
ddd   Day of month as abbreviated weekday name
dddd  Weekday name
h     Hour from 1-12
H     Hour from 1-24
hh    Hour from 01-12
HH    Hour from 01-24
m     Minute from 0-59
mm    Minute from 00-59
M     Month from 1-12
MM    Month from 01-12
MMM   Abbreviated Month Name
MMMM  Month name
s     Seconds from 1-60
ss    Seconds from 01-60
t     A or P (for AM or PM)
tt    AM or PM
yy    Year as 2-digit
yyyy  Year as 4-digit
z     Timezone as one digit
zz    Timezone as 2-digit
zzz   Timezone

ping servername.domain.local -n 1 >NUL
if NOT %ERRORLEVEL%==0 GOTO OFFLINE
  call \\servername.domain.local\share\Extra_Login_Stuff.bat
:OFFLINE

Very neat function for powershell ip computations:
source: technet

function Get-IPrange 
{ 
<#  
  .SYNOPSIS   
    Get the IP addresses in a range  
  .EXAMPLE  
   Get-IPrange -start 192.168.8.2 -end 192.168.8.20  
  .EXAMPLE  
   Get-IPrange -ip 192.168.8.2 -mask 255.255.255.0  
  .EXAMPLE  
   Get-IPrange -ip 192.168.8.3 -cidr 24  
#>  
  
  param  
  (   
    [string]$start,  
    [string]$end,  
    [string]$ip,  
    [string]$mask,  
    [int]$cidr  
  )  
  
  function IP-toINT64 () {  
    param ($ip)  
  
    $octets = $ip.split(".")  
    return [int64]([int64]$octets[0]*16777216 +[int64]$octets[1]*65536 +[int64]$octets[2]*256 +[int64]$octets[3])  
  }  
  
  function INT64-toIP() {  
    param ([int64]$int)  
 
    return (([math]::truncate($int/16777216)).tostring()+"."+([math]::truncate(($int%16777216)/65536)).tostring()+"."+([math]::truncate(($int%65536)/256)).tostring()+"."+([math]::truncate($int%256)).tostring() ) 
  }  
  
  if ($ip) {$ipaddr = [Net.IPAddress]::Parse($ip)}  
  if ($cidr) {$maskaddr = [Net.IPAddress]::Parse((INT64-toIP -int ([convert]::ToInt64(("1"*$cidr+"0"*(32-$cidr)),2)))) }  
  if ($mask) {$maskaddr = [Net.IPAddress]::Parse($mask)}  
  if ($ip) {$networkaddr = new-object net.ipaddress ($maskaddr.address -band $ipaddr.address)}  
  if ($ip) {$broadcastaddr = new-object net.ipaddress (([system.net.ipaddress]::parse("255.255.255.255").address -bxor $maskaddr.address -bor $networkaddr.address))}  
  
  if ($ip) {  
    $startaddr = IP-toINT64 -ip $networkaddr.ipaddresstostring  
    $endaddr = IP-toINT64 -ip $broadcastaddr.ipaddresstostring  
  } else {  
    $startaddr = IP-toINT64 -ip $start  
    $endaddr = IP-toINT64 -ip $end  
  }   
  
  for ($i = $startaddr; $i -le $endaddr; $i++)  
  {  
    INT64-toIP -int $i  
  } 
 
}

Saved my day today

echo 1 > /proc/sys/kernel/sysrq 
echo b > /proc/sysrq-trigger

Encrypting your homedirectory is generally not a bad idea.
With Ubuntu’s implementation it’s working out of the box.

However, if you are running processes from a “screen” and these processes require data from your homedirectory, they will fail whenever you log out from your ssh session.
It’s because your homedirectory will auto-unmount whenever you log out (eventhough the screen will continue to run).

To NOT auto-unmount your homedirectory, you can remove or rename the following file:

.ecryptfs/auto-umount

I’ve allready explained this before but some minor things changed.

Here’s how:

• wget http://downloads.linux.hp.com/SDR/add_repo.sh
• chmod +x add_repo.sh
• ./add_repo.sh -v mcp

Not sure if this is still needed (it was allready present at my test system)

• wget http://downloads.linux.hp.com/SDR/repo/mcp/GPG-KEY-mcp
• apt-key add GPG-KEY-mcp

Followed by:

• apt-get update
• apt-get install hpacucli

A complete script to first dump all exchange mailboxes to .csv and then enumerate all mailbox permissions.
It uses the Exchange 2010 management shell and Quest’s Active Directory Powershell modules.

Usage:

• Load the script in the ISE editor.
• Set the two global parameters
• Run the script
• first execute: dump_mailboxes (this wil generate a .csv with all mailboxes)
• then execuite: dump_all_mailbox_permission (this will generate a second .csv with all permissions. Open in Excel to filter)

echo "-"

$global_ad_domain = "AD.CUSTOMER.LOCAL"
$global_ad_short = "AD"

### Load Modules for Active Directory and Exchange 2010
if (!($QUEST_LOADED))
{
  Add-PSSnapin Quest.ActiveRoles.ADManagement
  Set-QADPSSnapinSettings -DefaultSizeLimit 0

  $logged_on_to = $env:USERDNSDOMAIN
  if (!($logged_on_to -eq "$global_ad_domain"))
  {
    $user = read-host "Enter username in adusername format"
    $pw = read-host "Enter password" -AsSecureString
    connect-QADService -service '$global_ad_domain' -ConnectionAccount $user -ConnectionPassword $pw
  }
  else
  {
    connect-QADService
  }
  
  Set-QADProgressPolicy -ShowProgress $false
  $QUEST_LOADED=$TRUE
  echo "quest loaded"
}

if ($EMS_loaded -eq $NULL)
{
  . 'C:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1'
  echo "- Exchange Management Shell Loaded"
  Connect-ExchangeServer -auto
  $EMS_loaded = $true
  echo "- Exchange Management Shell Connected"
}

### Functions

function dump_mailboxes
{
  $output_file = "d:\temp\mailboxes.csv"
  echo "Name`tAlias" >$output_file
  # $mailboxes = Get-Mailbox -RecipientTypeDetails SharedMailbox
  $mailboxes = Get-Mailbox -resultsize Unlimited
  foreach ($mailbox in $mailboxes)
  {
    $Name = $mailbox.Name
    $Alias = $mailbox.Alias
    echo "$Name`t$Alias" >>$output_file
  }
}

function dump_all_mailbox_permission
{
  $output_file = "d:\temp\mailbox_permissions.csv"
  $lijst = import-csv -delimiter "`t" d:\temp\mailboxes.csv
  $aantal = $lijst.count
  $teller = 0
  write-host "Aantal functionele mailboxen: $aantal"
  echo "Mailbox`tAuthType`tGroup`tSam`tType" >$output_file  
  foreach ($regel in $lijst)
  {
    $teller++
    $Alias = $regel.alias
    write-host "$teller / $aantal -> $Alias"
    mailbox_permissions $Alias >>$output_file
  }
}

function mailbox_permissions($mailbox)
{
  if ($perms = get-mailboxpermission -identity "$mailbox" | where {($_.isinherited -eq $false) -and ($_.User -like "$global_ad_short\*")})
  {
    foreach ($perm in $perms)
    {
      $usr = $perm.User.tostring()
      $typeusr = (get-qadobject -identity $usr -DontUseDefaultIncludedProperties).type
      $usr = $usr.replace("$global_ad_short","")
      $rights = $perm.AccessRights
      if ($typeusr -eq "group")
      {
        $members = get-qadgroupmember -identity "$usr"
        foreach ($member in $members)
        {
          $mbmrsam = $member.samaccountname
          echo "$mailbox`t$typeusr`t$usr`t$mbmrsam`t$rights"
        }      
      }
      else
      {
        echo "$mailbox`t$typeusr`t`t$usr`t$rights"
      }
    }
  }
}

echo "-"

Forgot your domain admin password? Whoops.

On a Win2k8r2 domain controller:

• Boot with the installation media (or any other WinPE kind of media)
• Go to the System32 directory

• ren utilman.exe utilman.exe.bak

• copy cmd.exe utilman.exe

• Reboot the system
• At the logon screen, press Windows Key + U. A command prompt will start.

• net user Administrator "!mynewpass123"

• Log in, start a command prompt.

• del utilman.exe

• copy utilman.exe.bak utilman.exe

done :-)