Category Archives: Windows Server

Active Directory Microsoft Exchange Server Windows Server

Grep, Search, Loops and Basename for Powershell Hotness

Simple request: Search for all files in a directory and the child directories for a specific pattern and then return the filename without the path to the file. There are a few commandlets we end up needing to use:

  • Get-ChildItem: Creates a recursive array of filenames and pipes that output into the For loop.
  • ForEach-Object: Starts a for loop, looping through the output of the command that has been piped into the loop (much easier than an IFS array IMHO).
  • If: This starts the if pattern that ends after the select-string in the below command, but only dumps the $_.PSPath if the pattern is true.
  • Select-String: Searches for the content in the file.
  • Split-Path: This is the Powershell equivalent of basename and dirname. You can use this commandlet to extract parts of the path to a file. In this case, we’ll use the -Leaf option which effectively runs the basename, or just the file name in the path to a file.

Get-ChildItem -include * -recurse | ForEach-Object { if( ( $(Get-Content $_) | select-string -pattern "Finished processing mailbox") ) { $_.PSPath }} | Split-Path -Leaf

You can also search for the files that specifically don’t have that given pattern included in them instead by adding a ! in front of the Get-Content:

Get-ChildItem -include * -recurse | ForEach-Object { if( !( $(Get-Content $_) | select-string -pattern "Finished processing mailbox") ) { $_.PSPath }} | Split-Path -Leaf

Note: This runs recursively from the existing working directory (and yes, you can use pwd to return a path, just like the bash built-in).

Finally, the > operator can then be placed into the end to dump our data to a file:

Get-ChildItem -include * -recurse | ForEach-Object { if( !( $(Get-Content $_) | select-string -pattern "Finished processing mailbox") ) { $_.PSPath }} | Split-Path -Leaf > Complete.txt

 

Mac OS X Ubuntu Windows Server

Shell BUILTINs Available In Powershell

The following are Shell builtins from BSD/Mac that are available in Powershell (note the obvious lack of a builtin command):

  • alias
  • break
  • cd
  • chdir
  • command
  • continue
  • do
  • echo
  • end
  • exit
  • fc
  • for
  • foreach
  • history
  • if
  • kill
  • popd
  • pushd
  • pwd
  • return
  • set
  • switch
  • trap
  • type
  • where
  • while
Active Directory Windows Server Windows XP

Use Syslog on Windows

There are a number of tools available for using Syslog in a Windows environment. I’ll look at Snare as it’s pretty flexible and easy to configure. First download the snare installation executable from http://sourceforge.net/projects/snare. Once downloaded run the installer and simply follow all of the default options, unless you’d like to password protect the admin page, at which point choose that. Note that the admin page is by default only available to localhost.

Once installed, run the “Restore Remote Access to Snare for Windows” script.

Screen Shot 2014-04-10 at 10.56.43 AM

Then open http://127.0.0.1:6161 and click on Network Configuration in the red sidebar. There, we can define the name that will be used in syslog (or leave blank to use the hostname), the port of your syslog server (we used 514 here) and the address of your syslog server (we used logger here but it could be an IP or fqdn).

Screen Shot 2014-04-08 at 10.58.04 AM

 

Once you have the settings you’d like to use, scroll down and save your configuration settings. Then, open Services and restart the Snare service.

Screen Shot 2014-04-08 at 10.56.22 AM

Then run the Disable Remote Access to Snare for Windows option and you’re done. Now, if you’re deploying Snare across a lot of hosts, you might find that scripting the config is faster. You can send the Destination hostname (here listed as meh) and Destination Port (here 514) via regedit commands (Destination and DestPort respectively) and then restart the service.

Screen Shot 2014-04-08 at 10.56.51 AM

I’ll do another article at some point on setting up a logstash server to dump all these logs into. Logstash can also parse the xml so you can search for each attribute in the logs and with elasticsearch/hadoop/Kibana makes for an elegant interface for parsing through these things.

Mac OS X Server Mac Security Microsoft Exchange Server Unix Windows Server

Heartbleed in Comics

Active Directory Mac OS X Mac OS X Server Microsoft Exchange Server Network Infrastructure Ubuntu Unix VMware Windows Server

Stashbox: Turning a Mac Mini Into A Logstash and Kibana Server

You have a lot of boxes. You would like to be able to parse through the logs of all those boxes at the same time, searching for a given timestamp across a set of machines for a specific string (like a filename or a port number). elasticsearch, logstash and kibana are one way to answer that kind of need. This will involve downloading three separate packages (which for this article, we’ll do in /usr/local) and creating a config file.

First, install the latest Java JDK. This is available at jdk8-downloads-2133151.html.

The following is going to download the latest version of logstash and untar the package into /usr/local/logstash (I like nesting that logstash-1.4.0 inside logstash so when the next version comes out I can have it there too, I have plenty of space so keeping a couple versions back helps in the event I need some old binary and can’t get to it ’cause they revved out the version I wrote a script against at some point):

curl -O https://download.elasticsearch.org/logstash/logstash/logstash-1.4.0.tar.gz
mkdir /usr/local/logstash
tar zxvf logstash-1.4.0.tar.gz -C /usr/local/logstash

Once we have log stash, we’ll grab elastic search similarly:

curl -O https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.0.1.tar.gz
mkdir /usr/local/elasticsearch
tar zxvf elasticsearch-1.0.1.tar.gz -C /usr/local/elasticsearch

Then we’ll untar kibana in the same manner:

curl -O https://download.elasticsearch.org/kibana/kibana/kibana-3.0.0.tar.gz
mkdir /usr/local/kibana
tar zxvf kibana-3.0.0.tar.gz -C /usr/local/kibana

Next we’ll make a very simple config file that we call /usr/local/stashbox.conf that listens on port 514 for syslog:

input {
tcp {
port => 514
type => syslog
}
udp {
port => 514
type => syslog
}
}
filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
syslog_pri { }
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}
output {
elasticsearch { host => localhost }
stdout { codec => rubydebug }
}

Next, we’ll enable elastic search:

/usr/local/elasticsearch/elasticsearch-1.0.1/bin/elasticsearch

And finally, in a different window we’ll call logstash with that file as the config file:

/usr/local/logstash/logstash-1.4.0/bin/logstash -f /usr/local/stashbox.conf

Having each of these open in different Terminal windows allows you to see logs in stdout. Next, point a host at your new syslog box. You can use http://krypted.com/windows-server/use-syslog-on-windows for installing Windows clients or http://krypted.com/mac-security/redirect-logs-to-a-syslog-server-in-os-x/ for  a Mac. Once done, let’s get Kibana working. To do so, first edit the config.js.

vi /usr/local/kibana/kibana-3.0.0/config.js

Locate the elastic search setting and put the name of the host running logstash in there (yes, it can be the same as the actual logstash box as long as you install a web server on the logstash box). Then save the changes.

Now move the contents of that kibana-3.0.0 folder into your web directory. Let’s say this is a basic OS X Server, that would be:

cp -R /usr/local/kibana/kibana-3.0.0/* /Library/Server/Web/Data/Sites/Default/

You can then check out your Kibana site at http://localhost or http://localhost/index.html#/dashboard/file/logstash.json for the actual search pages, which is what I’ve bookmarked.

Screen Shot 2014-04-10 at 10.37.51 PM

For example, to see the impact of periodic scripts in System Logs:

Screen Shot 2014-04-12 at 9.07.44 AM

 

Active Directory Windows Server

Hey Active Directory, Can I Trade Some PowerShell For A Phone List?

According to how you’ve been creating accounts, you might be the best friend of the office manager, who calls looking to see if you can generate a quick phone list. Or you might be useless. Either way, you should know how to obtain the data and therefore possibly how to be helpful to others. Or again, you might be a lost cause. Sorry, had to be said before I take over the entire Tri-State area. Anyway, let’s assume that you want to just grab the office phone number and that you’ve entered that into Active Directory. So let’s pull that and print it to the screen:

Get-AdUser -Filter * -Properties OfficePhone | FT OfficePhone,UserPrincipalName

Now that you can dump a list to the screen, let’s pipe the output to CSV instead, so we can open it in Excel:

Get-AdUser -Filter * -Properties OfficePhone | FT OfficePhone,UserPrincipalName | grep Export-CSV c:\phonelist.csv

Active Directory Windows Server

Create a Forest Trusts In Active Directory

Trusts in Active Directory allow objects from one Domain or Forest to access objects in another Domain or Forest and allows administrators. To setup a trust:

  • Login with a user in the Domain Admins group if you are setting up a Domain trust or Enterprise Admins if you are setting up a Forest trust (if you cannot use an account in one of these groups, you can use an account in the Incoming Forest Trust Builders group)
  • Open Administrative Tools
  • Open Active Directory Domains and Trusts
  • Right-click the name of the domain
  • Click Properties
  • Click on the Trust tab
  • Click New Trust
  • Click Next
  • Click on the Trust Name page
  • Type the DNS or NetBIOS name of the forest you are connecting to
  • Click Next.
  • Click on the Trust Type page
  • Click Forest trust
  • Click Next
  • Click on the Direction of Trust page
  • To create a two-way (transitive) forest trust, click Two-way or if you’d only like to share objects one-way, click One-way
  • If One-way, choose the direction of the trust
  • Click continue to complete the wizard

Once completed, click on the Trust tab to view the trust. Then open a group, go to add a member and click on the Location button. At this screen you should see your domain and then below it another that has an icon with three triangles, similar to the Hyrule logo in Zelda. In fact, a lot of Active Directory is similar to Zelda, such as where do I find that sword, where’s the shield, etc. Just without a princess…

Anyway, you can then limit who can access the trust using the Selective authentication options in the Outgoing Trust Properties page if needed.

Active Directory Mass Deployment Windows Server Windows XP

Change Active Directory Forest Mode With A Script

Changing the Forest Mode in Active Directory can be scripted. I find this useful when regression testing such tasks in a sandbox (e.g. restore image, automate login, change mode, run tests, etc). The script is very simple. First, you’ll import he ActiveDirectory modules:

Import-Module -Name ActiveDirectory

Then you’ll check for the mode prior to running:

Get-ADForest | Format-Table ForestMode

Then you’ll change the forest and domain modes (one per line):

Set-ADForestMode –Identity “krypted.com” –ForestMode Windows2008Forest
Set-ADDomainMode –Identity “krypted.com” –DomainMode Windows2008Domain

Then you’ll report the result:

Get-ADForest | Format-Table Name , ForestMode

The end result could be as simple as three lines if just testing:

Import-Module -Name ActiveDirectory
Set-ADForestMode –Identity “krypted.com” –ForestMode Windows2008Forest
Set-ADDomainMode –Identity “krypted.com” –DomainMode Windows2008Domain

Mac OS X VMware Windows Server Windows XP

Create A Server 2012 VM In VMware Fusion

Our friends at VMware continue to outdo themselves. The latest release of Fusion works so well with Windows Server 2013 that even I can’t screw it up. To create a virtual machine, simply open VMware Fusion and click New from the File menu.

Screen Shot 2014-04-06 at 3.43.26 PM
Click “Choose a disc or disc image.”

Screen Shot 2014-04-06 at 3.43.58 PM

Select your iso for Server 2012 and click on Open (if you have actual optical media it should have skipped this step and automatically sensed your installation media). Click Continue back at the New Virtual Machine Assistant screen.

Screen Shot 2014-04-06 at 3.45.26 PM

Click Continue when the Assistant properly shows the operating system and version.

Screen Shot 2014-04-06 at 3.50.07 PM

Enter a username, password and serial number for Windows Server if you want Fusion to create these things automatically and just complete an installation. If not, uncheck Easy Install (but seriously, who doesn’t like easy). Also, choose the version of Windows Server (note that there’s no GUI with the Core options). Click Continue.

Screen Shot 2014-04-06 at 3.50.55 PM

At the Finish screen, you can click Customize Settings if you would like to give the new virtual machine more memory or disk. Otherwise, just click Finish.

Screen Shot 2014-04-06 at 3.52.00 PM

When prompted, choose where the new virtual machine will live and click Save. The VM then boots into the Setup is starting screen. You will be prompted for a Core vs. a GUI install (I know, you picked that earlier). I choose a GUI, then click Next.

Screen Shot 2014-04-06 at 3.53.28 PM

When the setup is complete, login, run Software Update and you’re done!

Active Directory Mass Deployment Microsoft Exchange Server Network Infrastructure Windows Server

Use Active Directory Commandlets On Computers That Aren’t Domain Controllers

By default, the Active Directory Powershell management tools are not installed on Windows Servers. Commandlets are instead installed when the Active Directory Domain Controller role is added. However, you can install them even without installing the role. To do so, open Server Manager and go to Add and Remove Roles and Features. Don’t add any Roles, instead skip to add features. Then open Remote Server Administration Tools and then Role Administration Tools. From there expand on AD DS and AD LDS Tools and then highlight the Active Directory Module for Windows PowerShell.

ADTools

Once enabled, click Next through the end of the wizard. Once the wizard is complete, open Powershell and use the following command:

import-module ActiveDirectory

Once you’ve imported the Active Directory modules, let’s test it by creating a user with the new-aduser commandlet, as follows (assuming a name of krypted):

new-aduser -name krypted