Friday, May 30, 2014

Smartronix Super Looper...

http://www.smartronixstore.com/index.cfm?fuseaction=product.display&Product_ID=2&CFID=1750463&CFTOKEN=37674723



I bought a pair of these about 7 years ago now.. best damn thing ever!  It has come in handy so many times it's not funny.  Just a little FYI ;)

Thursday, May 29, 2014

Checking Sendmail on AIX via Telnet

Having an issue today with an AIX box not being able to send SMTP msg's, even after being added to the Anonymous Receive Connector in Exchange 2010.  Apparently the error below is due to Sendmail  doing a PTR check on the host that's performing the telnet'ing, for some reason my workstation is having an issue.


Except in checking the Reverse Lookup Zone for my domain name, my host has the correct name and IP.  Had a tech in a different site try the same thing, 






And come to find out I cannot test the Oracle package 'utl-smtp' like this since it's version of SendMail doesn't work like the regular one. I did wind up having to re-evaluate our Receive Connectors and come to find out there were some overlapping coverages with regards to Anonymous Users.  After getting all that cleared up, then getting the DBS to verify both servers were using fully qualified addresses as the Mail From:, notifications from Oracle began flowing correctly.

Wednesday, May 28, 2014

Determining available white space in Exchange databases..

Get-MailboxDatabase -status | Select ServerName, Name, AvailableNewMailboxSpace

In my case here my results here:


Looks like I need to examine the maintenance status of a couple DB's...

Tuesday, May 27, 2014

Outlook re-prompting for credentials.. over and over and over

I've got a user running Win 7, Outlook 2010 and has been humming along for the past couple of years now without a hitch.  he needed access to a secondary mailbox, so I give him -AccessRights FullAccess and -AutoMapping $false.

Except now his outlook continuously prompts for credentials to the secondary mailbox, and randomly his own.  He gets confused after a dozen or so prompts then winds up locking himself out.

So night I will try moving his mailbox to the MS server and back here to see if the move will repair any funkiness with his account.

*EDIT* I should mention that I removed and recreated his profile a few times, changed the AutoMapping to $true, changing the permissions on the secondary mailbox a few times.  nothing else has helped.

*EDIT EDIT* So the issue might be fixed now... I removed his permissions to the secondary mailbox, recreated his outlook profile.  Re-added the FullAccess permissions but made sure that AutoMapping was set to $false.  Then actually added the secondary mailbox as an Additional Mailbox in his profile.  It opened up and did not prompt for credentials so.. *FingersCrossed*

Wednesday, May 21, 2014

Speckles!

Our Barred Rock hen I like to think I saved from a place down the road who had her and a bunch others crammed into a rather small enclosure.  She's awesome and by far the best hen we have.

Tuesday, May 20, 2014

Scripts from Expert Exchange

Guy asked for help creating a powershell script to provide the following:

hello, can someone provide a powershell or quest AD Cmdlets script we can run that will update a security group based on the following attributes:

Custom Attribute 13 = 311,387,383 or 335    and Custom attribute 7 does not eq "Employee"

goal is the script would run against a specific AD container recursively, and look for all accounts that match this criteria and add to a group.


I was able to create a script that worked on my environment:


[code]

$users = Get-ADUser -SearchBase "ou=IT Staff,ou=IT,ou=Employees,ou=People,dc=difc,dc=root01,dc=org" -LdapFilter '(extensionattribute1=employee)' 
foreach ($user in $users) {
Add-ADGroupMember -Identity "it_test" -Members $users

[/code]

But his attributes names ha spaces so I do not know if my script would help much.. what I determined was this:

[code]

$user = Get-ADUser -SearchBase "ou=IT Staff,ou=IT,ou=Employees,ou=People,dc=difc,dc=root01,dc=org" -filter { (custom attribute 13 -like "311") -and (custom attribute 13 -like "387") -and (custom attribute 13 -like "383") -and (custom attribute 13 -like "335") 
-and (custom attribute 7 -notlike "Employee")
foreach ($user in $users) {
Add-ADGroupMember -Identity "group" -Members $users
}

$users = Get-ADUser -SearchBase "ou=IT Staff,ou=IT,ou=Employees,ou=People,dc=difc,dc=root01,dc=org" -Filter {(extensionattribute13 -eq 311) -Or (extensionattribute13 -eq 387) -Or (extensionattribute13 -eq 383) -and (extensionattribute7 -notlike "employee")}
foreach ($user in $users) {
Add-ADGroupMember -Identity "it_test" -Members $users
}
[/code]

Updated code script above.. this one worked for me.  Pulled the test users and placed then into the test security group.

Setting Out of Office in Exchange 2010 on disabled users..

Does work, I just tested it.  Domain user account was disabled, mailbox was not being forwarded.  I gave myself full access rights, enabled and added an OOO message and viola! OOO received.

Trumpf Trumatic, running Win NT 4.0, networking issue.

Today I had a networking issue with a Trumpf laser here at work.. It had lost network connection over night.  So using my trusty Fluke MicroScanner Pro I was able to determine a pair shorted in the cable drop.  Tracing the run back to the switch and using the wire mapping adapter I then discovered that in fact the wire was testing good now.  Swapped switch ports (out of habit), went back to the Trumpf's controls, rebooted the machine and when it came up the drive mapping still failed.  I tried vain fully to exit the Trumpfs gui and gain access to the desktop which failed.  I then logged off, which actually made the machine reboot again and to my surprise the drive mapped successfully this time.
Not sure what happened but I plan on finding a way into their software to be able to perform some more in depth troubleshooting functions in the future.

Spoke with a tech at Trumpf and was told that on these older models the underlying OS is made by Bosch and to access it you hit

Focus
Menu
2426

Then pick Service.

Monday, May 19, 2014

The message was rejected by a rule set at the organization level.

I've been plagued by this problem for a couple weeks now.  Random users having inbound emails 'blocked' but for no reason.  Event logs are empty on this and Google was severely lacking...  I've got two open topics on Expert Exchange about this.  Raised diagnostic logging but no hits yet :(

This years newest feathered additions.


Fog Project...

Last week I setup a simple FOG server http://www.fogproject.org/ and so far I like it.  Documentation is a little lacking but if I can figure it out most should have no problems.


Disabling a user via Powershell

Here's my best script ever created.  It not only disables a users domain account, but it changes the Description field to include "TERM $(Get-Date)", it also moves the account to a Disabled users OU, clears the manager field, changes the password to one that is common across IT and hides the associated SMTP address from the GAL.

#Script to disable domain user accounts, move to Disabled OU, change password to P@$$word1 and hide from GAL.
#Oct, 2013 Ben Hart

set-executionpolicy unrestricted -force
Import-Module -Name ActiveDirectory
$User = Read-Host "Enter user name"

#Hide from GAL and set Description
"Account is hidden"
Set-ADUser $User -Description "TERM $(Get-Date)"
Set-ADUser $User -Replace @{msExchHideFromAddressLists="TRUE"}

#Disable the account
"Account is disabled"
Disable-ADAccount $User

#Clear Manager field
Set-aduser $User -manager $null

#Move the account
"Account is moved to the appropriate OU"
Get-ADUser $User | Move-ADObject -TargetPath "ou=disabled accounts,dc=domain,dc=org"
"Account is disabled and moved"
Set-ADAccountPassword -identity $User -newpassword (ConvertTo-secureString "P@$$word1" -force) -Reset 
"Have a nice day"

Active Directory - Random Script 3

Powershell script use to set the security permissions on a set of User folders on a network file share

$domainname = "domain"

dir \\ServerName\Users\ | ?{$_.psiscontainer} | %{
    $dir = $_
    $dir | Get-Acl | %{
        $acl = $_
        if(!$acl.areaccessrulesprotected){
            $acl.setaccessruleprotection($true,$true)
            Set-Acl -Path $acl.path -AclObject $acl
        } 
        $entry =@()       
        $user = "$domainname\$($dir.name)"    
        $entry += New-Object System.Security.AccessControl.FileSystemAccessRule(
    "BUILTIN\Administrators",
 "FullControl",
    "ContainerInherit,ObjectInherit",
 "None",
 "Allow"
        )      
        $entry += New-Object System.Security.AccessControl.FileSystemAccessRule(
    "$domainname\Domain Admins",
 "FullControl",
    "ContainerInherit,ObjectInherit",
 "None",
 "Allow"
        )      
        $entry += New-Object System.Security.AccessControl.FileSystemAccessRule(
    "$domainname\Backup Exec",
 "FullControl",
 "ContainerInherit,ObjectInherit",
 "None",
 "Allow"
        )      
        $entry += New-Object System.Security.AccessControl.FileSystemAccessRule(
    "NT AUTHORITY\SYSTEM",
 "FullControl",
 "ContainerInherit,ObjectInherit",
 "None",
 "Allow"
        )      
        $entry += New-Object System.Security.AccessControl.FileSystemAccessRule(
    "$domainname\$($dir.name)",
 "FullControl",
"ContainerInherit,ObjectInherit",
 "None",
 "Allow"
        )      
        $acl.access | %{$acl.RemoveAccessRuleSpecific($_)}
        $entry | %{$acl.AddAccessRule($_)}
    }
    set-acl -Path $acl.path -AclObject $acl
}

Active Directory - Random Script 2

Powershell script using Quest AD Plugins, adding a user to a specific security or distribution group.

# script to modify membership of AD groups
# Powershell script to change a users domain password, requires ps snapin from
# http://www.quest.com/activeroles-server/arms.aspx
# then register the snapin with Register the snap-in. (Key point)
# add-PSSnapin quest.activeroles.admanagement
# bhart

$domainstr = ",dc=domain1,dc=org"
$domainnb = "domain"             ## domain netbios name
$domain = "FQDN"
$ou = "ou=People, dc=domain,dc=org"

$pw = Read-Host "Please enter domain admin password"
connect-QADService -service 'localhost' -proxy -ConnectionAccount 'difc\administrator' -ConnectionPassword $pw

$groupname = Read-Host "Please enter group name or partial"
$username = Read-Host "Please enter username to add"

Get-QADGroup $groupname 

$groupname2 =Read-Host "Please enter the full group name"

Add-QADGroupMember $groupname2 -Member $username

Active Directory - Random Script 1

powershell script to poll and display computer accounts older than 60 days since last dc contact.

# Calculate the UTC time 60 days ago, in FileTime (Integer) format and convert it to a string
$LLTSlimit = (Get-Date).AddDays(-60).ToFileTimeUTC().ToString()
# Create the LDAP filter for the AD query
# Searching for enabled computer accounts which have lastLogonTimestamp older than 60 days
$LDAPFilter = "(&(objectCategory=Computer)(lastlogontimestamp<=$LLTSlimit) (!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
# Create an ADSI Searcher to query AD
$Searcher = new-object DirectoryServices.DirectorySearcher([ADSI]"")
$Searcher.filter = $LDAPFilter
# Execute the query
$Accounts = $Searcher.FindAll()
# Process the results
If ($Accounts.Count –gt 0) {
# Create an array to store all the results
$Results = @()

# Loop through each account

ForEach ($Account in $Accounts) {

# Create an object to store this account in
$Result = "" | Select-Object Name,ADSPath,lastLogonTimestamp
# Add the name to the object as a string
$Result.Name = [String]$Account.Properties.name
# Add the ADSPath to the object as a string
$Result.ADSPath = [String]$Account.Properties.adspath
# Add the lastLogonTimestamp to the object as a readable date
$Result.lastLogonTimestamp = `

[DateTime]::FromFileTime([Int64]::Parse($Account.Properties.lastlogontimestamp))

# Add this object to our array

$Results = $Results + $Result
}
}

# Output the results
$Results | Format-Table -autosize
# Extending this script to disable the discovered accounts is as easy as adding this code snippet to the end:
# Disable each account
#ForEach ($Result in $Results) {
#$ADSIAccount = [ADSI]$Result.ADSPath
#$ADSIAccount.PSBase.InvokeSet("AccountDisabled", "True")
#$ADSIAccount.SetInfo()
#}

Exchange 2010 - Random Scripts 5

Powershell script to pull Calendar permissions

#script to 'get' Calendar permissions
$username = Read-Host "Please enter the username"


$username | ForEach-Object {
Get-MailboxFolderPermission -Identity $_":\Calendar"

Exchange 2010 - Random Scripts 4

Powershell script to pull and display Database sizes with results sorted by size, greatest to least.



##Script to return mailbox database name and size in GB
Get-MailboxDatabase | foreach-object {add-member -inputobject $_ -membertype noteproperty -name mailboxdbsizeinGB -value ([math]::Round(([int64](get-wmiobject cim_datafile -computername $_.server -filter ('name=''' + $_.edbfilepath.pathname.replace("\","\\") + '''')).filesize / 1GB),2)) -passthru} | Sort-Object mailboxdbsizeinGB -Descending | format-table identity,mailboxdbsizeinGB

Exchange 2010 - Random Scripts 3

Powershell script to export only the Contacts from within a mailbox.




$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://FullyQualifideServerName/Powershell -Authentication Kerberos
$title = "Export User Mailbox folder only"
Write-Host "Path PST saved to is \\DestinationFileShare\$username.pst"

$username = Read-Host "Enter username to be exported"

New-MailboxExportRequest -Mailbox $username -IncludeFolders "#Contacts#" -FilePath "\\PathToExportPSTTo\$username.pst" 

Exchange 2010 - Random Scripts 2

Powershell script to export a mailbox to .pst

##Script to export a mailbox to pst

$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://FullyQualifideServerName/Powershell -Authentication Kerberos
$title = "Export User Mailbox folder only"
Write-Host "Path PST saved to is \\DestinationFileShare\$username.pst"

$username = Read-Host "Enter username to be exported"

New-MailboxExportRequest -Mailbox $username -FilePath "\\PathToExportPSTTo\$username.pst" 

Exchange 2010 - Random Scripts 1

Exchange 2010 - powershell scripts.

The next few posts are going to contain ps scripts I have created supporting Exchange 2010 over the past 4 years.



# script to alter the value of "employeeID" since empID is not regularly returned from get/set-qaduser
# you have to tell the command to look for it as an includedproperty, then an objectattribute.
# requires ps snapin from
# http://www.quest.com/activeroles-server/arms.aspx
# then register the snapin with Register the snap-in. (Key point)
# add-PSSnapin quest.activeroles.admanagement
# bhart
get-qaduser -searchroot "ou=orgunit,dc=domain,dc=org" -includedproperties "employeeID" |
set-qaduser -objectattributes @{"employeeID"="value to be changed"} |
get-qaduser -includedproperties "employeeID" |
select name,employeeID #this displays the results in a table by name and the value of employeeID





Script's here come with no support, but feel free to use my code or bits of it in your own scripts.
Setup a pair of Zenoss servers last month, Found an awesome resource for the community version with Hydruid

Exchange 2010 - Exporting a list of primary SMTP addresses to CSV

Within EMC copy/paste:

Get-Mailbox -ResultSize Unlimited |Select-Object DisplayName,ServerName,PrimarySmtpAddress, @{Name=“EmailAddresses”;Expression={$_.EmailAddresses |Where-Object {$_.PrefixString -ceq “smtp”} | ForEach-Object {$_.SmtpAddress}}} | Export-CSV c:\smtp.csv -NoTypeInformation

Thanks to Matt's Blog http://blog.mattsampson.net/index.php/export-list-all-your-exchange?blog=1