You can use the following Script to recieve the following information:
ComputerName
OperatingSystem
Memory in GB
CPU
$DCs = Get-ADDomainController -Filter *
foreach ($DC in $DCs) {
if (-not (Test-Connection -ComputerName $DC -Quiet -Count 1)) {
Write-Verbose -Message "The DC [$DC] is offline."
} else {
$os = Get-CimInstance -ComputerName $DC -ClassName Win32_OperatingSystem
$mem = [math]::Round((Get-WmiObject -Class Win32_ComputerSystem -computer $DC).TotalPhysicalMemory/1GB)
$cpu = Get-CimInstance -ComputerName $DC -ClassName Win32_Processor
[pscustomobject]@{
ComputerName = $DC
OperatingSystem = $os.Caption
Memory = $mem
CPU = $cpu.Name
}
}
}
Tuesday, December 17, 2019
Thursday, November 28, 2019
Adding the Attribute Editor tab for Active Directory objects
For some objects and maybe for some systems using a specific language, the attributes tab won’t appear, even when you have the “Advanced” view selected. This was maybe caused by a faulty forest update or misconfiguration. To fix this issue we must update the DisplaySpecifiers in our AD Configuration.
The following example will show you how to update it for AD User objects.
Open ADSIEdit
Click “Connect to” under the actions menu
Leave the defaults except select the well known naming context “Configuration”
Expand the Configuration Branch and select CN=DisplaySpecifiers container
Expand your language code CN=407 (for de-DE) other languages codes could be found at: https://support.microsoft.com/en-us/help/324097/list-of-language-packs-and-their-codes-for-windows-2000-domain-control
Click on CN=user-Display
Double click AdminPropertyPages and add the following value: 11,{c7436f12-a27f-4cab-aaca-2bd27ed1b773}
If you want to see the attribute flag on other objects you have to add 12,{c7436f12-a27f-4cab-aaca-2bd27ed1b773} to the AdminPropertyPages, like CN=organizationalUnit-Display or CN=computer-Display.
The following example will show you how to update it for AD User objects.
Open ADSIEdit
Click “Connect to” under the actions menu
Leave the defaults except select the well known naming context “Configuration”
Expand the Configuration Branch and select CN=DisplaySpecifiers container
Expand your language code CN=407 (for de-DE) other languages codes could be found at: https://support.microsoft.com/en-us/help/324097/list-of-language-packs-and-their-codes-for-windows-2000-domain-control
Click on CN=user-Display
Double click AdminPropertyPages and add the following value: 11,{c7436f12-a27f-4cab-aaca-2bd27ed1b773}
If you want to see the attribute flag on other objects you have to add 12,{c7436f12-a27f-4cab-aaca-2bd27ed1b773} to the AdminPropertyPages, like CN=organizationalUnit-Display or CN=computer-Display.
Tuesday, November 12, 2019
Get all DFS Folder targets of a DFS path
Find attached the script to get the DFS folder targets. The targets will be saved to c:\temp\DFSFolderTargets.csv. Just change the variable $DFSPath = "\\Domainfqdn\Folder\*" to your DFS path.
$DFSPath = "\\Domainfqdn\Folder\*"
$DFSPath
$DFSNFolders = Get-DfsnFolder $DFSPath
foreach($DFSNFolder in $DFSNFolders )
{
$DFSTarget = Get-DfsnFolderTarget $DFSNFolder.Path | Select Path,TargetPath
$DFSTarget | Export-Csv "c:\temp\DFSFolderTargets.csv" -NoTypeInformation -Append
}
$DFSPath = "\\Domainfqdn\Folder\*"
$DFSPath
$DFSNFolders = Get-DfsnFolder $DFSPath
foreach($DFSNFolder in $DFSNFolders )
{
$DFSTarget = Get-DfsnFolderTarget $DFSNFolder.Path | Select Path,TargetPath
$DFSTarget | Export-Csv "c:\temp\DFSFolderTargets.csv" -NoTypeInformation -Append
}
Monday, November 11, 2019
Convert certificates like pfx,cer or p7b to pem using openssl
pfx to pem
openssl pkcs12 -in cert.pfx -out cert.pem -nodes
cer to pem
openssl x509 -inform der -in cert.cer -out cert.pem
p7b to pem
openssl pkcs7 -in cert.p7b -inform DER -print_certs -out cert.pem
openssl pkcs12 -in cert.pfx -out cert.pem -nodes
cer to pem
openssl x509 -inform der -in cert.cer -out cert.pem
p7b to pem
openssl pkcs7 -in cert.p7b -inform DER -print_certs -out cert.pem
Wednesday, October 30, 2019
Hunting bad LDAP queries on your DC
This is a quick guide to find bad LDAP queries running against your Domain Controller.
To get the needed events on your DC, set the following registry settings using PowerShell:
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Services\NTDS\Diagnostics' -Name '15 Field Engineering' -Value "5"
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Services\NTDS\Parameters' -Name 'Expensive Search Results Threshold' -Value "0"
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Services\NTDS\Parameters' -Name 'Inefficient Search Results Threshold' -Value "0"
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Services\NTDS\Parameters' -Name 'Search Time Threshold (msecs)' -Value "120"
Your DC is now logging event 1644, with information about the LDAP queries.
If you are using this cmds any LDAP Query that´s taking over 120ms(Search Time Threshold (msecs)) will be logged.
The Log Level is set to 5 ('15 Field Engineering' -Value "5") that means it logs all events, including debug strings and configuration changes. Also a complete log of the service is recorded.
Expensive LDAP search reults, are the searches those visit large number of entries. The default threshold for expensive search is 10000. We can set it using Expensive Search Results Threshold reg key, in this case we set it to 0 to get all queries.
Inefficient Search Results Threshold, are the searches those return less than 10% of visited entries. The default visited entries threshold limit for inefficient query is 1000 which means if a query visit less than 1000 entries then it will not be consider inefficient query even though if it return no entry. So we set it to 0 to get all queries.
So now you can open the Event Viewer, go to Directory Services log and depending of the number of "bad" LDAP queries, you will see a lot of 1644 events. In this events you will get information like User,Filter,Client and the attribute that preventing Optimization. So with this values you can identify the source and fix it.
Find attached an example event:
Internal event: A client issued a search operation with the following options.
Client:
10.10.10.10:54601
Starting node:
dc=domain,dc=int
Filter:
( | (uid=Jon.Doe) (sAMAccountName=Jon.Doe) )
Search scope:
subtree
Attribute selection:
uid,sAMAccountName
Server controls:
Visited entries:
359807
Returned entries:
1
Used indexes:
DNT_index:662818:N;
Pages referenced:
2945008
Pages read from disk:
0
Pages preread from disk:
0
Clean pages modified:
0
Dirty pages modified:
0
Search time (ms):
4111
Attributes Preventing Optimization:
uid
User:
domain\serviceaccount.1
In this case you can contact the responsible admin for Client 10.10.10.10 and modify the query to use a better filter. For example if you don´t use the uid field in AD, you can remove it from the LDAP query and just search for teh samaccountname.
If you have enough logs collected, you can revert your changes using the following commands:
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Services\NTDS\Diagnostics' -Name '15 Field Engineering' -Value "0"
Remove-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Services\NTDS\Parameters' -Name 'Expensive Search Results Threshold'
Remove-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Services\NTDS\Parameters' -Name 'Inefficient Search Results Threshold'
Remove-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Services\NTDS\Parameters' -Name 'Search Time Threshold (msecs)'
To get the needed events on your DC, set the following registry settings using PowerShell:
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Services\NTDS\Diagnostics' -Name '15 Field Engineering' -Value "5"
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Services\NTDS\Parameters' -Name 'Expensive Search Results Threshold' -Value "0"
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Services\NTDS\Parameters' -Name 'Inefficient Search Results Threshold' -Value "0"
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Services\NTDS\Parameters' -Name 'Search Time Threshold (msecs)' -Value "120"
Your DC is now logging event 1644, with information about the LDAP queries.
If you are using this cmds any LDAP Query that´s taking over 120ms(Search Time Threshold (msecs)) will be logged.
The Log Level is set to 5 ('15 Field Engineering' -Value "5") that means it logs all events, including debug strings and configuration changes. Also a complete log of the service is recorded.
Expensive LDAP search reults, are the searches those visit large number of entries. The default threshold for expensive search is 10000. We can set it using Expensive Search Results Threshold reg key, in this case we set it to 0 to get all queries.
Inefficient Search Results Threshold, are the searches those return less than 10% of visited entries. The default visited entries threshold limit for inefficient query is 1000 which means if a query visit less than 1000 entries then it will not be consider inefficient query even though if it return no entry. So we set it to 0 to get all queries.
So now you can open the Event Viewer, go to Directory Services log and depending of the number of "bad" LDAP queries, you will see a lot of 1644 events. In this events you will get information like User,Filter,Client and the attribute that preventing Optimization. So with this values you can identify the source and fix it.
Find attached an example event:
Internal event: A client issued a search operation with the following options.
Client:
10.10.10.10:54601
Starting node:
dc=domain,dc=int
Filter:
( | (uid=Jon.Doe) (sAMAccountName=Jon.Doe) )
Search scope:
subtree
Attribute selection:
uid,sAMAccountName
Server controls:
Visited entries:
359807
Returned entries:
1
Used indexes:
DNT_index:662818:N;
Pages referenced:
2945008
Pages read from disk:
0
Pages preread from disk:
0
Clean pages modified:
0
Dirty pages modified:
0
Search time (ms):
4111
Attributes Preventing Optimization:
uid
User:
domain\serviceaccount.1
In this case you can contact the responsible admin for Client 10.10.10.10 and modify the query to use a better filter. For example if you don´t use the uid field in AD, you can remove it from the LDAP query and just search for teh samaccountname.
If you have enough logs collected, you can revert your changes using the following commands:
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Services\NTDS\Diagnostics' -Name '15 Field Engineering' -Value "0"
Remove-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Services\NTDS\Parameters' -Name 'Expensive Search Results Threshold'
Remove-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Services\NTDS\Parameters' -Name 'Inefficient Search Results Threshold'
Remove-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Services\NTDS\Parameters' -Name 'Search Time Threshold (msecs)'
Thursday, October 24, 2019
PowerShell Get a list of IPs from DNS Names
Requirements:
You need a file C:\temp\server.csv. This file have all names in it.
server1
server2
server3
server4
And the script to get all IPs.
$names = Get-Content C:\temp\names.csv
foreach ($name in $names )
{
[System.Net.Dns]::GetHostAddresses("$name") | select -ExpandProperty IPAddressToString
}
You need a file C:\temp\server.csv. This file have all names in it.
server1
server2
server3
server4
And the script to get all IPs.
$names = Get-Content C:\temp\names.csv
foreach ($name in $names )
{
[System.Net.Dns]::GetHostAddresses("$name") | select -ExpandProperty IPAddressToString
}
Thursday, July 4, 2019
Get and copy LAPS generated Admin password to clipboard
Just a PowerShell script to get and copy LAPS generated Admin password to your clipboard
Check it out on TechNet
Check it out on TechNet
Tuesday, May 14, 2019
PowerShell 7 coming soon
In the following post Steve Lee explaining why Powershell 7 and not 6.3.
https://devblogs.microsoft.com/powershell/the-next-release-of-powershell-powershell-7/
They will remove Core from the name... It makes sense if you check the .net Core Version 3.0, that would be used for PS 7, it should have all the underlying APIs and a high compatibility with Windows PowerShell 5.1. So you don´t have to struggle with compatibility issues, like in previous PS Core versions. Sounds like it would be the perfect mix from Windows PowerShell and PowerShell Core.
Microsoft said that PowerShell 7 should be available May 2019!
https://devblogs.microsoft.com/powershell/the-next-release-of-powershell-powershell-7/
They will remove Core from the name... It makes sense if you check the .net Core Version 3.0, that would be used for PS 7, it should have all the underlying APIs and a high compatibility with Windows PowerShell 5.1. So you don´t have to struggle with compatibility issues, like in previous PS Core versions. Sounds like it would be the perfect mix from Windows PowerShell and PowerShell Core.
Microsoft said that PowerShell 7 should be available May 2019!
Tuesday, February 19, 2019
Attribute Editor tab missing in Active Directory Users and Computers search
Problem:
If you search for a
user account, you doesn´t see the Attribute Editor tab in the properties of the
user account.
First the „Advanced
Features“ have to be activated in the “Active Directory Users and Computers”
console. Just select View and click
on Advanced Features.
Using a LDAP Query:
- Right-click Saved Queries and click the New-Query option
- Type in a name for your saved query, such as "Search SamAccount"
- Click the Define Query button
- Under the Find drop-down list, select Custom Search
- Click the Advanced tab
- Type in your query
- (objectcategory=person)(samaccountname=*tim.buntrock*)
Using the group trick:
- Search for a user
- Click on the member of tab
- Open a group from user
- Close the user properties tab
- Search for the user in the group member tab and double click him
- Now you should see the Attribute Editor tab
Using Active Directory Administrative Center instead of ADUC
If you are using the
AD Administrative Center you can directly access the Attribute Editor after a
search.
Tuesday, February 12, 2019
Subscribe to:
Posts (Atom)