February 2010 Archives

I am jumping up and down scaring the neighbours!

It happened Team Canada in an OVERTIME Game took the Gold!

This is strange I am an American.  I was born in the States. Raised in the States.  Heck I still remember the Pledge of Allegiance.

So why?  Why am I cheering for Canada?

Canada is my home.

My family is in Canada.

My job is in Canada.

Canada supplied me a life where none could compare.

I will take my Canadian Citizenship because I am PROUD to call Canada my home.

I am not “UnProud” of my American status, but Canada became my home like nothing else.

Canada is a huge part of what launched the “Friday Funny Guy”, Canada was a huge part of my inspiration to take my dreams to my limits.

And as such, I cheer for Canada in it’s victories and cry it it’s woes.

And today, although I am not officially “Canadian” I stand beside and with other Canadians proud of What Canada has done and achieved.

Today, I cheer for Canada and Team Canada as they chalk up Gold Medal #14 and bring Canadian Pride to the limits

Thank you Canada

 

Sean
The Energized Tech

Powershell

Ever get bitten by a bug and need to know “How was this done?”

In Powershell there are many functions you create, and just as many pre-written.   But when I go to see how a function was done (so I can learn more), I find if the function has more than one line you just get something like this.

CommandType Name Definition
------------------                   ------- ----------
Function       get-exblog

 

Which doesn’t do you a lot of good.    

But really it’s not difficult to view.    For example if you want to get a list of all functions (which are like Cmdlets but you can view / edit and change them) run the following command

GET-CHILDITEM FUNCTION::

or you can also run a

GET-COMMAND –CommandType Function

…The output and results are the same, a BIG list of functions and their definitions or at least PARTIAL definitions.

So if you see a particular function you’re curious about in the list like say GET-EXBLOG (which is part of the Exchange Command Shell) just run this command

(GET-CHILDITEM FUNCTION::GET-EXBLOG).Definition

or

(GET-COMMAND GET-EXBLOG –CommandType Function).Definition

In both cases you will see the code that produces that Function which is

invoke-expression 'cmd /c start http://go.microsoft.com/fwlink/?LinkId=35786'

Which goes off and launches the Exchange Blog.

So I never knew how to launch a Browser session from Powershell.  But now thanks to viewing this function I see a way.  Maybe not necessarily the BEST or the ONLY way but it’s a good way to learn if you can see how somebody else did it.  

Powershell – Learning *IS* easy :)

Sean
the Energized Tech

 

Ok Look I know this should have been blatantly obvious but it wasn’t.

 

You’re downloading from Technet.   The computer rebooted.  The wire got yanked.   Aliens cut off the internet.

But for whatever reason your download got halted.  And although the “File Transfer Manager” CAN resume those downloads, it’s a matter of going to Technet, restart a Transfer and see it pickup on the screen.

I figured it HAD to be easier but I just didn’t see where the shortcut was.

So today I fired up Process Explorer from Sysinternals.com and looked to see where my “File Transfer Manager” was running from.

A quick right click of the mouse on the “TransferMGR.EXE” application in Process Explorer

image

And you could see where it was launching from.  Done.

So if you’re stuck in a jam and just want to restart your downloads from Technet or MSDN?   Create a shortcut to the “File Transfer Manager” under “C:\Windows\Downloaded Program Files\TransferMGR.exe” and just double click on it any time.  

As always you can click on previous downloads and choose “Resume”, “Suspend” or “Cancel”

 

And you DON’T have to relogin to Technet to do this either :)

 

Sean
The Energized Tech
”Saving the world from one headache at a time”

Not a lot of us get to work with actually establishing a trust between Domains.  On the Enterprise it happens but in small Business it doesn’t really.  Unless you’re in that grey area of “Too big to be a little guy but not yet Enterprise”

If you’re in that area, you’re probably the “Lone Gunman” managing the network.  You might have a Test environment of your own (or thanks to Virtualization, be thinking of having one)

You might even be in a company just large enough that you merged (or became merged) into a larger Division.

One of the big problems you will encounter right off the bat, is you need to share resources at some level with the parent company, even as simple as accessing a website.

If there is no Trust established you’ll encounter issues much like you would in a normal peer to peer network, in which you must validate against the resource in question with credentials from that Domain.   If there is no trust in place, you must manage multiple accounts, permissions.   If something as simple as an inventory application needs to run, it can’t.   There is usually validation on some level.  And switching domains to using “Anonymous” and “Everyone” permissions is not only a BAD break fix, it will make you far more liable to viruses, hacks, attacks and breach many rules in compliance like SOX/PCI and other nasty Multi letter acronyms I just can’t memorize on a daily basis.

So you need a trust.   One way or two way?  Forest level or External? What will I get to do automatically?

These are questions that should roam through your head. But on the most basic level, HOW difficult is it to establish?

It isn’t.  As long as some prep work is done.

You should be able to resolve names to IP addresses, if there are firewalls separating the networks, appropriate ports should be opened, and If one party is setting up the Trust, proper credentials must be available in both domains with appropriate permissions.  

***KLUNK***

Oh you thought it was going to be a COMPLETE walk in the park? Well it isn’t horribly difficult, just a little prep work.  That’s all.  Relax. ;)

If you have two separate Domains on different networks, you should have at least some Conditional Forwarders or Replicated copies of the Foreign DNS domain.  Conditional Forwarders are simpler to setup and require far less changes in security as all they do is change the ending domain name (IE: office.abc.com) and FORWARD the request the the DNS servers for that Domain

You’ll need that on both sides

To establish the Actual Trust you’ll need to go into “Active Directory Domains and Trusts” off the Start menu.

See ? Easy!

Right click on the Domain in question that you need to establish a trust.  Choose “Properties”.  At this point you will see a tab marked “Trusts”.  Click on that.

Here’s where the fun starts! On the lower left hand side you will see a button marked “New Trust”, click on that to bring up the “New Trust Wizard”

image

Type in the NETBIOS name (ABC) or the FQDN (IE: ABC.CONTOSO.LOCAL or CONTOSO.LOCAL) of the Domain you are attempting to establish a trust with.

image

If your resolution is all good and the domain is recognized, you will now be prompted with one of two boxes.  Either one asking you for the type of Trust (One way Inbound, Two Way, or One way Outbound) OR

image

Next you will be asked on whether to create the trusts on BOTH domains or just yours.  If you have Administrative credentials in the other Domain you can complete the whole process now,  If not you can at least get it started.  

image

You will be asked for whether the authentication will be “Domain Wide” or “Selective” – Selective is good for two separate companies that need to share resources but need to be EXTREMELY meticulous as to how resources are granted.  Nothing assumed.   Domain Wide is little more open.  Say a company that has separate divisions within Different Active Directory environments that need to be joined.   

In both cases a password is required.  This is a trust password.  The “secret phrase” that is needed to create the link.  Make it a good passphrase and not something silly like “yeahthisisagoodtrustpassphrase”

Password must meet whatever password rules are presently in force on the two Domains.  Toughest Rule wins.  So if one of you has a minimum 53 character password with Full Complexity in force?  Sorry.  Password would have to meet THAT rule.

image

At this point you have the option of confirming the Trust is in place on the other side.    Without credentials on the foreign domain, you can at least confirm the outgoing trust. 

image

But to confirm that the incoming trust is working (that your buddy on the other side typed in the password correctly and FOLLOWED the step by step instructions) requires Administrative credentials from that domain.

image

In a click or two, you’ll be done.   Now one thing to keep in mind, once the trust is in place you SHOULD double check Share and NTFS permissions.   If any SHARE or NTFS permission has “Everyone” access (even ReadOnly) the “Everyone” group is Universal.

If you want Grant users from the “Foreign but Trusted” domain access to resources you now need to learn about using a “Domain Local” security Group.  You can add users from the Other Domain to a “Domain Local” security group in your domain and grant THAT group access.   But interestingly once you start going into Server 2008, you can add Foreign domain users to “Global” security groups.   This seems to be a feature of the newer Server 2008 Active Directory (which I find immensely cool!)

There’s an absolutely EXCELLENT article written by Daniel Petri that covers on a beautiful an in depth level all you would ever want to know or not know about Domains and Trusts and is WELL worth the read!

Technology, Embrace it and extend yourself

Sean
The Energized Tech

As we cross into Windows 7 and Vista environments there is a huge win on the Infrastructure side

Manageability.

Vista and Windows 7 were born into Wireless and of course the need for Wireless security.  Windows XP existed as it grew.  As such certain things are apparent.

You REALLY need to control WIFI.

And so with Vista and Windows 7 with Group Policy it’s incredibly EASY!

Within Group Policy under Server 2008 you can now deploy Policies which govern what networks can or cannot be used including standards for a Corporate Network.  Just create a new Group Policy (or edit an existing one, here we’re creating a new one) We need to make a change under “Computer Configuration/Windows Settings/Securit Settings/Wireless Network (IEEE 802.11) Policies”

gpowifi1

gpowifi2

 

It’s as simple as “New Vista Policy” and fill in the dotted lines! Give the Policy a Description and Name, You can choose whether or not to Enforce the use of the Windows WLAN Autoconfig from here as well, to enforce that

Wireless setup office wide is standardized and easier for support. 

  gpowifi3

 

At this point, you can add the Wifi hot Spots that are approved for your corporation.  Take note as well, the Wifi passwords are NOT kept in the GPO, they do have to be typed in on per machine basis.  But you can pre-configure the systems so that’s all you DO need to type in.    You can even enforce many of the Wifi roaming options on the PC’s

 

 

 gpowifi4 gpowifi5

 

As you can see below you can be as flexible as you want on your Wireless environment or ridiculously locked down as you want.  Your choice :)

 

gpowifi6

 

You can also create Wireless policies for Windows XP, to at least allow for some pre-configuration of the units.   But Windows XP cannot be locked down on Wifi nearly as beautifully as Windows 7 or Vista.  A nice feature if you DO have these in your environment.

 

gpowifi7

gpowifi8 

Make sure you apply this policy on your Computers that have Wireless only or you’ll be spending all day typing in Wireless passwords on machines that will never have wifi.

 

Windows 7 and Vista and GPO

The Power is yours, leverage it.

Sean
The Energized Tech

Powershell

One of the things I remember when working with Small Business was dealing with a Smart-Host.

A Smart host, which most of us take for granted is the “SMTP” server most users get from their ISP.   When working with Small Business Server 2003 and most Small businesses, we didn’t tend to host our own mail internally.  It just wasn’t cost effective.   So we would choose an external vendor and use the POP3 connector from SBS 2003.

Now the problem.

If you are sending email and you are NOT hosting it yourself ON that server, you must send the mail to a REAL SMTP server on the outside world.  That’s easy.  Use the Smart Host from your ISP and life is good.

Ahhh but the catch.  Most ISP’s have restrictions and rules on how much you can send to those connectors.

Home users don’t notice it.  They do a send/receive and in the back end it just works, or they hit “Send Receive” again.

 

In a Server, it all has to just work.  No interruption, all magic, seamless.

 

So one of the Features I used to tweak under the Exchange 2003 allowed me to limit how much mail was sent out in each session.   I could throttle it down so the Smart Host on the outside world COULDN’T be spammed inadvertently, but at the same time Exchange 2003 could happily do it’s job.

Then Exchange 2007 came along.   It works beautifully, except for one thing.   I couldn’t find that setting!  I have a friend who does a lot of work for Small Business and HE couldn’t find it.   And he really needed to regulate that flow of mail!

 

Well as luck would have it, Microsoft did NOT remove the feature.  They reallocated it to the Transport Server role.   Which is actually better since instead of a single SMTP connector holding the setting a particular SERVER holds it.  That means if mail is flowing out of a particular Transport server on Exchange that has lower bandwidth, or restrictions than it’s partners; You can adjust it.

 

Set-TransportServer –identity ‘EXCHANGETRANSPORTSERVERNAME’ -MaxPerDomainOutboundConnections 5

 

The Default setting is 20 connections at a time.  Which is fine.   But Some ISP’s don’t want 20 live connections to their SMTP server from the SAME IP address at once.    And may either REJECT or BLACKLIST your server until you get all nice with Tech Support on the phone.

This article from Microsoft is a great starting point on learning how to regulate some of the mail flow in Exchange 2007.  For the most part it’s all done with Powershell :)

 

Sean
The Energized Tech

 

My good friend and boss is out feeling like a dog right now.  He went to go to the MVP Conference and came down with something along the way. 

A little Twitter banter happened as a result.  Supposedly my “mass plans to downgrade the office” :) (You the old phrase, while the cats away…)

 

Enjoy this little stream from Twitter and wish my good friend Cameron McKay @cameron_mckay a speedy recovery .  Maybe a flood of Tweets of good wishes will help bring his spirits up :)

 

---- EVIL PLANS OF WORLD DOMINATION BETWEEN @RBUIKE (Rodney Buike) and @ENERGIZEDTECH (Sean Kearney) ----

RBUIKE : @Cameron_mckay better get well soon or @energizedtech is going to take control of the corporate network

ENERGIZEDTECH : @rbuike Correction @cameron_mckay BETTER get well Or I WILL START SINGING AGAIN! :)

RBUIKE : If @Cameron_mckay doesn't get well soon @energizedtech is going to replace his LCD array with 15" CRTs

ENERGIZEDTECH : @rbuike Wait wait... I dug about and found some 12" Monochromes in Basement! @cameron_mckay better hurry or TTL is the way to go!

ENERGIZEDTECH : @rbuike You know, I think I could get Windows 7 running on a 486 if we tried :)

ENERGIZEDTECH : If @Cameron_mckay doesn't get well soon @energizedtech is going to convert the VOIP system back to corded landlines!

ENERGIZEDTECH : @rbuike Corded lines? AMATEUR! I've got a few cases of empty vegetable CANS and STRING to get a phone system!

RBUIKE : If @Cameron_mckay doesn't get well soon @energizedtech is going to migrate from Hyper-V to ESX

ENERGIZEDTECH : @rbuike ESX? Are you nuts?! I'm just going to PRETEND we have servers! TRUE Virtualization!

ENERGIZEDTECH : @rbuike all the Laptop? Etch-A-Sketches!

ENERGIZEDTECH : Planning on getting those Bicycler generators to run the datacenter. Yeah gimme some Coop students for power :)

ENERGIZEDTECH : I wonder how cheap I can get them from the Ontario Science Center :)

RBUIKE : If @Cameron_mckay doesn't get well soon @energizedtech is going to roll back to Exchange Server 5.5

ENERGIZEDTECH : @rbuike No No NOOOO! Thinking too small. I'm rolling out a Commodore Vic20 BBS for messaging

ENERGIZEDTECH : Gigabit!?!? PAH! We're going to back to SNEAKERNET!

RBUIKE : If @Cameron_mckay doesn't get well soon @energizedtech is going to re-deploy the 14.4 modem bank

ENERGIZEDTECH : @rbuike When are you going to learn little one? 14.4k ? I'm rolling out the Digital Corp 110 baud teletypes for VPN!

(and it all just went downhill from this point…)

 

So please everybody, which him a speedy recovery and assure him that all of this was @Rbuike idea.  I would never deploy 14.4 modems!

Everybody knows 300 Baud accoustic is the way to go.

Sean
The Energized Tech

Powershell

Server 2008R2, your life as an Admin just gets so much easier as the Commandlets flow.

Ever had one of those bosses that can’t make up their mind and fire and hire and fire and hire people on the fly?

Well not a typical boss but disabling a User account with Server 2008R2 is a SNAP!

Your command?  DISABLE-ADACCOUNT and ENABLE-ADACCOUNT

So the Boss bursts in and screams “Joey Smith IS A MADMAN! I just fired him!  Quick!  Shutdown the account AIHGAIHGHAHGHAHHI!!!”

No problem!

DISABLE-ADACCOUNT –identity ‘Joey.Smith’

Then after sobering up his mind is changed… “Uh you know that Joey guy?  Could you re-enable him?”

ENABLE-ADACCOUNT –identity ‘Joey.Smith’

So easy!  And no matter how many times he changes his mind, it’s just a keystroke away from his whims and your peace of mind.

 

Powershell, keep Boss’ whims at bay each and every day

Powershell

Oh goody ! Things got easier again thanks to Powershell :)

Do you need to fiddle with the Password Policy on the Domain?  Or do you deploy domains on a regular basis in the field?

If you have Server 2008R2 in the backend with new Active Directory Modules, this is a COMMAND now to edit it.

You can still use Group Policy but isn’t it nice to just “Call it up and Change it?”

With ActiveDirectory Modules you have two beautiful new commands.

 

Get-ADDefaultDomainPasswordPolicy and Set-ADDefaultDomainPasswordPolicy

 

Running “Get-ADDefaultDomainPasswordPolicy” (as it suggests) will show you the present configuration of the password policy, like so

PS C:\> Get-ADDefaultDomainPasswordPolicy

ComplexityEnabled                 : True
DistinguishedName                 : DC=Contoso,DC=local
LockoutDuration                     : 00:90:00
LockoutObservationWindow    : 00:30:00
LockoutThreshold                   : 2
MaxPasswordAge                    : 10.00:00:00
MinPasswordAge                     : 5.00:00:00
MinPasswordLength                : 17
objectClass                             : {domainDNS}
objectGuid                             : 12345678-1234-1234-1234-123456789012
PasswordHistoryCount             : 140
ReversibleEncryptionEnabled    : True

 

As we can see from this Policy, we have a real BOFH on our hands running the network with a history of 150 different passwords, 17 Character minimums, Lockouts after 2 attempts!

Which is we he was fired and now your job is to fix this quickly since every user is outside your office with burning torches to take out the IT Department!

But since YOU know Powershell and have Server 2008R2 in the back end, this is not a problem.   Grab the configuration and store it…

$MESSYPOLICY=Get-ADDefaultDomainPasswordPolicy

…and then just set the options you want the way you want it

$MESSYPOLICY.ComplexityEnabled=True
$MESSYPOLICY.LockoutThreshold=10
$MESSYPOLICY.MinPasswordLength=8
$MESSYPOLICY.PasswordHistoryCount=10

Set-ADDefaultDomainPasswordPolicy $MESSYPOLICY

There! with just a few easy to type settings you have held back the masses!  A more reasonable lockout of 10 attempts, an 8 character password length and only 10 remembered!

Your life saved all thanks to Powershell and Server 2008R2 !

Sean
The Energized Tech

 

"MOBILE" sung to "MONEY" by Barrett Strong (And redone by the Beatles)

 

Windows Mobile has just set me FREE!
Wanna use it for ETERNITY!

 

Gimme Mobile (Mobile Seven's here!)
That's what I want (Mobile Seven's here!)
That's what I want (Mobile Seven's here!)
YEAH! THAT'S WHAT I WANT!

 

Don't want a Palm, don't want a Blackberry
Just Gimme Mobile and SET ME FREE!

 

Gimme Mobile (Mobile Seven's here!)
That's what I want (Mobile Seven's here!)
That's what I want (Mobile Seven's here!)
YEAH! THAT'S WHAT I WANT!

 

Multitouch and as smooth as glass
Steve Jobs and Apple can kiss my *BLEEP*

 

Gimme Mobile (Mobile Seven's here!)
That's what I want (Mobile Seven's here!)
That's what I want (Mobile Seven's here!)
YEAH! THAT'S WHAT I WANT!

Oh gimme Mobile! (Mobile Seven's here!)
Windows Mobile! (Mobile Seven's here!)
Oh I gotta go Mobile! (Mobile Seven's here!)
Mobile Seven! (Mobile Seven's here!)
YEAH! THAT'S WHAT I WANT!

Oh gimme Mobile! (Mobile Seven's here!)
Windows Mobile! (Mobile Seven's here!)
Oh I gotta go Mobile! (Mobile Seven's here!)
Mobile Seven! (Mobile Seven's here!)
YEAH! THAT'S WHAT I WANT!

A quick one to throw out to the community for Small Business consultants.  I recently heard of a practice in using the SBS 2008 media as a hosting environment for Hyper-V.  I passed this along to some experts who threw some of the loudest magical words at me as if I had spat upon Steve Ballmer’s shoes.

Now in truth and all fairness, there is a LOT of confusion in the community regarding the licensing.   When you get the SBS 2008 Media (Standard edition) it DOES have two keys.   So naturally many assumed; being is for Physical and one for Virtual, they are two licenses.

 

They are not.   And even getting past if they WERE, the SBS 2008 media does not have a Microsoft sanctioned version of Hyper-V on it.  That’s not to say the Hyper-V isn’t there, it IS.  But it doesn’t work ANY way near the way ANY normal Hyper-V environment does.   And being that the Server Standard, Enterprise, DataCenter and FREE versions all work identically; I mark the one you find on SBS 2008 as a “never meant for release” version.  Ergo, not supported, buggy, unstable. 

Don’t use it.

 

Your alternate (if you’re bent on using Virtualization) is to just download the absolutely FREE Hyper-V Server 2008R2. It has ALL the capabilities to virtualize that environment.  It runs exactly like Server 2008 R2 Core, and as an added bonus is a little trickier to just go in and mess with and therefore be messed up by third party consultants touching your work.  (in Workgroup mode, you need to manually turn on things and your management system needs to match that)

 

I’m not going to get into licensing arguments with anybody, we all have opinions and Licensing from ANY company would send Aristotle running off for a 24 of Molson Canadian!

 

But a platform NEVER released as a Production Feature by the designer is a problem waiting to happen when PUT into production.   Especially when there are multiple free solutions from third party vendors and Microsoft.

Just remember this. When you’re deploying a production environment, if it FEELS like a workaround or a band aid for a machine going into production?  Remember, bandaids break and cause bigger problems down the road.   Use a little common sense, slow down and trust your better instincts.

 

Hacks are fun for home and playing with and learning.  Keep those skills for recovery, don’t implement them into production.

Cheers all

Sean
The Energized Tech

Powershell

One of the nicest things about Powershell is once you understand the Syntax it’s incredibly easy to just BUILD stuff!

How about having a filename where the Current Date is part of it?  Say a log file?

There are many nice ways to do this, but here’s a “quick and Dirty one”

 

$Logname=($GET-DATE).toshortdatestring().Replace(“/”,”-“)

 

“BLAH!” say the Itpros in the audience.  “WHAT IS THAT?!”

That is where Powershell is interesting if your NOT a Developer but are at least a LITTLE TEENY bit interested in what’s held in an Object.

It has Methods.  But we’ll get into that in another post.  What THIS little line gives YOU is a Variable that will contain the Current Date as a simple line like.

11-2-2008

You can now take this and build a filename (Say a log file or a Datesensitive CSV?) like this

GET-QADGROUPMEMBER ‘Domain Admins’ | Select-Object DN,Name,SamAccountName | EXPORT-CSV C:\ReportFolder\$Logname+’-ImportantFile.CSV’

And now that you have THAT in your hands, you could SCHEDULE this as something rather than repeatedly doing it yourself (*Even if it IS cool to just type away in Powershell*)

Rock on and enjoy life with Powershell

Sean
The Energized Tech

Powershell

Why should life be so difficult?

Do you need to quickly know who is in a group in Active Directory?

Sure you COULD go and find the group, Double click on it, glance at the members….

Would you like that in something you could report?

With Both Quest ActiveRoles *OR* using the New ActiveDirectory Modules in Powershell, it’s a breeze.

Listing of all users in “Domain Admins”

In Quest Active Roles

GET-QADGROUPMEMBER ‘Domain Admins’ | Select-Object DN,Name,SamAccountName

In ActiveDirectory Modules

GET-ADGROUPMEMBER –identity | Select-Object DistinguishedName,Name,SamAccountName

 

Pipe that output into an EXPORT-CSV and you’ll not only have the data you need, but something you can run anytime you want.

Watch next time, I’ll show you how to make THAT something that can run as a scheduled task to create an automated report!

Powershell – It keeps me ENERGIZED!

Sean
The Energized Tech

Rumor has it Windows 7 is just too darn perfect!  ITPros and Developers wander aimlessly unsure what to do!  No more bugs!  no more Bluescreens.

 

Watch the following video and watch www.Infrastructure2010.com for further details!

 

Powershell

In Powershell, Add users to Groups is a piece of cake whether you use Quest Commandlets or the new Active Directory Modules.

 

If your group name is “ACCOUNTING” and you’re adding in “GEDDY.LEE” the command would be (under Quest)

 

ADD-QADGROUPMEMBER ACCOUNTING GEDDY.LEE

 

Now this is all fine and dandy (except for Mr. Lee who probably should have been in the Group “RUSH” instead, but I was feeling silly) but if you try to add a user from a Trusted domain into the group, it’s a different story!

Let’s say we have two domains.    One is called ROCK and the other is called ROLL and you have a DomainLocal Security Group called “BassPlayers” you normally can add Users from a Domain called ROLL into the DomainLocal Group in ROCK under Active Directory users and Computers.  That part we all know. 

But under Powershell it was a bit confusing. At least at first!  Simply because I busy “Assuming” things.

 

So doing THIS to add NEIL.YOUNG from the ROLL domain

 

ADD-QADGROUPMEMBER BassPlayers ROLL\Neil.Young

 

Produces a complete fail with an error like this.

Add-QADGroupMember : Cannot resolve directory object for the given identity: 'ROLL\neil.young'.
At line:1 char:19
+ add-qadgroupmember <<<<  BassPlayers HO\neil.young
    + CategoryInfo          : NotSpecified: (:) [Add-QADGroupMember], ObjectNotFoundException
    + FullyQualifiedErrorId : Quest.ActiveRoles.ArsPowerShellSnapIn.DirectoryAccess.ObjectNotFoundException,Quest.Acti
   veRoles.ArsPowerShellSnapIn.Cmdlets.AddGroupMemberCmdlet2

 

So a Face Palm ! *KLUNK*

How to figure this out?  Actually very easy :)

Do it the “Hard way” to get some examples.   So I added a user in the Domain ROCK and the Domain ROLL into the BassPlayers DomainLocal group in my environment.  Then run a GET-QADUSER on the group to get some details.

 

GET-QADGROUPMEMBER BassPlayers

 

Name                           Type                 DN
----                               ----                    --

Geddy.Lee                   user                  CN=weenie,CN=Users,DC=techdays,DC=contoso,DC=com
ROLL\NeilYoung           foreignSecur... CN=S-1-5-21-2481523833-734975305-574286769-1118,CN=ForeignSecurityPri...

So we can see that members of the Foreign Domain are stamped different in the Domain Local Group.  Well DUH!  Of course they are!  It’s Different Domain!  There has to be SOME easy way of saying “Hey whoa!  This user’s not from our LOCAL security area!”

So KNOWING this in Advance means if we want to add users from a Foreign (BUT TRUSTED) domain to a DomainLocal Group we need to have a little bit of extra information FIRST.

Obviously, we need to know the TYPE of user.  A SELECT-OBJECT on the TYPE will show us more details and of course in greater depth

Name : ROLL\Neil.Young
Type  : foreignSecurityPrincipal
DN     : CN=S-1-5-21-2481523833-734975305-574286769-1118,CN=ForeignSecurityPrincipals,DC=ROCK,DC=com

 

But the DN.  Aye there’s the RUB.  The DN is UNIQUE to each user because of the SID.   So how do we pull THAT out?

Connect to the foreign domain and ASK!  Because you have a Trust (this article is about Domains with a Trust remember ;) )

 

GET-QADUSER Username –Service NameOrIPofForeigndomainController | select-object SID

Like

GET-QADUSER Neil.Young –Service ‘10.0.0.90’ | SELECT-OBJECT –SID

 

Will yield his SID which happens to be

 

CN=S-1-5-21-2481523833-734975305-574286769-1118

 

So (Gasp, pant, ack ack!) HOW DO WE USE THIS?!?!?!

 

Let’s think.   We have the name.  We can ask somebody information about the name and get the SID.  We know the details about the other domain. 

Let’s let POWERSHELL do ALL the Work… cuz we’re LAZ…… I mean EFFICIENT!

 

$DETAILS=GET-QADUSER Neil.Young –service ‘10.0.0.90’; 

 

But here’s the really tricky bit!  We have to put all those pieces together!  And THAT will be another story for AFTER the weekend :)

 

Sean
The Energized Tech

Finally! Basic is BACK!

| | TrackBacks (0)

Elitist Programmers back off!

What the community at large has been SORELY lacking for an incredibly long and overdue time is a language REGULAR people can use.

A language Novices can get their hands dirty with.  Simple and effective to play with and get creative with BEFORE their head explodes with a GUI.

 

Microsoft has brought it back.   A simple system called “Small Basic”.

Manual included. 

 

I haven’t had a chance to dive into it yet, but the Syntax looks like what the novices need.   Simple and effective. 

Curious? 

 

It’s a free download under 8 meg in size.  Small enough to carry around and share with friends.

 

Try it, you’ll like it

Sean
the Energized Tech

Technology is changing daily.   Applications on longer need to be on the physical machine to be powerful and useful.   Sometimes it’s combination of leveraging both a physical and a virtual solution as well as extending to the cloud.   Take a dip in the waters and gaze into the Azure sky…

 

FROM THE CLIENT TO THE CLOUD V 2.0

Date: April 14, 2010 9:00AM - April 14, 2010 5:00PM
Language: ENG

Location:
Westin Harbor Castle
Toronto, Ontario
M5J 1A6
Show Map

General Event Information

Products: Microsoft Hyper-V, Microsoft Office, Microsoft Office 2010 suites, Microsoft Silverlight, Microsoft SQL Server, Microsoft SQL Server 2008 R2, Microsoft technologies, Microsoft Visual Studio, Microsoft Visual Studio 2010, Windows, Windows 7, Windows Azure, Windows Azure platform, Windows Mobile, Windows Mobile Smart Client Applications
Recommended Audience: Architect, IT Generalist, Pro Dev/Programmer, Tech Influencing BDM

Description:

Energize IT 2010 – Anything is Possible!

Windows Azure. Office System 2010. Visual Studio 2010. Windows Mobile. The Microsoft-based platform presents a bevy of opportunities for all of us.  Whether you are a Manager, Developer, or IT Pro knowing how these will impact you is critical, especially in the new economic reality. 

Registration is now available for you to attend this complimentary full day EnergizeIT event where we will help you to understand Microsoft’s Software+Services vision using a combination of demonstrations and break-outs.   You will find out about the possibilities that these technologies help realize and the value that they can bring to your organization and yourself.

To start the day we will explore the Microsoft-based platform through a scenario that will demonstrate different points of view - from developer to IT Pro; from consumer to the information worker.  From the client to the cloud, this fun-filled demo-intensive exploration will excite you about the possibilities of the Microsoft-based platform.  You’ll see how to build next generation applications with technology like Silverlight, .NET 4.0 and Visual Studio 2010. You will find out how to consume those applications on a variety of devices, like mobile devices running Windows Phone, netbooks and PCs running Windows 7, as well as the web.  You will learn about how the Microsoft-based platform allows you to connect with your colleagues no matter where you are –office, coffee shops, or your own living room.  You’ll also see how you and your colleagues can be even more productive with Office 2010 and SharePoint 2010.

In the afternoon we will split in two tracks focused on managing and deploying infrastructure, and the development process.  These tracks will help you answer the question “How do I get to the latest technology from my current reality?”  You’ll learn about the technical details required for you to be ready to implement some of the technologies demonstrated in the morning sessions and help offer a clear learning and experimentation roadmap, and action plan. 

EnergizeIT: From the Client to the Cloud is your opportunity to learn how to harness the power and flexibility of the Microsoft-based platform from the client to the cloud. Invite a friend and Register today for this event. Seating is limited.  

Is your city not listed? Visit www.microsoft.ca/energizeIT

To register go online to www.microsoft.ca and search with event Code 1032440621 or Click here / Register by Phone: 1-877-673-8368

A pre-amble, a beginning to the new year in IT.  Meet up with peers and get a view of all the new technology about to be unleashed and unfolded to help YOU improve your life.

 

COMMUNITY CONNECTION

 

Date: April 27, 2010 6:30PM - April 27, 2010 9:00PM
Language: ENG

Location:
Microsoft Canada Headquarters
Mississauga, Ontario
L5N 8L9
Show Map

General Event Information

Products: Microsoft Hyper-V Server, Microsoft Office, Microsoft Office 2010 suites, Microsoft Silverlight, Microsoft SQL Server, Microsoft SQL Server 2008 R2, Microsoft technologies, Microsoft Visual Studio, Microsoft Visual Studio 2010, Windows, Windows 7, Windows Azure
Recommended Audience: Architect, IT Decision Maker, IT Generalist, Pro Dev/Programmer

Description:

Energize IT: Anything is Possible.

Energize IT: Community Connection Series is an evening event series hosted by your local Community User Group.  Throughout the evening event, you will hear us, Microsoft advisors, talk about Windows Azure, Office System 2010, Visual Studio 2010, Windows Mobile.  It’s evident the Microsoft-based platform presents a bevy of opportunities for all of us.  Whether you are a Developer or an IT Pro, knowing how these will impact you is critical, especially in the new economic reality. 

This evening Energize IT: Community Connection event will help you understand Microsoft’s Software+Services vision.   You will find out about the possibilities that these technologies help realize and the value that they can bring to your organization and yourself.

We will explore the Microsoft-based platform through a scenario that will demonstrate different points of view - from developer to IT Pro, from consumer to the information worker.  From the client to the cloud, this fun-filled demo-intensive exploration will excite you about the possibilities of the Microsoft-based platform.  You’ll see how to build next generation applications with technology like Silverlight, .NET 4.0 and Visual Studio 2010. You will find out how to consume those applications on a variety of devices, like mobile devices running Windows Mobile, netbooks and PCs running Windows 7, as well as the web.  You will learn about how the Microsoft-based platform allows you to connect with your colleagues no matter where you are –office, coffee shops, or your own living room.  You’ll also see how you and your colleagues can be even more productive with Office 2010 and SharePoint 2010.

For cities that have a full day Energize IT: From the Client to the Cloud full day event, please note, the community evening event is an encore presentation of the first part of Energize 2010 daytime event.

EnergizeIT: Community Connection series is your opportunity to learn how to harness the power and flexibility of the Microsoft-based platform from the client to the cloud. Visit www.microsoft.ca/energizeIT to learn

 

To register go online to www.microsoft.ca and search with event Code 1032441788 or Click here

The Office 2010 Install Fest – Curious about the NEWEST version of Office being released by Microsoft ?  Want to be ahead of the crowd and be ready before ANYBODY ELSE?

 

HERE’S YOUR CHANCE!

 

OFFICE 2010 Install Fest

 

Date: April 15, 2010 7:00PM - April 15, 2010 9:00PM
Language: ENG

Location:
Microsoft Canada Headquarters
Mississauga, Ontario
L5N 8L9
Show Map

General Event Information

Products: Microsoft Office, Microsoft Office 2010 suites
Recommended Audience: Additional Information Worker, IT Generalist, Pro Dev/Programmer

Description:

Energize IT 2010 – Anything is Possible!
NOTE: This effort is in part of the Energize IT Program. For more information on Energize IT and its offerings in Spring 2010, visit www.microsoft.ca/energizeIT for more details.

Office 2010 is just around the corner and we want you to experience its myriad of new features in a fun-filled evening.  Come join your peers in the local community to install Office 2010 on your personal machine to discover all the new ways that Office will help improve your personal and professional life.

We, Microsoft Canada’s technical advisors along with local experts will be on-hand to assist you and share how we’re taking advantage of Office 2010.  We’ll demonstrate tips and tricks to make the most of your experience of Office 2010, as well as highlight elements relevant to you.

But it’s not just about the software.  You’ll have the opportunity to connect with your peers and exchange stories about how they’re looking to take advantage of what Office 2010 has to offer.   If you are already running Office 2010 and consider yourself a guru, let us know by emailing energize@microsoft.com and come out to help your colleagues get started.

Join us for the Install Fest for Office 2010 as part of Energize IT Week 2010.  Bring your own notebook, netbook, or desktop to install the latest available build of Office 2010 and be on your way to a whole new level of productivity.

We will provide:

  • Power for your computer 
  • Installation media for Office 2010
  • Image with pre-installed Office 2010 (Requires Virtual PC)

To register go online to www.microsoft.ca and search with event Code 1032440866 or Click Here / Register by phone at 1-877-673-8368

It’s 2010!  The greatest sets of events to rip, rock, roar and shake apart YOUR IT foundation are COMING!

That’s right!   The one time, the greatest DAYS of DAYS are coming hear FINALLY!

 

ENERGIZE IT 2010!  the Days when ANYTHING is possible!

 

Events in Mississauga are just starting to appear!  So get ready now and Register for local ones near you!  The following events posted here are at the Mississauga, Ontario office for Microsoft.  But check on http://www.microsoft.com/canada/events/ and sort based on the province nearest *YOU* to find other EnergizeIT and AlignIT events!

 

Watch this blog for postings for Mississauga Ontario!

 

Sean
The ENERGIZED Tech :-D
Yeeeeeeeeeehaaaaaaawwwwwwwwwww!!!!!!

greenlight_banner2_180x125[1]

Here’s that chance to be Green with Envy and get a little green (or a chance at it!)

Get the Green Light

Is your application compatible with Windows® 7 and Windows Server® 2008 R2? Register and green light it before February 28, 2010, and you’ll automatically be entered in our Get the Green Light contest for a chance to win $7,000 or 1 of 5 netbooks! Plus, you’ll get exclusive access to Partner benefits.

CLICK HERE for further details!

Do it today!  Get the Green light on YOUR app and maybe pocket some Green!

Sean
The Energized Tech

Powershell

There are certain characters on the keyboard that no matter how you try, they just don’t appear in a text file.

Well actually they DO but we can’t tell WHAT they are.  But there are times you need to reference those characters.   Say if you’re trying to type in something meant to be echoed to two lines?  Need to send a tab character?

 

Fortunately all of this is well documented online at Microsoft when working with Powershell .  For those of you who remember DOS? (*ACK WHAT?!*) it will be the same technique when typing those special characters.

 

You just need a little thing called the “BackTick” ----- > ` < ----- and a few special letters

 

`0 Null
`a Alert
`b Backspace
`f Form feed
`n New line
`r Carriage return
`t Horizontal tab
`v Vertical tab

 

Now a lot of us out there will neither know nor care what a “Vertical Tab” is (for the record it’s from back in the days of Consoles and Line printers) but the important thing to note is these characters are used in text files.

Sometimes you’ll get data and you need to clean it up (from say a Unix system?) and you’ll need to specify the character.

 

If you’re working with these special characters, the string information always has to be referenced in Double Quotes --- > “ < ---

For example

 

“This`nIs`nA`nTest”

will show up as

This
Is
A
Test

And if you were trying to searching for a “Tab” character in a “tab separated file” as an example you could do this now.

(GET-CONTENT FILENAME.TXT) –replace “`h”,” “

 

Not the best example but it does show you it’s not hard to work with.  Also remember if you have any characters that are special (Like the Double or Single Quote) that NEED to be in a string, Put the BackTick ` before them to keep them included without problems (even the backtick itself)

 

BTW, this trick also works if you’re on Server 2008 Core.  There are situations even there (like passwords) where certain characters need to be typed.

 

Sean
The Energized Tech

Powershell

Adding users to a group has NEVER been easier!  In Server 2008 R2 using Active Directory Modules you have one dead simple command.

ADD-ADGROUPMEMBER

 

It’s easy, it’s simple, it’s intuitive……

If you have a Security Group in Active Directory called “REALLYIMPORTANTACCESS” and you need to add John.Smith or Mary.Jones to that Group? Well hold onto your seats

 

ADD-ADGROUPMEMBER REALLYIMPORTANTACCESS john.smith,mary.jones

 

DONE!  No headaches.  

Now to REMOVE a User from a Group?  Just as EASY!  If you found later on that “joe.bloe” was in that group?  No problem!

 

REMOVE-ADGROUPMEMBER REALLYIMPORTANTACCESS joe.bloe

 

Easy! And to boot it WARNS you BEFORE it performs the action.  A BUILT IN Safety!

And as always you can pass in variables to this commandlet, alternate credentials, for other domains or pipe in Data from other queries to automate your life!   All this is EASILY doable and repeatable from the comfort of your desktop.

Powershell, IT’S SCRIPTABLY DELICIOUS!

Sean
The Energized Tech

Powershell

As they would say on “Wayne’s World” ---- “SCHWING!!!”

There’s a feature I just stumbled on.   It’s simple.  It’s easy.

And you DON’T need to master Powershell on any level to just USE it!

 

It’s called SEARCH-ADACCOUNT.

SEARCH-ADACCOUNT is a Commandlet for just what it sounds like.  Searching Active Directory.  But where it wins for new Administrators is it already has PREBUILT EASY to USE parameters!

 

Want to find out who’s locked out in Active Directory?  SEARCH-ADACCOUNT –LockedOut

Need to know which accounts are Disabled?  SEARCH-ADACCOUNT –AccountDisabled

How about users who’s passwords NEVER expire?  SEARCH-ADACCOUNT –PasswordNeverExpires

There’s so much more to this Commandlet like THIS sweet little line.   We COULD write up a script for this but would you like a COMMAND LINE that shows all “Idle accounts”.   (User or Computer) that basically have been wasting space?

 

VOILA!  IT’S in POWERSHELL in Server 2008 R2!

 

SEARCH-ADACCOUNT –AccountInactive –TimeSpan 90:00:00:00

There!  ALL accounts (computer and user) not used in 90 days!  And YES you can pipe THAT into a DISABLE-ADACCOUNT as well to keep the system secure and under control!

 

This is just the ICING on the CAKE!  For just THIS REASON ALONE you should consider Server 2008 R2 and Powershell!  As an Administrator, this is something that is part of your daily job.  Query old accounts, find who’s wasting space, determine what needs to be pruned. And now that is a simple program you can use on your WORKSTATION.   No stress, no effort.

 

Just time for the Pina Coladas!

 

Sean
the Energized Tech

Powershell

If you have to disable a user in Powershell with the new “Active Directory Modules” which are part of a Server 2008 R2 Domain Controller?  You’ve never had it so easy.

The command is DISABLE-ADACCOUNT and it can work on one account or multiple accounts at the same time.

Hard to use?  Hardly!  This is IT!

Disable-ADAccount [-Identity] <ADAccount> [-AuthType {Negotiate | Basic}] [-Credential <PSCredential>] [-Partition <string>]
[-PassThru <switch>] [-Server <string>] [-Confirm] [-WhatIf] [<CommonParameters>]

 

Basic day to day use for most of us will involve

DISABLE-ADACCOUNT samname

like this

DISABLE-ADACCOUNT john.smith

And now the user “john.smith” is disabled in your Active Directory.

Or you can (if you prefer to play safer) use GET-ADUSER to SHOW you who you’re about to disable and pipe those results into the DISABLE-ACCOUNT Commamdlet.  Like this.

GET-ADUSER john.smith | DISABLE-ADACCOUNT

Or you can even search a particular OU for a User (if you don’t know the SAM account, if your company uses SAM accounts UNIQUE from the

GET-ADUSER –filter ‘Name –like “John*”’ –SearchBase “OU=Bedrock,OU=Locations,DC=Contoso,DC=Local” | DISABLE-ADACCOUNT

And like all “destructive” features with Powershell you can tack on a –whatif to make SURE you don’t make mistakes!

GET-ADUSER –filter ‘Name –like “John*”’ | DISABLE-ADACCOUNT -whatif

And like all the Commandlets in Server 2008 R2, you can pass alternate credentials or specify servers to work with MULTIPLE domains EASILY from a single system

 

Powershell.  It just ROCKS!

Sean
The Energized Tech