Friday, December 20, 2013

Batchfile loginscript domain check 

ping servername.domain.local -n 1 >NUL
if NOT %ERRORLEVEL%==0 GOTO OFFLINE
  call \\servername.domain.local\share\Extra_Login_Stuff.bat
:OFFLINE

Tuesday, December 10, 2013

Powershell IP address computations

Very neat function for powershell ip computations:
source: technet

function Get-IPrange 
{ 
<#  
  .SYNOPSIS   
    Get the IP addresses in a range  
  .EXAMPLE  
   Get-IPrange -start 192.168.8.2 -end 192.168.8.20  
  .EXAMPLE  
   Get-IPrange -ip 192.168.8.2 -mask 255.255.255.0  
  .EXAMPLE  
   Get-IPrange -ip 192.168.8.3 -cidr 24  
#>  
  
  param  
  (   
    [string]$start,  
    [string]$end,  
    [string]$ip,  
    [string]$mask,  
    [int]$cidr  
  )  
  
  function IP-toINT64 () {  
    param ($ip)  
  
    $octets = $ip.split(".")  
    return [int64]([int64]$octets[0]*16777216 +[int64]$octets[1]*65536 +[int64]$octets[2]*256 +[int64]$octets[3])  
  }  
  
  function INT64-toIP() {  
    param ([int64]$int)  
 
    return (([math]::truncate($int/16777216)).tostring()+"."+([math]::truncate(($int%16777216)/65536)).tostring()+"."+([math]::truncate(($int%65536)/256)).tostring()+"."+([math]::truncate($int%256)).tostring() ) 
  }  
  
  if ($ip) {$ipaddr = [Net.IPAddress]::Parse($ip)}  
  if ($cidr) {$maskaddr = [Net.IPAddress]::Parse((INT64-toIP -int ([convert]::ToInt64(("1"*$cidr+"0"*(32-$cidr)),2)))) }  
  if ($mask) {$maskaddr = [Net.IPAddress]::Parse($mask)}  
  if ($ip) {$networkaddr = new-object net.ipaddress ($maskaddr.address -band $ipaddr.address)}  
  if ($ip) {$broadcastaddr = new-object net.ipaddress (([system.net.ipaddress]::parse("255.255.255.255").address -bxor $maskaddr.address -bor $networkaddr.address))}  
  
  if ($ip) {  
    $startaddr = IP-toINT64 -ip $networkaddr.ipaddresstostring  
    $endaddr = IP-toINT64 -ip $broadcastaddr.ipaddresstostring  
  } else {  
    $startaddr = IP-toINT64 -ip $start  
    $endaddr = IP-toINT64 -ip $end  
  }   
  
  for ($i = $startaddr; $i -le $endaddr; $i++)  
  {  
    INT64-toIP -int $i  
  } 
 
}

Thursday, November 7, 2013

linux force reboot

Saved my day today

echo 1 > /proc/sys/kernel/sysrq 
echo b > /proc/sysrq-trigger

Friday, November 1, 2013

Ubuntu homedir encryption and auto unmounting

Encrypting your homedirectory is generally not a bad idea.
With Ubuntu’s implementation it’s working out of the box.

However, if you are running processes from a “screen” and these processes require data from your homedirectory, they will fail whenever you log out from your ssh session.
It’s because your homedirectory will auto-unmount whenever you log out (eventhough the screen will continue to run).

To NOT auto-unmount your homedirectory, you can remove or rename the following file:

.ecryptfs/auto-umount

Friday, July 12, 2013

Ubuntu LTS and HP ProLiantSupportPack (pt2)

I’ve allready explained this before but some minor things changed.

Here’s how:

  • wget http://downloads.linux.hp.com/SDR/add_repo.sh
  • chmod +x add_repo.sh
  • ./add_repo.sh -v mcp

Not sure if this is still needed (it was allready present at my test system)

  • wget http://downloads.linux.hp.com/SDR/repo/mcp/GPG-KEY-mcp
  • apt-key add GPG-KEY-mcp

Followed by:

  • apt-get update
  • apt-get install hpacucli

Monday, May 13, 2013

Dump Exchange mailbox permissions

A complete script to first dump all exchange mailboxes to .csv and then enumerate all mailbox permissions.
It uses the Exchange 2010 management shell and Quest’s Active Directory Powershell modules.

Usage:

  • Load the script in the ISE editor.
  • Set the two global parameters
  • Run the script
  • first execute: dump_mailboxes (this wil generate a .csv with all mailboxes)
  • then execuite: dump_all_mailbox_permission (this will generate a second .csv with all permissions. Open in Excel to filter) 
echo "-"

$global_ad_domain = "AD.CUSTOMER.LOCAL"
$global_ad_short = "AD"

### Load Modules for Active Directory and Exchange 2010
if (!($QUEST_LOADED))
{
  Add-PSSnapin Quest.ActiveRoles.ADManagement
  Set-QADPSSnapinSettings -DefaultSizeLimit 0

  $logged_on_to = $env:USERDNSDOMAIN
  if (!($logged_on_to -eq "$global_ad_domain"))
  {
    $user = read-host "Enter username in adusername format"
    $pw = read-host "Enter password" -AsSecureString
    connect-QADService -service '$global_ad_domain' -ConnectionAccount $user -ConnectionPassword $pw
  }
  else
  {
    connect-QADService
  }
  
  Set-QADProgressPolicy -ShowProgress $false
  $QUEST_LOADED=$TRUE
  echo "quest loaded"
}

if ($EMS_loaded -eq $NULL)
{
  . 'C:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1'
  echo "- Exchange Management Shell Loaded"
  Connect-ExchangeServer -auto
  $EMS_loaded = $true
  echo "- Exchange Management Shell Connected"
}

### Functions

function dump_mailboxes
{
  $output_file = "d:\temp\mailboxes.csv"
  echo "Name`tAlias" >$output_file
  # $mailboxes = Get-Mailbox -RecipientTypeDetails SharedMailbox
  $mailboxes = Get-Mailbox -resultsize Unlimited
  foreach ($mailbox in $mailboxes)
  {
    $Name = $mailbox.Name
    $Alias = $mailbox.Alias
    echo "$Name`t$Alias" >>$output_file
  }
}

function dump_all_mailbox_permission
{
  $output_file = "d:\temp\mailbox_permissions.csv"
  $lijst = import-csv -delimiter "`t" d:\temp\mailboxes.csv
  $aantal = $lijst.count
  $teller = 0
  write-host "Aantal functionele mailboxen: $aantal"
  echo "Mailbox`tAuthType`tGroup`tSam`tType" >$output_file  
  foreach ($regel in $lijst)
  {
    $teller++
    $Alias = $regel.alias
    write-host "$teller / $aantal -> $Alias"
    mailbox_permissions $Alias >>$output_file
  }
}

function mailbox_permissions($mailbox)
{
  if ($perms = get-mailboxpermission -identity "$mailbox" | where {($_.isinherited -eq $false) -and ($_.User -like "$global_ad_short\*")})
  {
    foreach ($perm in $perms)
    {
      $usr = $perm.User.tostring()
      $typeusr = (get-qadobject -identity $usr -DontUseDefaultIncludedProperties).type
      $usr = $usr.replace("$global_ad_short","")
      $rights = $perm.AccessRights
      if ($typeusr -eq "group")
      {
        $members = get-qadgroupmember -identity "$usr"
        foreach ($member in $members)
        {
          $mbmrsam = $member.samaccountname
          echo "$mailbox`t$typeusr`t$usr`t$mbmrsam`t$rights"
        }      
      }
      else
      {
        echo "$mailbox`t$typeusr`t`t$usr`t$rights"
      }
    }
  }
}

echo "-"

Monday, January 21, 2013

reset domain administrator password on a win2k8r2 DC

Forgot your domain admin password? Whoops.

On a Win2k8r2 domain controller:

  • Boot with the installation media (or any other WinPE kind of media)
  • Go to the System32 directory 
  • ren utilman.exe utilman.exe.bak
  • copy cmd.exe utilman.exe
  • Reboot the system
  • At the logon screen, press Windows Key + U. A command prompt will start. 
  • net user Administrator "!mynewpass123"
  • Log in, start a command prompt. 
  • del utilman.exe
  • copy utilman.exe.bak utilman.exe

done :-)

Friday, January 18, 2013

dns config on a domain controller (best practice)

Sometimes i tend to forget…

As a best practice on a domain controller, always add 127.0.0.1 (locahost) as a DNS server, just not as the first entry!

Source: http://technet.micro … 807362(v=ws.10).aspx