Wednesday, September 28, 2011

Replicate Security Group membership from One Domain to Another.

Using powershell, and making lot of string customisations to get the output as desired....
Not the best of scripting.. but does the job i want it to do, with a bit scratchy error reporting...


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


# connection variables for all AD

$SourceAD = Connect-QADService -Service SourceAD_DC.local -ca sourcedomain\admin -cp (convertTo-SecureString password123 -ASPlainText -force)
$DestAD = Connect-QADService -Service DestAD_DC.local -ca Destdomain\admin -cp (convertTo-SecureString password123 -ASPlainText -force)


#Gets group names from file C:\temp\GroupCopySource\GroupsA.txt (Source Domain1 Groups),
#which then gets all members in the group, string manipulation is done to get only username and groupname
#so that we can use them in Domain2 AD for comparing and adding group members

#

Get-Content C:\temp\GroupCopySource\GroupsA.txt | ForEach-Object -Process {$member=get-qadgroupmember $_ -connection $sourceAD | Select-Object -expandProperty SamAccountName;
$new = $_.split("\");
$groupname=$new[1];
$groupfinal = "GSG-sourcedomain-$groupname";
$member > C:\temp\GroupCopyTask\$groupfinal.txt;
    ForEach ($b in $member) {trap [Exception] { Add-Content c:\temp\GroupCopyJob\errors.txt $error" groupname = "$groupfinal"`n"; $error.clear(); Continue} Add-QADGroupMember -identity $groupfinal -member ("destdomain\$b") -connection $DestAD;
    Add-content C:\temp\GroupCopyDest\$groupfinal"_copyresult.txt" $b}} > C:\Temp\GroupCopyJob\scriptoutput.txt




#clear all variables before being used.

Clear-Variable member
Clear-Variable groupfinal
Clear-Variable groupname
Clear-Variable new
Posted by at No comments:
Labels:

Sunday, June 19, 2011

Windows domain controller without Windows...

Sounds good...
have to try it...

http://www.vmware.com/appliances/directory/393283

Ubuntu(windows) domain controller...
Posted by at No comments:
Labels: , ,

Thursday, June 9, 2011

Resizing Disks used in a MSCS in VMWare

To take a backup of the VMDK:

Stop the cluster nodes.

Rename the VMDK that needs to be expanded with the command:

vmkfstools -E

Clone the VMDK to a thin volume using the original name with the command:

vmkfstools -I -d thin

Grow the clone with the command:

vmkfstools -X

Inflate the cloned VMDK with the command:

vmkfstools -j

Start the cluster.

Remove the old VMDK from the datastore.


------------


backup the vmdk

1. vmkfstools –E servervm.vmdk servervm_old.vmdk (this renames the vmdk)

2. vmkfstools –i servervm_old.vmdk servervm.vmdk –d thin (clones the renamed vmdk to original name in thin format)

3 vmkfstools –X 200G servervm.vmdk (expand the available size to 200 GB)

4. vmkfstools –j servervm.vmdk (inflates the vmdk in eargerzeroedthick format)

Conclusion: I think its just another way to redo the metadata on the VMDK files so it reads the new resized disk properly...

Posted by at No comments:
Labels:

Wednesday, June 8, 2011

Exchange 2010 - hub Transport not accepting SMTP connections, ForeFront client security enabled

Need to make sure proper exclusions are in place such as the transport service in exch2010

http://technet.microsoft.com/en-us/library/bb332342.aspx
Posted by at No comments:

Tuesday, May 17, 2011

SCAN option not available at Right Click with Symantec Endpoint Protection

Found out that,

the Right Click - SCAN option is not available when logged in via RDP session on SEP clients.

May be you already knew that, i didnt...

Also, if there is a centralized exception to the folder you are trying to scan manually,
IT WILL STILL NOT SCAN the folder if it is part of the exceptions.

Cheers
Posted by at 1 comment:
Labels: , ,

Tuesday, May 10, 2011

Reset password while unlocking SQL

If you uncheck the enforce password policy then on the General screen then click ok then go back and recheck the enforce password policy after clicking ok the first time then the account will be unlocked w/o changing the password.
Posted by at 5 comments:
Labels: , ,

Wednesday, April 27, 2011

How to map a network drive to be used by a service

For this hack you will need SysinternalsSuite by Mark Russianovich: http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx
Step one: Open an elevated cmd.exe prompt (Run as administrator)
Step two: Elevate again to root using PSExec.exe: Navigate to the folder containing SysinternalsSuite and execute the following command "psexec -s cmd.exe" you are now inside of a prompt that is "nt authority\system" and you can prove this by typing "whoami"
Step Three: Create the persistent mapped drive as the SYSTEM account with the following command "net use z: \servername\sharedfolder /persistent:yes"
It's that easy!
WARNING: You can only remove this mapping the same way you created it, from the SYSTEM account. If you need to remove it, follow steps 1 and 2 but change the command on step 3 to: "net use z: /delete"
NOTE: The newly created mapped drive will now appear for ALL users of this system but they will see it displayed as "Disconnected Network Drive (Z:)". Do not let the name fool you. It may claim to be disconnected but it will work for everyone. That's how you can tell this hack is not supported by Microsoft.


UPDATE

Hi all,

Thanks for the feedback.

I have finally had a chance to try and find a workaround to get the mapping done when the computer restarts. I have done limited testing, but so far this seems to have worked.

Follow this article to create a service with whatever name u like

http://support.microsoft.com/kb/137890

I suggest creating something like

C:\Program Files\Resource Kit\Instsrv.exe MapDriveAsSystem C:\Program Files\Resource Kit\Srvany.exe

Then do the regedit as described in the article.

There is a bit more to it then just running the psexec command.

You HAVE TO MAKE SURE THE SERVICE RUNS under a USER account and NOT LOCAL SYSTEM

Then its upto you to set the service startup requirement. The service stays in started state although the psexec has completed its task. So if you were to manually delete the mapping the service would show as started regardless. To improvise on that. may be you could create a bat file with the psexec command to map as system and then a SC command to stop the same service.

Shouldnt matter though, as we are only doing this service creation to handle the mapping on a computer reboot.

Hope it helps.

Cheers

Rahul 
Posted by at 19 comments:
Labels:

Monday, March 28, 2011

ICA Connections Hangs or Stops at 'Connection Established, Negotiating Capabilities'

ICA Connections Hangs or Stops at 'Connection Established, Negotiating Capabilities'

Document ID: CTX123816 / Created On: Jan 11, 2010 / Updated On: Jan 11, 2010
LINK is here

Symptoms

ICA connections hang or stop at "Connection established. Negotiating capabilities” specific to client workstation or domain user . Also connecting to a specific server always hang at “Connection Established, Negotiating Capabilities”.

My machine + his\her credentials = success
Another machine + his\her credentials = success
His\Her home machine + his\her credentials = failure
His\Her home machine + test ID = failure

Cause

Usually this is caused by an inaccessible license server.

Server results in not getting a correct license, probably the license server detects that several servers are using the same license and blocks it, especially if servers are cloned.

Resolution

Caution! This procedure requires you to edit the registry. Using Registry Editor incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Back up the registry before you edit it.

1. On client workstations with this issue, change the permissions on the registry key HKLM\SOFTWARE\Microsoft\MSLicensing. Give the Users Group Full Control or specific domain user account.

If you delete the key, Terminal Services recreates it when it acquires a license. However, the permissions on this key are set to read-only by default. Only administrators have full control rights. This means that only an administrator can request a Terminal Services license for this server. Once it is acquired, every user can use it.

2. Delete (rename or export key to be safe) the HKLM\Software\Microsoft\MSLicensing\HardwareID and HKLM\Software\Microsoft\MSLicensing\Store keys

More Information

Other solutions:

For Windows 2000 Professional systems: delete the License000x key to resolve the issue.

On each of your Citrix Presentation servers open the registry editor and navigate to
"HKEY Local Machine/System/Current ControlSet/Services/TermService/Parameters".

Delete the following keys (after making a backup):
Certificate
X509 Certificate
X509 Certificate ID
Reboot your server and verify that the issue is gone.


This document applies to:

Posted by at No comments:

Monday, February 7, 2011

ndschedag.exe managesoft

I want to force a update of machine policy using a command line so I can create a new schedule.
Anyone know some switches for ndschedag.exe?
If I run "c:\Program Files\ManageSoft\Schedule Agent\ndschedag.exe" -o scheduletype=machine, I get a little pop up box, which I then r-click on 'Apply machine policy' and select 'run', but I want to try to do all of this from command line.
Posted by at 1 comment:

Friday, January 21, 2011

Disable Hotkeys from Server end. Xenapp Citrix

Wanted to disable CTRL-F3 so that the original functionality, below is the fix


C:\Inetpub
\wwwroot\Citrix\AccessPlatform\conf

copied and pasted the disable hotkeys under the following:

WFClient
Hotkey1Char=(none)
Hotkey1Shift=(none)
Hotkey2Char=(none)
Hotkey2Shift=(none)
Hotkey3Char=(none)
Hotkey3Shift=(none)

Also, some great links.

http://www.dabcc.com/nfuse/Docs/ica_file_explained.htm

This link is to do with trasparentkeypassthrough, so you can use local windows shortcut keys on your remote session.

http://andymorgan.wordpress.com/2009/01/02/how-do-you-force-citrix-clients-to-behave/
Posted by at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)