Sandro Zamboni
Wednesday, July 29, 2015
Creating Keytab for UNIX machines access in Active Directory
Tuesday, July 28, 2015
10 PowerShell hot pedaling in your Exchange environment
Kill TS sessions remotely
Microsoft Cluster - Disco reserved
Microsoft Windows [Version 6.1.7601]Copyright (c) 2009 Microsoft Corporation. All rights reserved.C: \ Users \ Admin> diskpartMicrosoft DiskPart version 6.1.7601Copyright (C) 1999-2008 Microsoft Corporation.On computer: VMTESTECLUSTER01DISKPART> list diskDisk ### Status Size Free Dyn Gpt--- ----- --- --- - -Disk 0 Online 100 GB 1024 KBDisk 1 Online 80 GB 1024 KBDisk 2 Online 600 GB 0 BDisk 3 Online 600 GB 0 BDisk 4 Online 600 GB 0 BDISKPART> select disk 1Disk 1 is now the selected disk.DISKPART> detail diskVMware Virtual Disk SCSI Disk DeviceDisk ID: E87C0E42Type: SASStatus: OnlinePath: 0Target: 1LUN ID: 0Location Path: PCIROOT (0) #PCI (1500) #PCI (0000) #SAS (P00T01L00)Current read-only state: NoRead-only: NoBoot Disk: NoPagefile Disk OnHibernation File Disk OnCrashdump Disk OnClustered Disk OnVolume ### Ltr Label Fs Type Size Status Info---- - ---- - ---- --- --- ---Volume 3 D New Volume NTFS Partition 79 GB HealthyDISKPART>Microsoft Windows [Version 6.1.7601]Copyright (c) 2009 Microsoft Corporation. All rights reserved.C: \ Users \ Admin> diskpartMicrosoft DiskPart version 6.1.7601Copyright (C) 1999-2008 Microsoft Corporation.On computer: VMTESTECLUSTER02DISKPART> list diskDisk ### Status Size Free Dyn Gpt--- ----- --- --- - -Disk 0 Online 100 GB 1024 KBDisk 1 Online 80 GB 1024 KBDisk 2 Online 600 GB 0 BDisk 3 Online 600 GB 0 BDisk 4 Online 600 GB 0 BDISKPART> select disk 1Disk 1 is now the selected disk.DISKPART> detail diskVMware Virtual Disk SCSI Disk DeviceDisk ID: E87C0E42Type: SASStatus: OnlinePath: 0Target: 1LUN ID: 0Location Path: PCIROOT (0) #PCI (1500) #PCI (0000) #SAS (P00T01L00)Current read-only state: NoRead-only: NoBoot Disk: NoPagefile Disk OnHibernation File Disk OnCrashdump Disk OnClustered Disk OnVolume ### Ltr Label Fs Type Size Status Info---- - ---- - ---- --- --- ---Volume 3 D NTFS Partition 79 GB HealthyDISKPART>
Clear-ClusterDiskReservation -Disk 1 -node node1 -Force
Number of active users in AD
(Get-ADUser -filter * | where {$ _. Enabled -eq "True"}). Count
Diskpart / s
select volume 0remove letter = Dassign letter Z =select disk 1Attributes disk clear readonlyonline diskconvert MBRcreate partition primaryassign letter = dformat fs = ntfs quick label = "DATA"ActiveExit
List Domain Group Members
AllGroups = $ @ ()
$ MyGroups = Get-ADGROUP -filter {GroupCategory -eq "Security"} -SearchBase "dc = DOMAIN, DC = LOCAL" -Properties Name, Member | select Name, Member
foreach ($ Group in $ MyGroups) {
$ GroupInfo.'Group Name '= $ Group.Name
$ GroupInfo.'Group Description '= $ Group.Description
foreach ($ Member in $ Group.Member) {
$ User = Get-Member ADUser $ -Properties Name | select Name
$ GroupInfo.'Member Name '= $ User.Name
$ Groupinfo | select 'Group Name', 'Member Name'
$ AllGroups + = $ groupinfo | Select 'Group Name', 'Member Name'
}
}
Set-ExecutionPolicy: Can not set execution policy
. \ UpdateIndexAllMailboxDatabases.ps1: File C: \ Temp \ SCRIPTS \ EXCHANGE \UpdateIndexAllMailboxDatabases.ps1 can not be loaded. The file C: \ Temp \ SCRIPTS \ EXCHANGE \UpdateIndexAllMailboxDatabases.ps1 is not digitally signed. The script will not execute on the system. Please see "get-help about_signing" for more details ..
At line: 1 char: 37
Execution Policy Change
The execution policy helps protect you from scripts That You do not trust. Changing the execution policy might expose you to the security risks described in the help topic at about_Execution_Policies
http://go.microsoft.com/fwlink/?LinkID=135170 . Do you want to change the execution policy?
[Y] Yes [N] No [S] Suspend Help (default is "Y") [?] Y
Set-ExecutionPolicy: Windows PowerShell execution policy successfully updated your, but the setting is overridden by
the policy defined at a more specific scope. Due to the override, your shell will retain its current effective
execution of policy RemoteSigned. Type "Get-ExecutionPolicy -List" to view your execution policy settings.For more
information please see "Get-Help Set-ExecutionPolicy".
At line: 1 char: 1
+ Set-ExecutionPolicy Unrestricted
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo: PermissionDenied: (:) [Set-ExecutionPolicy] SecurityException
+ FullyQualifiedErrorId: ExecutionPolicyOverride, Microsoft.PowerShell.Commands.SetExecutionPolicyCommand
Get-ExecutionPolicy -ListScope ExecutionPolicy
- -----
MachinePolicy RemoteSigned
UserPolicy Undefined
Process Undefined
CurrentUser Undefined
LocalMachine RemoteSigned
Set-ExecutionPolicy: Can not set execution policy. Execution policies at the MachinePolicy or UserPolicy scopes must beset through Group Policy.
Get-ExecutionPolicy -ListScope ExecutionPolicy
- -----
MachinePolicy Bypass
UserPolicy Undefined
Process Undefined
CurrentUser Undefined
LocalMachine RemoteSigned
Verifying GPO Replication
function Get-ADGPOReplication
{
<#
.SYNOPSIS
This function retrieve one or all the GPO and Their report DSVersions and SysVolVersions (Users and Computers)
.DESCRIPTION
This function retrieve one or all the GPO and Their report DSVersions and SysVolVersions (Users and Computers)
.PARAMETER GPOName
Specify the name of the GPO
All .PARAMETER
Specify That You want to retrieve all the GPO (slow if you have a lot of Domain Controllers)
.EXAMPLE
Get-ADGPOReplication -GPOName "Default Domain Policy"
.EXAMPLE
Get-ADGPOReplication -All
.NOTES
Francois-Xavier Cat
lazywinadm
lazywinadmin.comVERSION HISTORY
1.0 22/09/2014 Initial version
Adding some more Error Handling
Fix some typo
#>
#requires -version 3
[CmdletBinding ()]
PARAM (
[Parameter (Mandatory = $ True, ParameterSetName = "One")]
[String []] $ GPOName,
[Parameter (Mandatory = $ True, ParameterSetName = "All")]
[Switch] $ All
)
BEGIN
{
TRY
{
if (-not (Get-Module ActiveDirectory -Name)) {Import-Module ActiveDirectory -Name -ErrorAction Stop -ErrorVariable ErrorBeginIpmoAD}
if (-not (Get-Module -Name GroupPolicy)) {Import-Module -Name GroupPolicy -ErrorAction Stop -ErrorVariable ErrorBeginIpmoGP}
}
CATCH
{
Write-Warning -Message "[BEGIN] Something wrong happened"
IF ($ ErrorBeginIpmoAD) {Write-Warning -Message "[BEGIN] Error while Importing the module Active Directory"}
IF ($ ErrorBeginIpmoGP) {Write-Warning -Message "[BEGIN] Error while Importing the module Group Policy"}
Write-Warning -Message "[BEGIN] $ ($ Error [0] .exception.message)"
}
}
PROCESS
{
FOREACH ($ DomainController in ((Get-ADDomainController -ErrorAction Stop -ErrorVariable ErrorProcessGetDC -filter *). Hostname))
{
TRY
{
IF ($ psBoundParameters ['GPOName'])
{
Foreach ($ GPOItem in $ GPOName)
{
$ GPO = Get-GPO -Name $ GPOItem -Server $ DomainController -ErrorAction Stop -ErrorVariable ErrorProcessGetGPO[PSCustomObject] [ordered] {@
GroupPolicyName = $ GPOItem
DomainController = $ DomainController
UserVersion = $ GPO.User.DSVersion
UserSysVolVersion = $ GPO.User.SysvolVersion
ComputerVersion = $ GPO.Computer.DSVersion
ComputerSysVolVersion = $ GPO.Computer.SysvolVersion
} #PSObject
} #Foreach ($ GPOItem in $ GPOName)
} #IF ($ PsBoundParameters ['GPOName'])
IF ($ psBoundParameters ['All'])
{
$ GPOList = Get-GPO -All -Server $ DomainController -ErrorAction Stop -ErrorVariable ErrorProcessGetGPOAllforeach ($ GPO in $ GPOList)
{
[PSCustomObject] [ordered] {@
GroupPolicyName = $ GPO.DisplayName
DomainController = $ DomainController
UserVersion = $ GPO.User.DSVersion
UserSysVolVersion = $ GPO.User.SysvolVersion
ComputerVersion = $ GPO.Computer.DSVersion
ComputerSysVolVersion = $ GPO.Computer.SysvolVersion
} #PSObject
}
} #IF ($ PsBoundParameters ['All'])
} #TRY
CATCH
{
Write-Warning -Message "[PROCESS] Something wrong happened"
IF ($ ErrorProcessGetDC) {Write-Warning -Message "[PROCESS] Error while running retrieving Domain Controllers with Get-ADDomainController"}
IF ($ ErrorProcessGetGPO) {Write-Warning -Message "[PROCESS] Error while running Get-GPO"}
IF ($ ErrorProcessGetGPOAll) {Write-Warning -Message "[PROCESS] Error while running Get-GPO -All"}
Write-Warning -Message "[PROCESS] $ ($ Error [0] .exception.message)"
}
} #FOREACH
} #PROCESS
}
- Create a .ps1 file containing the code above, or download it here
- Run the script in PS ISE as administrator
- Run the function !!
Saved Queries
Active Directory Queries!!!!!!
Find Groups that contains the word admin
(objectcategory=person)(description=*admin*)
(groupType:1.2.840.113556.1.4.803:=8)
(objectCategory=group)(!member=*)
Finds all groups defined as a Global Group, a Domain Local Group, or a Universal Group
(groupType:1.2.840.113556.1.4.804:=14)
(objectcategory=person)(samaccountname=*Bob*)
(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536)
(&(&(objectCategory=person)(objectClass=user))(|(lastLogon=0)(!(lastLogon=*))))
(objectcategory=person)(!scriptPath=*)
(objectcategory=person)(!profilepath=*)
(objectCategory=person)(objectClass=user)(pwdLastSet=0)(!useraccountcontrol:1.2.840.113556.1.4.803:=2)
(objectCategory=person)(objectClass=user)(!useraccountcontrol:1.2.840.113556.1.4.803:=2)
(objectCategory=person)(objectClass=user)(useraccountcontrol:1.2.840.113556.1.4.803:=16)
(groupType:1.2.840.113556.1.4.803:=4)
(objectcategory=person)(mail=*)
(objectcategory=person)(!mail=*)
(|(objectcategory=user)(objectcategory=group)(objectcategory=contact))(|(description=North*)(company=Contractors*))
(objectcategory=user)(|(mobile=712*)(mobile=155*))
(objectCategory=user)(msNPAllowDialin=TRUE)
Note: server name must be changed
(&(&(&(uncName=*Servername*)(objectCategory=printQueue)(printColor=TRUE))))
(&(&(&objectCategory=user)(mDBUseDefaults=FALSE)))
(&(objectCategory=user)(pwdLastSet=0))
Notice the “>=” that means “Greater than or equal to”.
(objectCategory=user)(badPwdCount>=2)
(objectCategory=computer)(!description=*)
(&(objectCategory=person)(objectClass=user)(msExchHideFromAddressLists=TRUE))
(&(&(&(objectCategory=Computer)(operatingSystem=Windows 2000 Professional)(operatingSystemServicePack=Service Pack 4))))
(&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows XP Professional)(operatingSystemServicePack=Service Pack 2))))))))
(&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows XP Professional)(operatingSystemServicePack=Service Pack 3))))))))
(&(&(&(&(sAMAccountType=805306369)(objectCategory=computer)(operatingSystem=Windows Vista*)(operatingSystemServicePack=Service Pack 1)))))
(sAMAccountType=805306369)
(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2003*)))
(&(&(&(samAccountType=805306369)(primaryGroupID=516)(objectCategory=computer)(operatingSystem=Windows Server 2003*))))
(&(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2008*))))
Wednesday, February 1, 2012
Hyper-V error "User HAD not accepted the EULA"
These days I came across an error in Hyper-V installed on a server Windows Server 2008.A error "User not HAD accepted the EULA" appears on the console's initial Hyper-V and it was not possible to create virtual machines, errors MMC, compatibility of processors, etc ....
Solution:
Microsoft Certification-Tips and tricks in the hour of exam!
It is almost the rule in all courses I teach, the questions regarding the tips to have a good use in the race. ... So I decided to post some tips for a better use of the test without studying certificação.Claro that the tips will not be worth the nothing! And my tips are not rules, over time, each in its own way develops a strategy to perform the tests.
Previously, I posted other tips related to the certification process ...
Microsoft Certification - Where to start?
Microsoft Certification - Dumps
Microsoft Certification - How to study for the exam!
... And soon, I will surely post more! Rss
Now, let's get to! Below are some tips for the hour of trial:
- Choose from the center of evidence:
- The choice of the center is proof enough importante.Prefira testing centers with few machines, so we can limit the amount of people in one room, reducing the chance of those candidates who are talking boring, and "thinking out loud." In the case of centers of tests with many machines (5 or more), look for unpopular times such as weekends in the morning, etc.. (Usually the center of evidence can you tell how many candidates are going to prove in your schedule.).
- Choose the testing centers whose place of application of evidence, is reserved and with little fuss or not to take away your concentration.
- Arrive before the scheduled test:
- Arrive at the center of events, well in advance to start the race with ease, without running, so you arrive, having a coffee, go to the bathroom, finally gets ready physically and mentally, for the hour of trial.
- Research before the race:
- Before the examination starts, go through an assessment of knowledge and experience on the platform and conteúdo.Desde or product involved in the time of the NT that has a legend that if you score the lowest in this study, evidence has been less aggressive in content rss ... .... I do not know if this is real, but as my modesty prevents me from pointing out the highest levels of expertise and experience, always follow this tip! rs
- During the test:
- VERY IMPORTANT for the duration of the test: BE QUIET! I've seen many candidates who studied hard and the hours of proof of purely psychological disarray did not have a good use, so avoid the "white".
- Do not waste time with questions that are not sure of the answers, mark it for review and answer the next!
- Pay attention to the question, there are clues to the person (s) response (s) right (s):
- Attention at the beginning of the issues where we have information regarding the versions of operating systems and network topology and domains.
- Note also in requesting the questão.Muitas times are given information not relevant to the question, just to confuse the candidato.Cuidado expressions as smaller enforce administrative solution faster, more secure solution, finally, calls attention to what really question.
- If the idea does not answer a question, go ahead and mark it for revisão.Na review, analyze better the question in order to undo some of the answers, so maybe it is easier to account for elimination!
These are simple tips that can help in times of trial, especially those just starting out in certificação.No is more than just studying you'll be fine!
I hope it's useful!
Last Send Message
Follow link for the script that lists the date of the last message sent by the recipients! Very useful especially to find inactive objects.
Just run in PS, select your Hub-Transport's range and date.
Virtual Machine Manager error 19999
I had one problem that presented for the SCVMM error opening the console gerenciamento.Como is not enough, the service "Virtual Machine Manager" entered the state of restart (because of the recovery actions in the service properties).
In Event Viewer, I found the following errors:
ID 2604
Database operation failed.
Ensures that the SQL Server is running and configured Correctly, and try the operation again.
ID 19999
Virtual Machine Manager (vmmservice: 8300) has encountered an error and needed to exit the process. Windows generated an error report with the Following Parameters:
Event: VMM20
P1 (appName): vmmservice
P2 (appVersion): 2.0.4271.0
P3 (assemblyName): Utils
P4 (assemblyVer): 2.0.4276.0
P5 (methodName): MVDSqlRetryCommand.ExecuteNonQuery
P6 (ExceptionType): MVDB.NonFatalDbException
P7 (callstackHash): 3e7
The problem in my case it was caused by authentication problems was that the database on a SQL Server SCVMM separado.Os services were running with the LOCAL SYSTEM account ... is necessary in this case, creating a service account, apply rights to that account and specify the database to perform the same services.
Remote Connectivity Analyzer
This URL is in the Toolbox Exchange Server 2010. ...
A good site to have to Favorites:
We are offering Z1br recovery service bases...
We (Z1br) offering recovery service corrupted Exchange databases. ... When the ESEUTIL and isinteg does not work, it's always good to have a letter (Z1br) up his sleeve! Contact http://z1br.com.br
ExchangeStoreDB ID 123
Personal
Follow the link to problem solving in catalog corrupted members of DAG in Exchange Server 2010. The error occurs at the time of activation of the database in another member of the DAG.
http://technet.microsoft.com/en-us/library/ee633475.aspx
I hope it's useful!
Default permissions of the Sysvol folder
They follow a standard NTFS permissions of the SYSVOL folder:
% SystemRoot% \ Windows \ Sysvol
- Clear the Allow inheritable permissions from parent to propagate to this object check box
- Administrators: Full Control
- Authenticated Users: Read, Read & Execute, List Folder Contents and
- Creator Owner: Nothing selected
- Server Operators: Read, Read & Execute, List Folder Contents and
- System: Full Control
% SystemRoot% \ Windows \ Sysvol \ Sysvol
- Clear the Allow inheritable permissions from parent to propagate to this object check box
% SystemRoot% \ Winnt \ Sysvol \ Sysvol \ domain
- Clear the Allow inheritable permissions from parent to propagate to this object check box
% SystemRoot% \ Winnt \ Sysvol \ Sysvol \ domain \ Policies
- Clear the Allow inheritable permissions from parent to propagate to this object check box
- Administrators: Full Control
- Authenticated Users: Read, Read & Execute, List Folder Contents and
- Creator Owner: Nothing selected
- Group Policy Creator Owners: Read, Read & Execute, List Folder Contents, Modify, and Write
- Server Operators: Read, Read & Execute, List Folder Contents and
- System: Full Control
For each file or folder that is located in the% SystemRoot% \ Winnt \ Sysvol \ Sysvol \ domain \ Policies
- Check the Allow inheritable permissions from parent to propagate to this object check box
Sysvol share permissions:
- Administrators: Full Control
- Authenticated Users: Full Control
- Everyone: Read
Reference: http://truetechsolutions.supersized.org/archives/8-Default-Permissions-for-Sysvol.html
MSExchange ADAccess 2114
In a recent project, I experienced a problem (at least by the messages on the Installation Wizard on eSales and Viewer - see image below).. This problem occurred (at least in my case) the installation of the Hub-Transport. Below is the message displayed EventViewer ...
MSEXCHANGEADTOPOLOGYSERVICE.EXE Process (PID = 1256). Topology discovery failed, error 0x80040a02 (DSC_E_NO_SUITABLE_CDC). Look up the Lightweight Directory Access Protocol (LDAP) error code specified in the event description. To this, use Microsoft Knowledge Base article 218185, "Microsoft LDAP Error Codes." Use the information in That article to learn more about the cause and resolution to this error. Use the Ping or PathPing command-line tools to test network connectivity to local domain controllers.
... Such an error occurs in Exchange Server 2007.2010. The resolution is put to the same Exchange server account in the Domain Admin group. After inclusion of the server group, restart the server and reinstall Exchange (if the problem has been presented in time of installation.).
Also spent a similar problem with Exchange Server 2003 ... in this case, the situation was regarding the deletion of an account of the Exchange server object AD.A restoration was carried out via ADRESTORE and even after inclusion of the restored object in the security groups required for Exchange Server Exchange services failed to initialize ....
Appears in the Event Viewer event ID 2114 MSExchange DSAccess.
In this case, I performed the following procedures:
- After the deletion of the object, restore the same with ADRESTORE;
- Add in the server security groups required (in some cases, these steps alone are enough to return to normal services);
- Remove the network cable from the Exchange server;
- Place the Exchange server in Workgroup and restart the server, without attaching the network cable;
- In AD, reset the account of the Exchange server;
- Plug the cable into the Exchange server and put it back in the field;
- Restart the server;
After these procedures, the services back to work!
Another very common procedure for troubleshooting permissions on an Exchange organization, and runs the setup / domainprep command again in DC.
Hope that helps!