Tiny Deathstars of Foulness

Simple request: Search for all files in a directory and the child directories for a specific pattern and then return the filename without the path to the file. There are a few commandlets we end up needing to use:
  • Get-ChildItem: Creates a recursive array of filenames and pipes that output into the For loop.
  • ForEach-Object: Starts a for loop, looping through the output of the command that has been piped into the loop (much easier than an IFS array IMHO).
  • If: This starts the if pattern that ends after the select-string in the below command, but only dumps the $_.PSPath if the pattern is true.
  • Select-String: Searches for the content in the file.
  • Split-Path: This is the Powershell equivalent of basename and dirname. You can use this commandlet to extract parts of the path to a file. In this case, we’ll use the -Leaf option which effectively runs the basename, or just the file name in the path to a file.
Get-ChildItem -include * -recurse | ForEach-Object { if( ( $(Get-Content $_) | select-string -pattern "Finished processing mailbox") ) { $_.PSPath }} | Split-Path -Leaf You can also search for the files that specifically don’t have that given pattern included in them instead by adding a ! in front of the Get-Content: Get-ChildItem -include * -recurse | ForEach-Object { if( !( $(Get-Content $_) | select-string -pattern "Finished processing mailbox") ) { $_.PSPath }} | Split-Path -Leaf Note: This runs recursively from the existing working directory (and yes, you can use pwd to return a path, just like the bash built-in). Finally, the > operator can then be placed into the end to dump our data to a file: Get-ChildItem -include * -recurse | ForEach-Object { if( !( $(Get-Content $_) | select-string -pattern "Finished processing mailbox") ) { $_.PSPath }} | Split-Path -Leaf > Complete.txt  

April 18th, 2014

Posted In: Active Directory, Microsoft Exchange Server, Windows Server

Tags: , , , , , , , , , , ,

April 12th, 2014

Posted In: Mac OS X Server, Mac Security, Microsoft Exchange Server, Unix, Windows Server

You have a lot of boxes. You would like to be able to parse through the logs of all those boxes at the same time, searching for a given timestamp across a set of machines for a specific string (like a filename or a port number). elasticsearch, logstash and kibana are one way to answer that kind of need. This will involve downloading three separate packages (which for this article, we’ll do in /usr/local) and creating a config file. First, install the latest Java JDK. This is available at jdk8-downloads-2133151.html. The following is going to download the latest version of logstash and untar the package into /usr/local/logstash (I like nesting that logstash-1.4.0 inside logstash so when the next version comes out I can have it there too, I have plenty of space so keeping a couple versions back helps in the event I need some old binary and can’t get to it ’cause they revved out the version I wrote a script against at some point): curl -O mkdir /usr/local/logstash tar zxvf logstash-1.4.0.tar.gz -C /usr/local/logstash Once we have log stash, we’ll grab elastic search similarly: curl -O mkdir /usr/local/elasticsearch tar zxvf elasticsearch-1.0.1.tar.gz -C /usr/local/elasticsearch Then we’ll untar kibana in the same manner: curl -O mkdir /usr/local/kibana tar zxvf kibana-3.0.0.tar.gz -C /usr/local/kibana Next we’ll make a very simple config file that we call /usr/local/stashbox.conf that listens on port 514 for syslog: input { tcp { port => 514 type => syslog } udp { port => 514 type => syslog } } filter { if [type] == "syslog" { grok { match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" } add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] } syslog_pri { } date { match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ] } } } output { elasticsearch { host => localhost } stdout { codec => rubydebug } } Next, we’ll enable elastic search: /usr/local/elasticsearch/elasticsearch-1.0.1/bin/elasticsearch And finally, in a different window we’ll call logstash with that file as the config file: /usr/local/logstash/logstash-1.4.0/bin/logstash -f /usr/local/stashbox.conf Having each of these open in different Terminal windows allows you to see logs in stdout. Next, point a host at your new syslog box. You can use for installing Windows clients or for  a Mac. Once done, let’s get Kibana working. To do so, first edit the config.js. vi /usr/local/kibana/kibana-3.0.0/config.js Locate the elastic search setting and put the name of the host running logstash in there (yes, it can be the same as the actual logstash box as long as you install a web server on the logstash box). Then save the changes. Now move the contents of that kibana-3.0.0 folder into your web directory. Let’s say this is a basic OS X Server, that would be: cp -R /usr/local/kibana/kibana-3.0.0/* /Library/Server/Web/Data/Sites/Default/ You can then check out your Kibana site at http://localhost or http://localhost/index.html#/dashboard/file/logstash.json for the actual search pages, which is what I’ve bookmarked. Screen Shot 2014-04-10 at 10.37.51 PM For example, to see the impact of periodic scripts in System Logs: Screen Shot 2014-04-12 at 9.07.44 AM  

April 11th, 2014

Posted In: Active Directory, Mac OS X, Mac OS X Server, Microsoft Exchange Server, Network Infrastructure, Ubuntu, Unix, VMware, Windows Server

Tags: , , , , , ,

By default, the Active Directory Powershell management tools are not installed on Windows Servers. Commandlets are instead installed when the Active Directory Domain Controller role is added. However, you can install them even without installing the role. To do so, open Server Manager and go to Add and Remove Roles and Features. Don’t add any Roles, instead skip to add features. Then open Remote Server Administration Tools and then Role Administration Tools. From there expand on AD DS and AD LDS Tools and then highlight the Active Directory Module for Windows PowerShell. ADTools Once enabled, click Next through the end of the wizard. Once the wizard is complete, open Powershell and use the following command: import-module ActiveDirectory Once you’ve imported the Active Directory modules, let’s test it by creating a user with the new-aduser commandlet, as follows (assuming a name of krypted): new-aduser -name krypted

April 5th, 2014

Posted In: Active Directory, Mass Deployment, Microsoft Exchange Server, Network Infrastructure, Windows Server

Tags: , , , ,

Exchange Impersonation Rights allow a user to impersonate the account of another user. To enable impersonation rights use the New-ManagementRoleAssignment command let. To enable Impersonation rights for an account called krypted (samAccountName), use the following commandlet: New-ManagementRoleAssignment –Name:impersonationAssignmentName –Role:ApplicationImpersonation –User: krypted To remove those rights, use the Remove-ManagementRoleAssignment commandlet. Below we’ll run a Get-ManagementRoleAssignment to finds the user krypted with the appropriate role and then pipe that to the Remove-ManagementRoleAssignment commandlet: Get-ManagementRoleAssignment -RoleAssignee "krypted" -Role ApplicationImpersonation -RoleAssigneeType user | Remove-ManagementRoleAssignment

April 4th, 2014

Posted In: Active Directory, Microsoft Exchange Server

Tags: , ,

Here’s a little powershell script to enable mailboxes based on an OU and put their new mailbox into a given database. To customize, change OU=ORGANIZATIONALUNIT,DC=companyname,DC=com to the DN for the OU you are configuring. Also, change DATABASENAME to the name of the information store that you’d like to use for the mailboxes in that OU. Import-module activedirectory $OUusers = Get-ADUser -LDAPfilter ‘(name=*)’ -searchBase {OU=ORGANIZATIONALUNIT,DC=companyname,DC=com} foreach($username in $OUusers) { Enable-Mailbox -Identity $username.SamAccountName -database {DATABASENAME} }

March 21st, 2014

Posted In: Microsoft Exchange Server, Windows Server

Tags: , , , , , ,

On a Mac, I frequently use the tail command to view files as they’re being written to or in use. You can use the Get-EventLog cmdlet to view logs. The Get-EventLog cmdlet has two options I’ll point out in this article. The first is -list and -newest. The first is used to view a list of event logs, along with retention cycles for logs, log sizes, etc. Get-EventLog -list You can then take any of the log types and view information about them. To see System information: Get-EventLog System There will be too much information in many of these cases, so use the -newest option to see just the latest: Get-EventLog system -newest 5 The list will have an Index number and an EventID. The EventID can then be used to research information about each error code. For example, at

February 8th, 2014

Posted In: Microsoft Exchange Server, Windows Server, Windows XP

Tags: , , , , , , , , , , ,

You always want to stop a process gracefully. However, sometimes it’s just not possible to do so. Sometimes, you have to kill a process. Sometimes you have to end a process or a process tree when you can’t restart them gracefully. To stop a process in Linux and Mac, use the kill command. In Windows, there’s a Powershell cmdlet called Stop-Process that enables you to terminate a process. As with kill, just add the process ID at the end of the command. For example, to stop process 318: Stop-Process 318 Or you can stop based on the name of the process using the -processname option. For example, to kill a process called minesweeper: Stop-Process -processname minesweeper Note: You can include wildcards in these commands as well. Be careful what you wish for. The reason you’d kill a process rather than reboot is that you don’t want to reboot because other processes are working out just fine. You can always kill a process, but some will reboot your boxen. Finally, there’s also taskkill.exe, which can be used as well: taskkill.exe /F /IM minesweeper.exe /T

February 6th, 2014

Posted In: Active Directory, Microsoft Exchange Server, Windows Server, Windows XP

Tags: , , , , ,

I’ve written an article on doing this in 2010 but seemed to have skipped 2007, so here goes… The first step in exporting mailboxes is to make sure that the account you’re using to export mailboxes has permissions to do so. In this case, we’ll give the exportadmin account Import and Export options using the New-ManagementRoleAssignment cmdlet in Exchange 2010: New-ManagementRoleAssignment –Role “Mailbox Import Export” –User exportadmin Next, you’ll need a system with Outlook 2010 and the Exchange Management Tools installed. From here, you can export mailboxes into PST files. To do so,  run the Export-Mailbox cmdlet with the -Identity option to include the account name of  a user and the -PSTFolderPath option to include a file location for the pst file. For example, to export user cedge to a folder called N:\exmerges: Export-Mailbox -Identity cedge -PSTFolderPath N:\exmerges\cedge.pst

February 5th, 2014

Posted In: Microsoft Exchange Server

Tags: , , , ,

I’ve written plenty about exporting mailboxes from Exchange. But what if you need to perform a selective import into Outlook? This is helpful for importing mail in date ranges, using an import to search for terms (common with litigation holds) and importing contacts and calendars. To get started, click Open from the File ribbon. Screen Shot 2014-02-03 at 10.51.01 AM When prompted, click on Import/Export. Screen Shot 2014-02-03 at 10.51.11 AM At the Import and Export Wizard screen, click on “Import from another program or file” Screen Shot 2014-02-03 at 10.51.27 AM At the “Import a File” screen, click on “Outlook Data File (pst)” Screen Shot 2014-02-03 at 10.51.41 AM   At the Import Outlook Data File screen, choose the mailbox to import into and then click on the Filter button. Using the filtering options, you can choose to import based on date ranges, using search terms, selecting specific folders or a combination of all of these.

February 4th, 2014

Posted In: Microsoft Exchange Server

Tags: , , , , , , , ,

« Previous PageNext Page »