Search This Blog

Thursday, December 17, 2009

New job!

1 minute ago, I signed the employment contract for Crayon (http://www.crayon.no/, http://www.crayon.se/). I will start the first of January as Crayon Sweden's Chief Architect for Microsoft technology.

So if you want me as a consultant, you contact Crayon.

Friday, November 20, 2009

Restore of an object or subtree

I've been asked several times how to get an object or subtree of objects back if an accidental deletion happened and you have one DC that still have the objects. In other words mark these objects as authoritative so they replicate back to the DCs that have them deleted. This is usual in a lag site scenario, or if you are lucky to find a DC that haven't already delete the object(s).

So here is a step-by-step on Windows 2008, note that this is not applicable for versions lower than 2008.


1. Stop relication on a DC that have the object(s) with repadmin. I usually stop both inbound and outbound to be safe:
- Repadmin /options +disable_inbound_repl
- Repadmin /options +disable_outbound_repl

2. Stop AD Service. This will also stop the following services:
- File Replication
- Kerberos Key Distribution Center
- Intersite Messaging
- DNS Server
- DFS Replication

3. Set instance:
- Ntdsutil
- Activate instance NTDS

4. Authoritative Restore (while in ntdsutil):
- Authoritative restore
- Restore subtree ou=dr-test,dc=qadvice,dc=prv

Example screenshot:
authoritative restore: restore subtree ou=dr-test,dc=qadvice,dc=prv
Opening DIT database... Done.

The current time is 11-20-09 12:35.45.
Most recent database update occured at 11-20-09 12:32.09.
Increasing attribute version numbers by 100000.
Counting records that need updating...
Records found: 0000001001
Done.

Found 1001 records to update.
Updating records...
Records remaining: 0000000000
Done.

Successfully updated 1001 records.
The following text file with a list of authoritatively restored objects has been created in the current working directory:
ar_20091120-123545_objects.txt
None of the specified objects have back-links in this domain. No link restore file has been created.
Authoritative Restore completed successfully.

5. Start AD and related services (if they don't start automatically)

6. Enable replication on the DC:
- Repadmin /options -disable_inbound_repl
- Repadmin /options -disable_outbound_repl

Tuesday, October 06, 2009

MVP Award. I received this in my mail Oct 1st:

"Dear Jimmy Andersson,Congratulations!

We are pleased to present you with the 2009 Microsoft® MVP Award! This award is given to exceptional technical community leaders who actively share their high quality, real world expertise with others. We appreciate your outstanding contributions in Directory Services technical communities during the past year."

I'm very glad and proud of it. This is the 11th year in a row!

Friday, August 07, 2009

TEC Europe

I just decided to attend TEC Europe in September. It will be held in Berlin at the Hilton, September 14-16.
Hope to see you there!

Thursday, July 30, 2009

Sooz arrived

Sooz arrived, picked her up at the airport. And guess what..... Yes, she arrives without the bag, it is still in Copenhagen and we hope it will arrive sometime soon. Tomorrow we're going on a road trip to Sundsvall so I really hope she gets her bag tonight....

Wednesday, July 29, 2009

Find account based on a given SID

Here is some code that will find the account based on a given SID:

-Script Begins-
'============================================================
' NAME: find-Account.vbs
' AUTHOR: Jimmy Andersson, Q Advice AB
' DATE: 21/04/2009
' Version: 1.0 - initial version
' USAGE: cscript find-Account.vbs
'============================================================
Option Explicit

'============================================================
'==== Declare variables and sets objWMIService
'============================================================
Dim strComputer, objWMIService, objAccount
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

'===========================================================
'==== Below code finds the account based on a given
'==== SID (both local and domain accounts)
'===========================================================
Set objAccount = objWMIService.Get _
("Win32_SID.SID='S-1-5-21-842925246-725345543-682003330-4474'")
wScript.Echo objAccount.ReferencedDomainName &_
"\" & objAccount.AccountName
-Script Ends-

A way of finding the local admin account by searching SIDs

Let's say you don't know the account name for the local admin account. The below code will find it for you. This is really good to have if a customer used the "oh-not-so-good-way-to-apply-security" approach.
I actually had a customer (before I came along and changed it) randomize the renaming of the local admin on their workstations....
Do I need to say that they didn't have a log. And even more "strange" is that they actually created 20+ local accounts just to confuse a potential bad guy.....
I will not start to rant about what I think of this approach. Never the less I had to find all the local admin accounts on their workstations. So I wrote some code that I fired off remotely and logged the information in a secure place. The basis of that code is below:
(as usual wrapping might be an issue)

-Script Begins-
'============================================================
' NAME: find-AdminName.vbs
' AUTHOR: Jimmy Andersson, Q Advice AB
' DATE: 21/04/2009
' Version: 1.0 - initial version
' USAGE: cscript find-AdminName.vbs
'============================================================
Option Explicit

'============================================================
'==== Declare variables and sets objWMIService
'============================================================
Dim strComputer, objWMIService, objAccount, colAccounts

strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

'===========================================================
'==== Below code finds the local ADMINISTRATOR account
'==== by searching the SIDs of local accounts
'===========================================================
Set colAccounts = objWMIService.ExecQuery _
("Select * From Win32_UserAccount Where LocalAccount = TRUE")
For Each objAccount in colAccountsIf Left (objAccount.SID, 6) = "S-1-5-" and Right(objAccount.SID, 4) = "-500" Then
Call getInfo
End If
Next

'===========================================================
'==== Function to get properties
'===========================================================
Function getInfo
wScript.Echo "Name: " & objAccount.Name
wScript.Echo "SID: " & objAccount.SID
wScript.Echo "Description: " & objAccount.Description
wScript.Echo "Disabled: " & objAccount.Disabled
wScript.Echo "Pwd Expires: " & objAccount.PasswordExpires
wScript.Echo "Pwd Required: " & objAccount.PasswordRequired
wScript.Echo "Pwd Changeable: " & objAccount.PasswordChangeable
End Function
-Script Ends-

How to get the SID of an account

Someone asked me how to write a script that will show you the SID and some other "stuff" of a specified username. So here it is, really simple and fast to do. The below will show you:
- name (which you need to know in advance)
- SID
- Description
- If it is disabled or not
- If the password expires
- If a password is required
- If the password can be changed.

-Script Begins-
'============================================================
' NAME: findSID-Name.vbs
' AUTHOR: Jimmy Andersson, Q Advice AB
' DATE: 21/04/2009
' Version: 1.0 - initial version
' USAGE: cscript findSID-Name.vbs
'============================================================

Option Explicit

'============================================================
'==== Declare variables and sets objWMIService
'============================================================
Dim strComputer, objWMIService, objAccount
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer &
"\root\cimv2")

'============================================================
'==== Below code gets the SID of a specified account.
'==== NOTE: If you specify a domain name instead of a computer name you'll
'==== get the SID of a domain account. E.g. name='admin',domain='root' '================'===========================================
Set objAccount =_
objWMIService.Get("Win32_UserAccount.Name='x-admin',Domain='client001'")
Call getInfo


'===========================================================
'==== Function to get properties
'===========================================================
Function getInfo
wScript.Echo "Name: " & objAccount.Name
wScript.Echo "SID: " & objAccount.SID
wScript.Echo "Description: " & objAccount.Description
wScript.Echo "Disabled: " & objAccount.Disabled
wScript.Echo "Pwd Expires: " & objAccount.PasswordExpires
wScript.Echo "Pwd Required: " & objAccount.PasswordRequired
wScript.Echo "Pwd Changeable: " & objAccount.PasswordChangeable
End Function
-Script Ends-

How to show color indices in Excel with VBScript

Ok, someone asked me how to find out the color indices in Excel via Script. So here it goes:

(as always, formatting and word wrap might not work.....And you need Excel installed on the machine where the code executes of course)

-Script Begins-

Set objExcel = CreateObject("Excel.Application")
objExcel.Visible = TrueSet
objWorkbook = objExcel.Workbooks.Add()
Set objWorksheet = objWorkbook.Worksheets(1)

For i = 1 to 14
objExcel.Cells(i, 1).Value = i
objExcel.Cells(i, 2).Interior.ColorIndex = i
Next

For i = 15 to 28
objExcel.Cells(i - 14, 3).Value = i
objExcel.Cells(i - 14, 4).Interior.ColorIndex = i
Next

For i = 29 to 42
objExcel.Cells(i - 28, 5).Value = i
objExcel.Cells(i - 28, 6).Interior.ColorIndex = i
Next

For i = 43 to 56
objExcel.Cells(i - 42, 7).Value = i
objExcel.Cells(i - 42, 8).Interior.ColorIndex = i
Next

-Script Ends-

Back from Philly

Came back from Philly and I must say that I had a great time!
It was really nice to meet Laura and Mark again. Their new place is really nice and have everything you need. Including a very nice pub (Charlie's) just around the corner!

All in all - time well spent, good food, good drinks! Hopefully I'll see them again in December in New York!

Now I'm getting ready for Sooze to come visit us tomorrow. That will also be loads of fun, travelling around Sweden and then Germany. Hopefully we have the time to stop by Z├╝rich as well....

Ok, carry on! :)

Wednesday, July 22, 2009

"I want to look after old people"

Nick, you are old. Get over it :)

For you that don't know us, Nick is my mate and I can take the Mickey out of him if I want!

Philly

Ok, arrived in Philly. Mark picked me up at the airport but not my bag... Read Mark's blog for details. Anyway, I'm here and we're having fun!

As always, good food an wine is a given!

Sunday, July 19, 2009

Getting quick info from systems

One thing that is pretty common when you get to a new customer is that they usually have no clue what systems they actually have on their network.
In most cases not all servers are members of AD so that is the reason I use an input list instead of getting all the computer objects from AD and then filter on OS, or specify a "top" OU and then search all computer objects from that OU and then all sub-OUs. This can of course be easily changed in the below script to do just that if you want, I might even post how to do it later... :)

The second thing is that when I wrote this, I actually just needed the info to be showed on the screen. Which is why I didn't created an output file and saved it directly to it (here I just pipe it). I will post a function how to create an output file later and the below script can easily be changed for this as well.


Do note that I couldn't get proper formatting (especially TAB) in this post so the script might look a bit strange. Also note that line breaks are not always correct, so test it first in your lab! I take NO responsibility for the script and it is your responsibility to test it in a lab environment!

-Script Begins-
'============================================================
' NAME: quickInfo.vbs
' AUTHOR: Jimmy Andersson, Q Advice AB
' DATE: 1/12/2008
' Version: 1.0 - initial version
'
' COMMENT: Used to find out settings remotely.
' You need to pipe the output to a text file (see below usage example) that you can
' open in Excel. It will be delimited with semicolons.
' It will do a ping test before trying to connect' to the remote machine.
'
' USAGE: cscript quickInfo.vbs > output.txt
'
' NOTE: If you don't have access it will just move on ' to the next one in the list.
'
'============================================================
On Error Resume Next

'============================================================

'====== Header ===============================================
'============================================================
wScript.Echo "Hostname;Manufacturer;Model;OS;Build;SP;Installed;Last Reboot;Distributed;NIC;MAC;DHCP Enabled;DHCP Server;IP;Subnet;Default Gateway;WINS1; WINS2;DNS"

'============================================================
'====== Specify input file and open it ===============================
'============================================================
' Input file with the server names
strFilename = "C:\_scripts\servers.txt"

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTS = objFSO.OpenTextFile(strFilename)

Do Until objTS.AtEndOfStream

strComputer = objTS.ReadLine
DoObject strComputer

Loop

objTS.Close

'============================================================
'====== Sub that collects data ====================================
'============================================================
Sub DoObject(strComputer)

strPingStatus = PingStatus(strComputer)

If strPingStatus = "Success" Then
Set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colOS = objWMI.ExecQuery("SELECT * FROM Win32_OperatingSystem")

For Each objOS In colOS
Set colHW = objWMI.ExecQuery("SELECT * FROM Win32_ComputerSystem",,48)

For Each hwItem in colHW
strHW = hwItem.Manufacturer
strModel = hwItem.Model

Set colItem = objWMI.ExecQuery("SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = TRUE",,48)

For Each objItem In colItem

strInfo = objOS.CSName & ";" & strHW & ";" & strModel & ";" & objOS.Caption &_
";" & objOS.BuildNumber & ";" & objOS.CSDVersion & ";" & objOS.InstallDate &_
";" & objOS.LastBootUpTime & ";" & objOS.Distributed & ";" &_
objItem.Caption & ";" & objItem.MACAddress & ";" & objItem.DHCPEnabled &_
";" & objItem.DHCPServer & ";" & Join(objItem.IPAddress, ",") & ";" &_
Join(objItem.IPSubnet, ",") & ";" & Join(objItem.DefaultIPGateway, ",") & ";" &_
objItem.WINSPrimaryServer & ";" & objItem.WINSSecondaryServer & ";" &_
Join(objItem.DNSServerSearchOrder, ",")

wScript.Echo strInfo
Next
Next
Next

Else
wScript.Echo strComputer & ";" & "Didn't answer ping"
End If
End Sub

'============================================================
'====== Function for w32_PingStatus WMI class =======================
'============================================================
Function PingStatus(strComputer)
On Error Resume Next

' Uses the local machine as the system to ping from
strWorkstation = "."

Set objWMIService = GetObject("winmgmts:" _& "{impersonationLevel=impersonate}!\\" & strWorkstation & "\root\cimv2")Set colPings = objWMIService.ExecQuery _
("SELECT * FROM Win32_PingStatus WHERE Address = '" & strComputer & "'")

For Each objPing in colPings ' Return codes
Select Case objPing.StatusCode

Case 0 PingStatus = "Success"
Case 11001 PingStatus = "Status code 11001 - Buffer Too Small"
Case 11002 PingStatus = "Status code 11002 - Destination Net Unreachable"
Case 11003 PingStatus = "Status code 11003 - Destination Host Unreachable"
Case 11004 PingStatus = "Status code 11004 - Destination Protocol Unreachable"
Case 11005 PingStatus = "Status code 11005 - Destination Port Unreachable"
Case 11006 PingStatus = "Status code 11006 - No Resources"
Case 11007 PingStatus = "Status code 11007 - Bad Option"
Case 11008 PingStatus = "Status code 11008 - Hardware Error"
Case 11009 PingStatus = "Status code 11009 - Packet Too Big"
Case 11010 PingStatus = "Status code 11010 - Request Timed Out"
Case 11011 PingStatus = "Status code 11011 - Bad Request"
Case 11012 PingStatus = "Status code 11012 - Bad Route"
Case 11013 PingStatus = "Status code 11013 - TimeToLive Expired Transit"
Case 11014 PingStatus = "Status code 11014 - TimeToLive Expired Reassembly"
Case 11015 PingStatus = "Status code 11015 - Parameter Problem"
Case 11016 PingStatus = "Status code 11016 - Source Quench"
Case 11017 PingStatus = "Status code 11017 - Option Too Big"
Case 11018 PingStatus = "Status code 11018 - Bad Destination"
Case 11032 PingStatus = "Status code 11032 - Negotiating IPSEC"
Case 11050 PingStatus = "Status code 11050 - General Failure"
Case Else PingStatus = "Status code " & objPing.StatusCode & _
" - Unable to determine cause of failure."
End Select
Next
End Function

-Script Ends-


Philadelphia

Tomorrow morning I'm off to Philly! :)

Going to spend some time with the old boy Mark for a few days. After his move to the States it's not that often we have the chance to meet up and hang out. But this week it all worked out!

I expect only three things:
- Good wine
- Good food
- Fun!

If you know us, you know how to get in touch if you're in town.

Tuesday, July 14, 2009

Change DNS on multiple computers

Ok, here is the background. We needed to get rid of some old hardware and replace them with new kit. These servers was DC/DNS and unfortunately we couldn't re-use the IP addresses which meant that all the DNS settings on the servers (the clients used DHCP) needed to get updated.

My client at the time was planning to do this manually, which was not smart at all. Even though their server park was only about 900 servers. So what to do? Obviously scripting was the answer so I put this little script together for them.

Do note that I couldn't get proper formatting (especially TAB) in this post so the script might look a bit strange. Also note that line breaks are not always correct, so test it first in your lab! I take NO responsibility for the script and it is your responsibility to test it in a lab environment!

-Script Begins-
'============================================================
' NAME: replaceDNS_Server.vbs
'
' AUTHOR: Jimmy Andersson, Q Advice AB
' DATE: 19/11/2008
' Version: 1.0 - initial version
'
' COMMENT: Used to replace an IP entry for the DNS settings with a new IP. It will
' do a ping test before trying to connect to the remote machine. Do note that it
' ONLY replaces the IP if it is found, if it can't find the IP nothing will happen
' and it will also return the name of the machine it didn't find it on. If a NIC is
' DHCP ENABLED it will not change anything on that particular NIC.
'
' USAGE: cscript ReplaceDNS_Server.vbs
'
' NOTE: If you don't have access it will just move on to the next one in the list.
' If you want to save the output' pipe it to a text file.
' Example: cscript ReplaceDNS_Server.vbs > output.txt
'============================================================

On Error Resume Next

'============================================================

'====== Specify input file and open it - One computer name per row ========
'============================================================
strFilename = "C:\serverNames.txt"

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTS = objFSO.OpenTextFile(strFilename)

Do Until objTS.AtEndOfStream
strComputer = objTS.ReadLine
DoObject strComputer
Loop
objTS.Close

'============================================================
'====== Sub to replace a DNS entry ================================
'============================================================
Sub DoObject(strComputer)

strOldDNSServer = "10.80.255.122" ' Specify which DNS IP that should be replaced

strNewDNSServer = "10.80.255.206" ' Specify the new DNS IP

' Run ping test before starting to run WMI queries
strPingStatus = PingStatus(strComputer)
If strPingStatus = "Success" Then ' See return codes in the Function

Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

' Only do changes if IP is enabled and DHCP is not used
Set colNicConfigs = objWMIService.ExecQuery _
("SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = TRUE AND DHCPEnabled = FALSE")

For Each objNicConfig In colNicConfigs
wScript.Echo VbCrLf & "Computer: " & strComputer
wScript.Echo VbCrLf & " Network Adapter " & objNicConfig.Index
arrDNSServerSearchOrder = objNicConfig.DNSServerSearchOrder

wScript.Echo " DNS Server Search Order - Before:"
If Not IsNull(objNicConfig.DNSServerSearchOrder) Then
For Each strDNSServer In objNicConfig.DNSServerSearchOrder
wScript.Echo " " & strDNSServer
Next
End If

blnFound = 0
For i = 0 to UBound(arrDNSServerSearchOrder)
If arrDNSServerSearchOrder(i) = strOldDNSServer Then
arrDNSServerSearchOrder(i) = strNewDNSServer
blnFound = 1
End If
Next

If blnFound Then
retSetDNS = objNicConfig.SetDNSServerSearchOrder(arrDNSServerSearchOrder)
If retSetDNS = 0 Then
wScript.Echo " Replaced " & strOldDNSServer & " with " & _
strNewDNSServer & " in DNS search order."

Else
wScript.Echo " Unable to change DNS server search order."
End If

Else
WScript.Echo " DNS server " & strOldDNSServer & " not found."
End If
Next

Set colNicConfigs = objWMIService.ExecQuery _
("SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = TRUE")
For Each objNicConfig In colNicConfigs
wScript.Echo VbCrLf & "Computer: " & strComputer & " -- " & "DHCP Enabled => NO changes done."
wScript.Echo VbCrLf & String(80, "-")
Next

Else
wScript.Echo VBCrLf & "Computer: " & strComputer & " -- " & "Didn't answer ping => NO changes done."

' Return which machines that didn't answered on ping
wScript.Echo VbCrLf & String(80, "-")
End If

End Sub

'============================================================
'====== Function for w32_PingStatus WMI class =======================
'============================================================
Function PingStatus(strComputer)
On Error Resume Next

' Uses the local machine as the system to ping from
strWorkstation = "."


Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strWorkstation & "\root\cimv2")

Set colPings = objWMIService.ExecQuery _
("SELECT * FROM Win32_PingStatus WHERE Address = '" & strComputer & "'")


For Each objPing in colPings ' Return codes
Select Case objPing.StatusCode

Case 0 PingStatus = "Success"
Case 11001 PingStatus = "Status code 11001 - Buffer Too Small"
Case 11002 PingStatus = "Status code 11002 - Destination Net Unreachable"
Case 11003 PingStatus = "Status code 11003 - Destination Host Unreachable"
Case 11004 PingStatus = "Status code 11004 - Destination Protocol Unreachable"
Case 11005 PingStatus = "Status code 11005 - Destination Port Unreachable"
Case 11006 PingStatus = "Status code 11006 - No Resources"
Case 11007 PingStatus = "Status code 11007 - Bad Option"
Case 11008 PingStatus = "Status code 11008 - Hardware Error"
Case 11009 PingStatus = "Status code 11009 - Packet Too Big"
Case 11010 PingStatus = "Status code 11010 - Request Timed Out"
Case 11011 PingStatus = "Status code 11011 - Bad Request"
Case 11012 PingStatus = "Status code 11012 - Bad Route"
Case 11013 PingStatus = "Status code 11013 - TimeToLive Expired Transit"
Case 11014 PingStatus = "Status code 11014 - TimeToLive Expired Reassembly"
Case 11015 PingStatus = "Status code 11015 - Parameter Problem"
Case 11016 PingStatus = "Status code 11016 - Source Quench"
Case 11017 PingStatus = "Status code 11017 - Option Too Big"
Case 11018 PingStatus = "Status code 11018 - Bad Destination"
Case 11032 PingStatus = "Status code 11032 - Negotiating IPSEC"
Case 11050 PingStatus = "Status code 11050 - General Failure"
Case Else PingStatus = "Status code " & objPing.StatusCode & _
" - Unable to determine cause of failure."
End Select
Next

End Function

-Script Ends-