Tuesday, April 23, 2013

How to Create Custom Active Directory LDAP Searches


Cool stuff from
http://blogs.msdn.com/b/muaddib/archive/2011/10/24/active-directory-ldap-searches.aspx

Also see the post below on creating queries for individual UserAccountControl flags.
How to use the UserAccountControl flags to manipulate user account properties
http://support.microsoft.com/kb/305144 
Now on to the queries.
 All XP ComputersAlthough this can be done easy enough with the GUI, I wanted to show the syntax so it can be used as a building block for more complex theories.  One thing to notice is the query parameter "objectCategory=computer".  By including this as part of our query we reduce the number of objects that have to be searched making for a faster query and less performance impact on the DC performing the query.
(&(objectCategory=computer)(operatingSystem=Windows XP*))
Windows XP Computers with Service Pack 2 Installed(&(objectCategory=computer)(operatingSystem=Windows XP Professional)(operatingSystemServicePack=Service Pack 2))
Windows XP Computers with Service Pack 1 Installed
(&(operatingSystem=Windows XP*l)(operatingSystemServicePack=Service Pack 1)))
Windows XP Computers with No Service Pack Installed
This one is structured a Little different.  Notice the "!" before operating SystemServicePack and the "*".  The "!" means NOT so the statement reads "NOT equal to anything" instead of NULL or empty quotes ("") like some other languages.
(&(operatingSystem=Windows XP Professional)(!operatingSystemServicePack=*))) 
Windows Server 2003 No Service Pack 1(&((objectCategory=computer))(operatingSystem=Windows Server 2003)(!operatingSystemServicePack=*)))
Windows Server 2003 Service Pack 1 Installed (&(objectCategory=computer)(operatingSystem=Windows Server 2003)(operatingSystemServicePack=Service Pack 1)) 
Windows 2000 Professional (&(objectCategory=computer)(operatingSystem=Windows 2000 Professional))
Windows 2000 Server (&(objectCategory=computer)(operatingSystem=Windows 2000 Server))
All Windows Server 2003 Servers
(&((objectCategory=computer))(operatingSystem=Windows Server 2003))
SQL Servers (running on Windows 2003) (please verify in your environment)
(&(objectCategory=computer)(servicePrincipalName=MSSQLSvc*)(operatingSystem=Windows Server 2003))
SQL Servers any Windows Server OS(&(objectCategory=computer)(servicePrincipalName=MSSQLSvc*)(operatingSystem=Windows Server*))
Windows Vista SP1(&(objectCategory=computer)(operatingSystem=Windows Vista*)(operatingSystemServicePack=Service Pack 1))
Windows Server 2008 Enterprise(&(objectCategory=computer)(operatingSystem=Windows Server® 2008 Enterprise)(operatingSystemServicePack=Service Pack 1))
Windows Server 2008 (all versions)
(&(objectCategory=computer)(operatingSystem=Windows Server® 2008*))
Windows Server 2008 R2 Enterprise
(&(objectCategory=computer)(operatingSystem=Windows Server 2008 R2 Enterprise))
Sample User Attribute Query (ExtensionAtrribute5)
(&(objectCategory=user)(&(extensionAttribute5>=20080101)(extensionAttribute5<=20080520)))
WIndows Server 2008 ALL
(&(objectCategory=computer)(operatingSystem=Windows Server 2008*))
Windows Server 2008 RTM
(&(objectCategory=computer)(operatingSystem=Windows Server 2008 *)(!operatingSystemServicePack=*))
Windows Server 2008 SP1
(&(objectCategory=computer)(operatingSystem=Windows Server 2008*)(operatingSystemServicePack=Service Pack 1))
Windows 7 RTM(&(objectCategory=computer)(operatingSystem=Windows 7*)(!operatingSystemServicePack=Service Pack 1))
Windows 7 SP1(&(objectCategory=computer)(operatingSystem=Windows 7*)(operatingSystemServicePack=Service Pack 1))
Posted by at No comments:
Labels: ,

Monday, April 22, 2013

Troubleshooting Server unable to look up internal FDQN "result too large", unable to RDP to server, but can browse and read eventlogs



 nslookup internaldomain.local
 Troubleshooting Server unable to look up internal FDQN "result too large", unable to RDP to server, but can browse and read eventlogs

Quick answer: port exhaustion, kb out there to fix this stuff.

nslookup
 internalserver.internaldomain.local can't find internaldomain.local: unspecified error


1. clear dns servers
2. added dns servers in Core Data centre
3. tried different dns servers in nslookup
3a. tried local dns server
4. modified host file with internal.local to server

fail

Check firewall (disable)
netsh advfirewall set allprofiles state off
result:
ok

Check Group Policy
Gpupdate /force
result:
Updating Policy...User Policy update has completed successfully.Computer policy could not be updated successfully. The following errors were encountered:The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.

check time
w32tm /query /peers

more nslookup
set debug
internaldomain.local
result
-------------
truncated answer
connect failed: result too large
-------------

check server's services
net stop dnscache
net start dnscache

net stop workstation
net start netlogon

Check Ports!
netstat -a -n
problem located - port exhaustion !!! 10000's of time_wait

----Hotfix Time---- (with bonus hotfix)
Windows6.1-KB2553549-v3-x64
Windows6.1-KB2264080-x64

there is a better rollup available(windows6.1-kb2775511-x64) but my server is not SP1. 

enjoy.

Posted by at No comments:
Labels: , , , ,

Thursday, April 18, 2013

Change CD DVD drive letter RAGE - task sequence



FOR /F "tokens=1 delims=:" %%A IN ('WMIC logicaldisk get drivetype^,deviceID^| FIND "5"') DO (
echo select volume %%A >%temp%\movecdrom.txt
echo assign letter z noerr >>%temp%\movecdrom.txt
diskpart /s %temp%\movecdrom.txt
)

uses wmic to locate which drive letter is actually the cdrom\dvd then moves it to Z drive.
Posted by at No comments:

Wednesday, March 27, 2013

Microsoft Anti-Virus Exclusion List

http://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virus-exclusion-list.aspx
Posted by at No comments:
Labels: ,

Monday, March 18, 2013

Build Import of DHCP Reservations - Powershell


Just followed ‘example 2’  - in the powershell command example  http://technet.microsoft.com/en-us/library/jj590686.aspx

Eg
Scopeid,IPAddress,Name,Clientid,Description
10.192.66.0,10.192.66.101,xx_L1_AP01,50-57-AC-9e-b1-26,SW - Gi1/0/47
10.192.66.1,10.192.66.102,xx_L1_AP02,d8-67-AC-95-5a-35,SW - Gi2/0/47
10.192.66.2,10.192.66.115,xx_L3_AP01,d4-8c-AC-04-72-e9,SW - Gi7/39
10.192.66.3,10.192.66.116,xx_L3_AP02,d4-8c-AC-2f-2b-ea,SW - Gi7/40

PS C:\> Import-Csv Path Reservations.csv | Add-DhcpServerv4Reservation -ComputerName koolkids.lc.local

pretty cool.
J
Posted by at No comments:
Labels: ,

Thursday, February 14, 2013

Powershell and DNS

Was trying to search for static address in a large subnet that I was working on.

start off with reading - http://gallery.technet.microsoft.com/scriptcenter/DNS-Server-PowerShell-afc2142b

retrieve the records with
$records = Get-DnsServerResourceRecord -ZoneName koolkids.internal -computer kcdc

tried
$records| ? recorddata -like "10.10.*"

got nothing returned... :(

then check the types:
$records | get-member
DistinguishedName         Property   string DistinguishedName {get;}
HostName                  Property   string HostName {get;}
PSComputerName            Property   string PSComputerName {get;}
RecordClass               Property   string RecordClass {get;}
RecordData                Property   CimInstance#Instance RecordData {get;set;}
RecordType                Property   string RecordType {get;}
Timestamp                 Property   CimInstance#DateTime Timestamp {get;}
TimeToLive                Property   CimInstance#DateTime TimeToLive {get;set;}

notice that is was CimInstance#Instance for the RecordData
can't remember how to convert it to string on the fly.
so my colleague suggested 
$records | out-gridview

then do the filtering from there, which work nice.

if after a few coffees I remember how to sort this out. I will update.
Posted by at 4 comments:
Labels: , ,

Friday, November 30, 2012

Stuck at "Please wait for the Group Policy client..." on Windows 2008 R2

My fellow workmate and myself were working on a two servers that were recently handed over to us.

These servers had multiple nics. Did the usual checked and also change the network provider order to have the "production" network first, because this it the way I roll.

We both joined the servers to the domain, rebooted and everything was fine, could logon etc.
my workmates server was  Stuck at "Please wait for the Group Policy client..."

So did the usual ; trying to view remote event logs, force a remote shutdown (which didn't work).
Decided that it was the fact that the bind order was stopping the logon from working
(Tried remote netsh, that didnt work remotely for some reason, most likely me)

Solutions to fix the problem to allow logon:
Add the blue cable
Add network cable to all NICs on the box (I dont have physical access to the box)
this should give IP address to all NICs


Disable NICs in BIOS
If you in the BIOS disable network card this might also be a option

Remote Connection and Disable the NIC(S) via netsh
  1. download psexec from microsoft
  2. connect to remote server psexec \\<servername> cmd.exe
  3. perform a netsh interface ip show config or ipconfig /all
  4. review the network setup, write down the names of the unused NICs or NICS with 169.254 addresses
  5. go and disable the nics for example netsh interface set interface "Local Area Connection 3" DISABLED
make sure you don't disable the NIC you are working off! (of course)

Solution to fix the issue:
 change the network provider order to have the "production" network first,


Posted by at No comments:
Labels: , , , , , ,
Subscribe to: Posts (Atom)