krypted.com

Tiny Deathstars of Foulness

Here’s a little powershell script to enable mailboxes based on an OU and put their new mailbox into a given database. To customize, change OU=ORGANIZATIONALUNIT,DC=companyname,DC=com to the DN for the OU you are configuring. Also, change DATABASENAME to the name of the information store that you’d like to use for the mailboxes in that OU.

Import-module activedirectory

$OUusers = Get-ADUser -LDAPfilter ‘(name=*)’ -searchBase {OU=ORGANIZATIONALUNIT,DC=companyname,DC=com}
foreach($username in $OUusers)
{
Enable-Mailbox -Identity $username.SamAccountName -database {DATABASENAME}
}

March 21st, 2014

Posted In: Microsoft Exchange Server, Windows Server

Tags: , , , , , ,

Need to export mailboxes from Exchange? Hate using exmerge to do so. Gone are the days of exmerge. Well, not entirely. But welcome to the days of New-MailboxExportRequest. Much longer and cooler command than exmerge ever thought about being.

C:\>New-MailboxExportRequest -Mailbox cedge -FilePath \\kryptedexchange.krypted.com\pst\cedge.pst

You then receive confirmation that the export has been queued:

Name Mailbox Status
---- ------- ------
MailboxExport krypted.com/Users/cedge... Queued

To view the status, swap New with Get (Get-MailboxExportRequest):

Get-MailboxExportRequest

The output is as follows:

Name Mailbox Status
---- ------- ------
MailboxExport krypted.com/Users/cedge... InProgress

To get even more info, use the -Name option with Get-MailboxExportRequest, identifying the actual process name.

Get-MailboxExportRequest -Name MailboxExport | fl

The output is as follows:

RunspaceId : xxxxxxx-aaaa-bbbb-cccc-zzzzzzzzz
FilePath : \\kryptedexchange.krypted.com\pst\cedge.pst
SourceDatabase : MB-HO-01
Mailbox : krypted.com/Company/Users/krypted
Name : MailboxExport
RequestGuid : aaaaaaaa-bbbb-cccc-dddd-000000000000
RequestQueue : AA-BB-02
Flags : IntraOrg, Push
BatchName :
Status : InProgress
Protect : False
Suspend : False
Direction : Push
RequestStyle : IntraOrg
OrganizationId :
Identity : krypted.com/Users/cedge\MailboxExport
IsValid : True

To check the progress of all mailbox export requests, pipe Get-MailboxExportRequest into Get-MailboxExportRequestStatistics:

C:\>Get-MailboxExportRequest | Get-MailboxExportRequestStatistics

The output shows the completion percentage of each process Name:

Name Status SourceAlias PercentComplete
---- ------ ----------- ---------------
MailboxExport InProgress cedge 20

To clear completed requests:

C:\>Get-MailboxExportRequest | where {$_.status -eq "Completed"} | Remove-MailboxExportRequest

October 31st, 2013

Posted In: Microsoft Exchange Server, Windows Server

Tags: , , , , , , , , , ,

There are some commands where you just have to wonder why. Sure, I see what this command does, but why bother? Well, I’m not going to say that xsanadmin is one of those commands, but I’m not going to say that it isn’t. At first glance, you might think that the list, stop, start and other verbs look promising. Like maybe you can actually administer a volume from a much simpler to use command line interface. However, if you want a quick and dirty of what xsanadmin does, look no further than just running the command without any verbs or operators:

xsanadmin

The result is help information from the serveradmin command:

Usage: serveradmin [-dhvx] [list | start | stop | status | fullstatus | settings | command] [<service_key> [ = <value> ]]
-h, --help display this message
-v, --version display version info
-d, --debug print command
-x, --xml print output as XML plist
Examples:
serveradmin list
--Lists all services
serveradmin start afp
--Starts afp server
serveradmin stop ftp
--Stops ftp server
serveradmin status web
--Returns current status of the web server
serveradmin fullstatus web
--Returns more complete status of the web server
serveradmin settings afp
--Returns all afp configuration parameters
serveradmin settings afp:guestAccess
--Returns afp guestAccess attribute
serveradmin settings afp:guestAccess = yes
--Sets afp guestAccess to true
serveradmin settings
--Takes settings commands like above from stdin
serveradmin command afp:command = getConnectedUsers
--Used to perform service specific commands
serveradmin command
--Takes stdin to define generic command that requires other parameters

Why’s that? Because all the command is doing is piping information to and from the serveradmin command, thus the verbs are basically the same: list, status, fullstatus, etc. To see which services, let’s pipe settings for all to a file:

xsanadmin settings all > xsanadminsettings.txt

Here, you’ll notice that you have settings for the xsan/san service, file sharing and info. That’s it. You may be asking yourself, “why did you write this article then?” My answer would be that I’m not really sure. Mostly because I wasted my time trying to see if I could do cool stuff with this command and it turns out I can’t…

October 11th, 2013

Posted In: Mac OS X, Mac OS X Server, Xsan

Tags: , , , , , , , ,

Hold down the Option key when you click on the AirPort icon in the menu bar:

You can then see the SSID, channel, security, RSSI, transmit rate, etc. The airport command is now located at /System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport so this would be similar to:

/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport -I

July 23rd, 2012

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , ,

I’ve done a few articles in the past on different tasks in svn and git, but I have a little cheat sheet of sorts I’ve been using for awhile for Subversion on Mac OS X and thought I would share it. Before you get started, check your version. I use 2.0 but I seem to remember all of these are about the same as they were previously:

svn --version

To get started, Subversion uses a repository to store projects. Each client needs a repository and these should be on direct attached drives. The repository hosts a Berkeley database a folder per project you check out, or import. To create a repository in a folder called Repository that lives in your home folder, you can use the following command, which uses the svnadmin command (svnadmin is used for most admin tasks in Subversion and the svn command itself is used for most user operations) and then the create verb, followed by a path:

svnadmin create ~/Repository

Note: These commands are mostly the same in Windows, except you use a drive letter rather than a fully qualified path. They are identical in Linux.

Within the Repository directory, each project will have a folder. Within these, you would then create folders for branches, tags and trunk, where trunk is the directories and files you will be working with. Then, we’ll import our first project. To do so we’re going to use the svn command, along with the import verb and then in the second position, we’ll use project to define the type of import. Next, we’ll define the location. The location could be http:// or file:///. In this case we’ll use an existing, mounted AFP file system at /Volumes/myserver/sharedrepo/projectname. Next, we’ll just put a message in there using the -m option, indicating “Initial Import”:

svn import project file:///Volumes/myserver/sharedrepo/projectname -m "First Import"

That wasn’t so bad. To see a list of the projects stored in a repository, use the svn command along with the list verb. When I do this, I like to use the –verbose option (optional, thus an option). YOu would also provide the path to the repository:

svn list --verbose file:///Users/cedge/Repository

To update the repository:

svn update

We now have a local copy of the project we imported earlier (creatively called projectname) and can work on it. Before we start working on it though, we want to check it out. To do so, we’ll use the svn command, along with the checkout verb. We’ll then provide the path to the project and name of the project:

svn checkout file:///Users/cedge/Repository/projectname/trunk projectname

When you’re done working on things, let’s look at what’s changed using svn’s status verb (btw, a writing point, by making svn possessive there, did I give it a personality? If so, then it’s certainly cranky at times so I suppose that’s fine):

svn status

You’ll invariably want to add things to a project, which uses the oddly named add verb (bad grammar pun, sry):

svn add filename

Removing files is a similar process:

svn delete filename

Adding, deleting and changes all need to be committed once you’re done working on the project. To commit changes, use the commit verb. Here, we’re going to provide a message explaining what we did (Added a method for handling invalid file names and bad grammar puns) and then the path:

svn commit -m "Added a method for handling invalid file names and bad grammar puns" file:///Users/cedge/Repository/projectname/trunk

I didn’t include tagging, getting releases (list verb), using preshared keys (ssh-keygen, ssh-copy-id, ssh-agent, ssh-add), resolving conflicts (resolved verb), so feel free to add comments with your examples if others read this and would like to add more!

March 12th, 2011

Posted In: Mac OS X, Unix, Windows XP

Tags: , , , , , , , , , , , , ,

Using the firewall in Ubuntu can be as easy or as hard as you want to make it. BSD variants all basically use the ipfw command whereas most of the rest of the *nix world will use netfilter. Netfilter has a number of front ends; the one that comes pre-installed in Ubuntu is ufw, short for ‘uncomplicated firewall’. Ufw is good for basic port management: allow and deny type of stuff. It’s not going to have the divert or throttling options. So let’s look at some basic incantations of ufw (you need to have elevated privileges to do all of this btw).

Initial Configuration

First you need to enable ufw, which is done using the ufw command (no need to apt-get this to install it or build it from source) followed by the enable option:

ufw enable

You can also use the disable option to turn the firewall back off:

ufw disable

And to see rules and the status of the firewall, use the status option:

ufw status

The ufw Configuration File

The ufw configuration file is /etc/default/ufw. Here, you can manage some basic options of ufw. These include:

  • IPV6 – Set to YES to enable
  • DEFAULT_INPUT_POLICY – Policy for how to handle incoming traffic not otherwise defined by a rule. Defaults at DROP but can be changed to ACCEPT or REJECT
  • DEFAULT_OUTPUT_POLICY – Same as above but for handling outgoing traffic not otherwise defined by a rule.
  • DEFAULT_FORWARD_POLICY – Same as above but for forwarding packets (routing).
  • DEFAULT_APPLICATION_POLICY – I’d just leave this as the default, SKIP.
  • MANAGE_BUILTINS – when set to yes, allows ufw to manage default iptables chains as well.
  • IPT_MODULES – An array of iptables modules that can be added

To restart ufw after you make changes to the configuration file, use the services command:

service ufw reload

Or:

service ufw restart

Creating Rules

The first thing most people will want to do is enable a port. And of the ports, 22 is going to be pretty common, since without it you can’t ssh back into the box. For this, you’ll use the allow option followed by the name of the service (application profile):

ufw allow ssh

You can use numbers instead (since ufw isn’t going to know every possible combination and you might be running some on custom ports):

ufw allow 22

You can also deny traffic using the same structure, just swapping allow with deny:

ufw deny http

Beyond a basic allow and deny, you can also specify what IP addresses are able to access each port. This is done using ufw followed by the proto option, which is the followed by the actual protocol (tcp vs udp, etc) which is then followed by the from option and then the source then the to option then the IP to accept traffic (or the any option for all IPs on your box) and finally the port option followed by the actual port. Sounds like a lot until you see it in action. Let’s say you actually want to allow traffic for port 10000 but only from 192.168.210.2. In that case, your rule would be:

ufw allow proto tcp from 192.168.210.2 to any port 10000

Or if you only wanted 10000 to be accessible on one IP of your system (theoretically you have two in this scenario) that has an address of 192.168.210.254:

ufw allow proto tcp from 192.168.210.2 to 192.168.210.254 port 10000

Using ufw

Once you have your rules configured, you are invariably going to have to troubleshoot issues with the service. Obviously, start with log review to perform a hypothesis of what the problem is. To enable logging use the logging option and specify the on parameter for it:

ufw logging on

Once enabled I usually like to view both /var/log/messages and /var/log/syslog for entries:

cat /var/log/syslog | grep UFW ; cat /var/log/messages | grep UFW

One of the best troubleshooting tools to prove any hypothesis that has to do with a rule is to simply delete the rule. To delete the deny http rule that we made earlier, just use the ufw command along with the delete option specifying the deny 22 rule as the rule to remove:

ufw delete deny http

Additionally, just disabling ufw will usually tell you definitively whether you are looking at a problem with a rule, allowing you to later look into disabling each rule until you find the offending rule.

iptables

Ubuntu also comes with iptables by default. iptables is the ipchains replacement introduced a number of years ago and is much more complicated and therefore flexible than ufw, although using one does not mean you cannot use the other. To get started, let’s look at the rules:

iptables -L

You will then see all of the rules on your host. If you have been enabling rules with ufw these will be listed here. You can then configure practically anything for how each chain (a chain is a series of rules for handling packets) functions. You can still do basic tasks, such as enabling ssh, but iptables will need much more information about what specifically you are trying to do. For example, to accept incoming traffic you would need to define that the chain will add an input (by appending it to the chain using -A INPUT) for tcp packets (-p tcp) on port 22 (–dport ssh) and accepting those packets (-j ACCEPT):

iptables -A INPUT -p tcp –dport ssh -j ACCEPT

That is about as simple as iptables get. I’ll try and write up more on dealing with it later but for now you should have enough information to get a little wacky with some basic firewall functionality on Linux. Enjoy.

November 24th, 2010

Posted In: Ubuntu, Unix

Tags: , , , , , , , , , ,