Thursday 18 December 2014

Append Description Active Directory VB Script

This is a script to prepend a string to the start of the description to users in active directory. In this case it adds "Nil Usage - " to the start of the description field of the user account details in active directory.

Set OU = GetObject(LDAP://DNSHOSTNAMEOFDC/OU=Test,DC=TESTDOMAIN,DC=co,DC=uk)
For Each oUser In OU
If oUser.Class = "user" Then
oUser.Put "description", "Nil Usage - " & oUser.Description
oUser.SetInfo
End If
Next
Wscript.echo "Test OU has been updated!"
Wscript.Quit

Friday 5 December 2014

Find SMTP Addresses in Active Directory

When creating a new mailbox you may come across the message "this email address already exists in this organisation". This can be common when you have lot of shared mailboxes and it can be difficult to find which account has a particular email address assigned to it, and there is not an easy built in search to achieve this.
Open an active directory search, in the find drop down box choose custom search, and then the advanced tab. Type in the following query:

proxyaddresses=smtp:emailaddress@domain.com

The wildcard can also be used if you don't know the whole address e.g. proxyaddresses=smtp:bob* will search for all smtp addresses beginning with bob.

Monday 10 November 2014

Limit User Logins Script For Microsoft Server 2008 - 2012 R2

As the limit login program is only supported on Server 2003, when we upgraded our domain controllers to server 2012 I needed to find a different solution to limit user logins. After some research I came across this script which works well. Create two vbs files from the code below, and add to the logon and logoff script settings in group policy. It creates a text file for each user in the server share folder specified, just edit the highlighted server share path in the logon script, and that should be it!

Logon Script

'== Limit User Logins
'== Written by: James Gzowski (2010)
'== Logon Script
'== This script consists of two parts, Logon.vbs & Logoff.vbs
'== The script is designed to prevent multiple logons on a network from different workstations
'== This will not work for Terminal Servers where each user will login on the same server.
'== Users NEED to logoff through the proper process otherwise the script will still assume they are logged in.
'== If this happens, then the next user to log into their workstation will clear their session
'Set Objects
Set oShell = CreateObject( "WScript.Shell" )
Set objFSO = CreateObject("Scripting.FileSystemObject")
SET WshShell = createObject("WScript.shell")
Const intForReading = 1
Const intForWriting = 2
Const intForAppending = 8
ServerShare = "\\server\path" 'Requires Users Full Read/Write Access
OldSession = ""
CurrentWorkstation = ""
'Get Username & Workstation
UserID=oShell.ExpandEnvironmentStrings("%UserName%")
WorkstationID=oShell.ExpandEnvironmentStrings("%ComputerName%")

'Check whether user is allowed to logon more than once, if so set to true
SET checkShell = createObject("WScript.shell")
Dim oFSO, oTS, AllowedUser, Allowed
Set oFSO = CreateObject("Scripting.FileSystemObject")
Set oTS = oFSO.OpenTextFile(ServerShare & "allowedusers.txt")
Allowed = "FALSE"
Do Until oTS.AtEndOfStream

 'get next username
Suser = oTS.ReadLine

if UserID = Suser then Allowed = "TRUE"
Loop
'close the text file
'wshShell.Popup "User Allowed " & Allowed
'SET WshShell = Nothing
oTS.Close

SELECT CASE Allowed
CASE "FALSE"
'Check Whether Workstation Has Old Login Session and clear
If objFSO.FileExists( ServerShare & WorkstationID & ".txt") Then
 Set objFile = objFSO.OpenTextFile(ServerShare & WorkstationID & ".txt", intForReading, False)
 Oldsession = objFile.ReadLine
 objFile.Close
  If objFSO.FileExists( Servershare & Oldsession & ".txt" ) Then
   objFSO.DeleteFile(ServerShare & Oldsession & ".txt")
  End if
End if

'Check If Users Logged In
If objFSO.FileExists ( ServerShare & UserID & ".txt") then
 Set objFile = objFSO.OpenTextFile(ServerShare & UserID & ".txt", intForReading, False)
 CurrentWorkstation = objFile.ReadLine
 objFile.Close

 'Report Failed Login To LoginsDenied.log
 If objFSO.FileExists (ServerShare & "LoginsDenied.log") then
  SET ObjFile = objFSO.OpenTextFile(ServerShare & "LoginsDenied.log", intForAppending, True)
  ObjFile.Writeline ("Date: " & Date & ", Time: " & Time & ", Workstation: " & WorkstationID & ", Username: " & UserID)
 else
  Set objFile = objFSO.CreateTextFile(ServerShare & "LoginsDenied.log")
  ObjFile.Writeline ("Date: " & Date & ", Time: " & Time & ", Workstation: " & WorkstationID & ", Username: " & UserID)
 End If
 ObjFile.Close
 'Shutdown Process'
 shutdown = "shutdown /l"
 WshShell.Popup _
 "You are already logged onto: " & CurrentWorkstation &  "." & vbcrlf & _
 "If this is not you please contact the IT Department." & vbcrlf & vbcrlf & _
     "This event has been logged to track possible account misuse." & vbcrlf & vbcrlf & _
    "You will now be logged off",20,"Multiple User Login Detected: " & UserID,16
 WshShell.Run(shutdown)
 SET WshShell = Nothing

Else
 'Create Text Files
 Set objFile = objFSO.CreateTextFile(ServerShare & WorkstationID & ".txt")
 ObjFile.Write(UserID)
 ObjFile.Close
 Set objFile = objFSO.CreateTextFile(ServerShare & UserID & ".txt")
 ObjFile.Write(WorkstationID)
 ObjFile.Close
 'Report Accepted Login To LoginsAllowed.log
 If objFSO.FileExists (ServerShare & "LoginsAllowed.log") then
  SET ObjFile = objFSO.OpenTextFile(ServerShare & "LoginsAllowed.log", 8, True)
  ObjFile.Writeline ("Logged On - Date: " & Date & ", Time: " & Time & ", Workstation: " & WorkstationID & ", Username: " & UserID)
 else
  Set objFile = objFSO.CreateTextFile(ServerShare & "LoginsAllowed.log")
  ObjFile.Writeline ("Logged On - Date: " & Date & ", Time: " & Time & ", Workstation: " & WorkstationID & ", Username: " & UserID)
 End If
 ObjFile.Close

End If
End select

Logoff Script

'Set Objects
Set oShell = CreateObject( "WScript.Shell" )
Set objFSO = CreateObject("Scripting.FileSystemObject")
SET WshShell = createObject("WScript.shell")
Const intForReading = 1
Const intForWriting = 2
Const intForAppending = 8
ServerShare = "\\Server\path" 'Requires Users Full Read/Write Access
CurrentSession = ""
'Get Username & Workstation
UserID=oShell.ExpandEnvironmentStrings("%UserName%")
WorkstationID=oShell.ExpandEnvironmentStrings("%ComputerName%")
'Check If Login Session Is Correct To Workstation & User'
If objFSO.FileExists (ServerShare & UserID & ".txt") Then
 Set objFile = objFSO.OpenTextFile(ServerShare & UserID & ".txt", intForReading, False)
 ' Read the first line if the file is not empty
 CurrentSession = objFile.ReadLine
 objFile.Close
 If CurrentSession = WorkstationID then
  objFSO.DeleteFile(ServerShare & WorkstationID & ".txt")
  objFSO.DeleteFile(ServerShare & UserID & ".txt")
 End if
End If

Monday 3 November 2014

Users Home Folders Displayed As My Documents Instead of Username

On server 2008 and 2012 users home folders display as "My Documents" instead of their username. Run this PowerShell script on the directory to remove the administrators permission to the desktop.ini file: -


$folders = Get-ChildItem | where-object {$_.psiscontainer};
foreach ($folder in $folders)
{
    $ErrorActionPreference = "SilentlyContinue"
    $desktopIni = Get-ChildItem $folder -Filter desktop.ini -Force
    if ($desktopIni -ne $null)
    {
         $Acl = (Get-Item $desktopIni.FullName -Force).GetAccessControl("Access")
         $Ar = New-Object system.security.accesscontrol.filesystemaccessrule `
                   ("Administrators","Read","Deny")
         $Acl.SetAccessRule($Ar)
         Set-Acl $desktopIni.FullName $Acl
    }
}

Monday 20 October 2014

Duplicate Machine in System Center Virtual Machine Manager Showing as Incomplete Configuration

On occasion usually following a backup or replication job of a 2008 R2 Server in Hyper-V cluster, we get a duplicate server showing with the wrong hostname, and the status as incomplete configuration in SCVMM. Deleting the machine fails, so the following steps will enable us to remove it from SCVMM.

  1. Open failover cluster manager to find the correct hostname of the machine with the error.
  2. Login/remote desktop on to the incorrect host showing in vmm.
  3. Open the machine properties of the incorrect machine in vmm, and locate the vhd path in the hardware settings.
  4. On the incorrect host open the cluster storage path and open the pool folder.
  5. Double click on the folder with the same name as the vhd path in the vhd properties.
  6. Open the virtual machines folder.
  7. In a new file explorer on the incorrect host open the following path: c:\programData\Microsoft\Windows\Hyper-V\Virtual Machines
  8. Find the shortcut xml file with the same name as the files in the cluster storage folder, and delete the shortcut.
  9. Wait for vmm to update the status of the incorrect machine to missing, and you can now delete the machine.

Monday 13 October 2014

Cisco Ironport ESA Attachment Showing As N/A in Message Tracking

This is a known issue which can be fixed by applying a message filter to add the attachment name into the message header. Log in to the CLI of the Ironport device, enter the command "filters", and change to cluster mode if asked. Enter "new" and then copy and paste the following code: -

Add_attachment_header:
If (attachment-filename == "^.+$")
{
Insert-header("X-Attachment-filename", "$filenames");
}
.

Commit the changes by entering the "commit" command.
If you want to view the message filter after it has been applied you can use the "list" command.

Friday 10 October 2014

Replacing Cisco Ironport ESA In Cluster Mode

Step by step guide on how to replace a Cisco Ironport ESA in cluster mode.

  1. Remove the device which is to be replaced from the cluster by SSH using putty into either ironport device.
  2. Enter your credentials and issue the command "clusterconfig"
  3. You will be prompted to switch to cluster mode. This command is restricted to “cluster” mode. Would you like to switch to “cluster” mode? [Y]>Y
  4. You will then be presented with the following : Choose the operation you want to perform:
    – ADDGROUP – Add a cluster group.
    – SETGROUP – Set the group that machines are a member of.
    – RENAMEGROUP – Rename a cluster group.
    – DELETEGROUP – Remove a cluster group.
    – REMOVEMACHINE – Remove a machine from the cluster.
    – SETNAME – Set the cluster name.
    – LIST – List the machines in the cluster.
    – CONNSTATUS – Show the status of connections between machines in the cluster.
    – COMMUNICATION – Configure how machines communicate within the cluster.
    – DISCONNECT – Temporarily detach machines from the cluster.
    – RECONNECT – Restore connections with machines that were previously detached.
    – PREPJOIN – Prepare the addition of a new machine over CCS.
  5. Choose "Removemachine"
  6. Enter the number of the machine you want to remove from the list. (note this is only a configuration cluster, it wont stop any mail flow at this point).
  7. Log into the GUI of the ironport device removed and take a backup of the configuration file with the mask passwords option unticked.
  8. SSH into the device removed and enter the command "suspendlistener", and choose all to stop mail flow through the device.
  9. Power up new device upgrade the AsyncOS to the same version as the device to be replaced.
  10. Restore the configuration file exported from the old device.
  11. Transfer the license keys from the old device to the new one. The joining of a cluster process requires the centralised management key which is not included by default on the new device. This can be done from the cisco licensing portal: https://sso.cisco.com/autho/forms/CDClogin.html
  12. Once the keys have been transferred and you have the centralised management key installed, you can SSH into the new device, and issue the command "clusterconfig prepjoin print"
  13. Then issue "commit" command to save the key to the device.
  14. SSH into the ESA still in cluster mode and issue the command "clusterconfig".
  15. Switch to "clustermode" when prompted as before.
  16. Choose "prepjoin".
  17. Prepare Cluster Join Over CCS
  18. Choose new
  19. Enter the hostname of the system you want to add e.g. ironport.domain.com
  20. Enter the serial number of the system you want to add.
  21. Enter the user key obtained from the other ironport device, and commit.
  22. Go back to the new ironport device CLI and issue the "clusterconfig" command.
  23. Choose "join existing cluster over CSS"
  24. Enter the IP address, hostname, port and key of the new device when prompted.
  25. Once added there is no need to commit.
  26. To confirm the device eneter "clusterconfig", "list", this should now show both Ironport devices are now in the cluster.