Thursday, 19 December 2013
Blog Move
Just letting you all know, I have recently moved my blogs across to my new blogging site - http://modalyitblog.wordpress.com/
Thursday, 12 December 2013
PowerShell - Disable AD Account & Enable Out Of Office Reply
PowerShell - Disable AD Account & Enable Out of Office
Here is a nice simple script that admins can run to disable a user account within AD, move the account to the "Disabled Users" OU with the user description stamped with the user account used to run the script and the time & date, set a standardised out of office reply (informing people they have left the company) and removes the user from the global address list in Exchange.
All that is needed is the AD username of the user you wish to disable.
Update - 14/12/2013.
I have added additional functionality to send an email confirmation to the manager of the account you are disabling and added additional informational comments. Extracts of the send mail function were used from http://blogs.msdn.com/b/rkramesh/archive/2012/03/16/sending-email-using-powershell-script.aspx.
# *************************************************************************
# ****** Disable Active Directory User Account & Set Out Of Office PowerShell Script ******
# ****** ******
# ****** Created by Maurice Daly on 12/12/2013 ******
# ****** Follow me on Twitter - modaly_it ******
# ****** ******
# ****** Updated on 14/12/2013 ******
# ****** Description updated to use active directory name instead of the username ******
# ****** Email confirmation now sent to ex-employee's manager ******
# ****** ******
# ***************************************************************************
# Import Required PS Modules
cls
write-host "Importing Active Directory PS Commandlets"
Import-Module ActiveDirectory
write-host "Importing Exchange Server PS Commandlets"
# Connect to MS Exchange
write-host "Connecting to MS Exchange"
$ExchangeSMTP = "YOURSMTPSERVER"
$ExchangePowerShell = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://YOUREXCHANGESERVER/Powershell
Import-PSSession $ExchangePowerShell
cls
write-host "Disable Active Directory User Account & Enable Out Of Office"
write-host ""
# Get Variables
$DisabledDate = Get-Date
$LeaveDate = Get-Date -Format "dddd dd MMMM yyyy"
$DisabledBy = Get-ADUser "$env:username" -properties Mail
$DisabledByEmail = $DisabledBy.Mail
# Prompt for AD Username
$Employee = read-host "Employee Username"
$EmployeeDetails = Get-ADUser $Employee -properties Mail,Manager
$Manager = Get-ADUser $EmployeeDetails.Manager -Properties Mail
$ManagerEmail = $Manager.Mail
cls
# Prompt for confirmation
write-host "******************** CONFIRM USER DISABLE REQUEST ***********************"
write-host ""
write-host -ForegroundColor Yellow "Please review the Employee details below to ensure you are disabling the correct user account."
Get-ADUser $Employee | fl
$UserDetails = Get-User $Employee
$choice = ""
while ($choice -notmatch "[y|n]"){
$choice = read-host "Do you want to continue? (Y/N)"
}
# Actions
if ($choice -eq "y"){
cls
write-host "******************************** DISABLING USER ACCOUNT ********************************"
write-host ""
write-host "Step1. Modifying user description for audit purposes" -ForegroundColor Yellow
Set-ADUser $Employee -Description "Disabled by $($DisabledBy.name) on $DisabledDate"
write-host "Step2. Disabling $Employee Active Directory Account." -ForegroundColor Yellow
Disable-ADAccount $Employee
write-host "Step3. Moving $Employee to the Disabled User Accounts OU." -ForegroundColor Yellow
write-host ""
Get-ADUser $Employee | %{move-ADObject $_.DistinguishedName -targetpath 'OU=Disabled User Accounts,DC=YOURDOMAIN,DC=YOURDOMAIN'
write-host "Waiting 15 seconds for AD & Exchange OU update to complete"
sleep -Seconds 15
write-host ""
write-host "Refreshing Employee Details for Exchange Modification."
write-host ""
Get-ADUser $Employee -Properties Description | Format-List Name,Enabled,Description
write-host "Step 4. Setting Exchange Out Of Office Auto-Responder." -ForegroundColor Yellow
Set-MailboxAutoReplyConfiguration $Employee -AutoReplyState enabled -ExternalAudience all -InternalMessage "Please note that I no longer work for $($UserDetails.company) as of $LeaveDate." -ExternalMessage "Please note that I no longer work for $($UserDetails.company) as of $LeaveDate."
write-host "Step 5. Removing $Employee from Exchange Global Address Book." -ForegroundColor Yellow
Get-Mailbox -Identity $Employee | Set-mailbox -HiddenFromAddressListsEnabled $true
Write-Host "Step 6. Sending Confirmation E-mail To Employee's Manager." -ForegroundColor Yellow
$msg = new-object Net.Mail.MailMessage
$smtp = new-object Net.Mail.SmtpClient($ExchangeSMTP)
$msg.From = "$($DisabledBy.Mail)"
$msg.To.Add("$($Manager.Mail)")
$msg.subject = "IT Notification - Employee Leaver Confirmation"
$msg.body = "This email is confirm that $($Userdetails.Name)'s account has been disabled. An out of office notification advising that $($Userdetails.Name) has left the company has also been set. Note that the account will be deleted after 30 days."
$smtp.Send($msg)
}
}
else {
write-host ""
write-host "Employee disable request cancelled" -ForegroundColor Yellow}
Disclaimer - Use this script at your own risk, I accept no responsibility for any issues arising from it.
Saturday, 7 December 2013
Book Review - Hyper-V Replica Essentials
E-Book Review: Hyper-V Replica Essentials
Language : English
Release Date : October 2013
ISBN : 1782171886
ISBN 13 : 9781782171881
Author(s) : Vangel Krstevski
URL : http://bit.ly/1aDezz9
I was recently asked to review a new publication for Packt
Publishing which focuses purely on one of the most talked about features in
Windows 2012 server - Hyper-V Replica.
Hyper-V Replica Essentials is one of the first publications to
focus specifically on the Hyper-V replica role alone, which probably is a good
thing given that for most businesses in the SME sector will be looking to make
this feature part of their disaster recovery / business continuity plan.
The author Vangel Krstevski has produced this step by step
guide (96 pages in total) with one aim, to provide you the reader with a basic
understanding of the technologies covered and to provide a means to setup a
highly available Hyper-V cluster with disaster recovery. The book commences with
an overview of virtualisation and Microsoft’s real entry into the virtualisation game with
Windows Server 2008 R2 before swiftly moving on to Windows Server 2012 Hyper-V Replica.
The Good Points
The author has opted to take the reader through the entire
process of establishing a functional environment up with step by step screen
shots of the installation procedures and provides basic architectural diagrams.
Going down this route ensures that even junior administrators and server
engineers who are unfamiliar with scripting everything through PowerShell can produce
a basic deployment that in theory, just works.
I found the book to be structured well and easy to read, the
inclusion of screenshots ensures that a visual reference point accompanies your
build. Chapters 3 & 5 provide even the most sceptical admin/engineer who is
more familiar with technologies from other vendors such as VMWare, that
administration and failover processes are really that straight forward to test
or implement. This provides piece of mind to those making or suggesting a
switch in virtualisation platform.
Chapter 4 focuses on setting up the PKI requirements for securing replication which for those of you unfamiliar with certificates is particularly useful whilst the final chapter deals with administration of your clustered highly available, DR enabled environment. External reference links are also provided in the final chapter for those of you who wish to find out more in depth information.
Chapter 4 focuses on setting up the PKI requirements for securing replication which for those of you unfamiliar with certificates is particularly useful whilst the final chapter deals with administration of your clustered highly available, DR enabled environment. External reference links are also provided in the final chapter for those of you who wish to find out more in depth information.
Some Objective Criticism
As previously mentioned the author takes the route of using
GUI based procedures for installing the various roles, this is good for the novice
user however seasoned administrators are moving more and more towards
PowerShell scripting their installations and I believe to omit these commands
to be an oversight. One example would be the QOS bandwidth throttling in
Hyper-V as this is handled purely through PS commands, vital for those who do
not wish to find that their nice new feature has saturated their WAN links as
soon as it goes into production.
One other key point missed within the book is around
replication of the page file and the serious implications this can have on the
Hyper-V replica logs (HRL files). Microsoft recommend that the page file is
relocated to a separate VHD for this purpose as the VHD can then be excluded on the replication, however the page file disk
must be excluded on the initial VM replication configuration and cannot be implemented
retrospectively. http://social.technet.microsoft.com/wiki/contents/articles/12800.hyper-v-virtual-hard-disks-with-paging-files-should-be-excluded-from-replication.aspx
Last of all I believe more detail around NIC roles within
Hyper-V and VLAN segregation should have been covered, even at a basic level.
Without clear definition networking can be the downfall of any Hyper-V
deployment, especially when it gets down to the storage layer.
Conclusion
Hyper-V Replica Essentials provides even novice users with a
means to set up and provide their business with a business continuity solution
through the free out of the box Hyper-V replica feature in Windows Server 2012.
At the time of writing I would suggest that at €16.14 for
the electronic E-Book (which I opted for and found a joy to read on my iPad)
provides excellent value for money, especially when you consider a basic
Hyper-V training course would cost multiples of this amount. In fact why not use the difference to purchase some additional literature from Packt's extensive book list, for more info visit their website at http://www.packtpub.com.
Finally, I would personally like to see an updated version to cover the updated features of Hyper-V replica in Windows 2012 R2 and potentially address some of the points I have raised above.
Finally, I would personally like to see an updated version to cover the updated features of Hyper-V replica in Windows 2012 R2 and potentially address some of the points I have raised above.
Friday, 30 August 2013
Hyper-V Replica - Large HRL File Growth Caused By SCOM HealthService.exe
Windows 2012 Hyper-V Replica
Initial Thoughts & Highlights
Having recently migrated all of my virtual servers to new hardware / Windows 2012 cluster I was free to reload our legacy Windows 2008 R2 cluster with 2012 and enable the much talked about Hyper-V replica feature as our DR solution.
My first impressions on the new feature were obviously positive given the fact it is a "free" feature of the operating system and allows us to replicate between two different hardware platforms. My only criticism during the initial stage was the inability to modify the replication delta times and the path to which the initial replication takes place, but all were minor details and indeed the R2 release will bring the ability to change the replication time value in the not so distant future.
Following replication of half the server estate I went through the failover test process with no issues, providing much kudos to myself for delivering the solution to the business at a minimal cost. It also provided a better night sleep knowing that a SAN failure would be recoverable in a short period of time.
Replication Size Concerns
Having observed our replication figures for a 24 hour period I found that the average replication figures were greatly higher than anticipated, ranging from low MB's on some servers to high MB's on others. As a sanity check I reset the figures and continued to monitor the growth for another 24 hours, with the end result not being consistent values for both sets of 24 hour periods.
The greatest concern I had at this point was even virtual servers with minimal roles had growth of at least 8MB every 5 minutes, which when you consider I have a relatively small estate of 60 virtual servers it would equate to a replication requirement of 138GB's per 24 hour period.
(Growth Figure x Intervals Per Hour x Number of Hours x Number of Servers)
When I looked at these figures it became clear that replicating this volume of traffic over a WAN connection would have serious issues regardless of our local connectivity.
Something has to be wrong.
Diagnosing The Issue
Taking the 8MB figure I set out to determine why our less critical / work loaded servers exhibited this behaviour. Taking a look at my estate and I found an exception to the rule on a DMZ hosted server, so why was this machine behaving differently I thought. The answer was the server in question was not monitored by our Systems Center product suite as it was essentially retired.
Now I had a definite line of enquiry I set about disabling services to determine the issue, the end result was the SCOM Health Service (HealthService.exe) agent being determined as the culprit.
Issue Found
When the SCOM Agent is running it causes a HRL delta of 8192kb to occur every 5 minutes, disabling the service shows a clear reduction in the HRL file growth to the point that the HRL file does not grow for large periods when running tests with replication paused.
UPDATE - 17/10
After much logging MS Support have concluded that the IO generated by the SCOM edb database is causing the issue but this is by design. Looks like it is time to look at another replication package such as Veeam to replace Hyper-V replica for my environment as the overhead is too high. A real shame given the hype about Hyper-V replica.
Initial Thoughts & Highlights
Having recently migrated all of my virtual servers to new hardware / Windows 2012 cluster I was free to reload our legacy Windows 2008 R2 cluster with 2012 and enable the much talked about Hyper-V replica feature as our DR solution.
My first impressions on the new feature were obviously positive given the fact it is a "free" feature of the operating system and allows us to replicate between two different hardware platforms. My only criticism during the initial stage was the inability to modify the replication delta times and the path to which the initial replication takes place, but all were minor details and indeed the R2 release will bring the ability to change the replication time value in the not so distant future.
Following replication of half the server estate I went through the failover test process with no issues, providing much kudos to myself for delivering the solution to the business at a minimal cost. It also provided a better night sleep knowing that a SAN failure would be recoverable in a short period of time.
Replication Size Concerns
Having observed our replication figures for a 24 hour period I found that the average replication figures were greatly higher than anticipated, ranging from low MB's on some servers to high MB's on others. As a sanity check I reset the figures and continued to monitor the growth for another 24 hours, with the end result not being consistent values for both sets of 24 hour periods.
The greatest concern I had at this point was even virtual servers with minimal roles had growth of at least 8MB every 5 minutes, which when you consider I have a relatively small estate of 60 virtual servers it would equate to a replication requirement of 138GB's per 24 hour period.
(Growth Figure x Intervals Per Hour x Number of Hours x Number of Servers)
When I looked at these figures it became clear that replicating this volume of traffic over a WAN connection would have serious issues regardless of our local connectivity.
Something has to be wrong.
Diagnosing The Issue
Taking the 8MB figure I set out to determine why our less critical / work loaded servers exhibited this behaviour. Taking a look at my estate and I found an exception to the rule on a DMZ hosted server, so why was this machine behaving differently I thought. The answer was the server in question was not monitored by our Systems Center product suite as it was essentially retired.
Now I had a definite line of enquiry I set about disabling services to determine the issue, the end result was the SCOM Health Service (HealthService.exe) agent being determined as the culprit.
Issue Found
When the SCOM Agent is running it causes a HRL delta of 8192kb to occur every 5 minutes, disabling the service shows a clear reduction in the HRL file growth to the point that the HRL file does not grow for large periods when running tests with replication paused.
UPDATE - 17/10
After much logging MS Support have concluded that the IO generated by the SCOM edb database is causing the issue but this is by design. Looks like it is time to look at another replication package such as Veeam to replace Hyper-V replica for my environment as the overhead is too high. A real shame given the hype about Hyper-V replica.
Friday, 15 March 2013
Exchange Migration - Correcting IMAP folders
Following a legacy migration from an old email server I found that users had difficulty with particular folders that were migrated over displaying their correct contents in Outlook. If the user opened the folder in OWA they had no issue.
The cause of this behaviour is due to the folder type being set as an IMAP folder in Exchange. To correct this issue simply follow the below procedure (as always after making the required backups):
Download and Install ExFolders:
Note that it can take a few minutes for Outlook to update the folder type information.
I hope this helps you out.
The cause of this behaviour is due to the folder type being set as an IMAP folder in Exchange. To correct this issue simply follow the below procedure (as always after making the required backups):
Download and Install ExFolders:
- Confirm you are running at least SP1 for Exchange 2010
- Download ExFolders for Exchange 2010 (SP1+) from http://gallery.technet.microsoft.com/Exchange-2010-SP1-ExFolders-e6bfd405
- Install the ExFolders utility by running the registry file contained within the ZIP and copying the ExFolders.exe file to the Exchange bin directory
- Run the ExFolders.exe file
- Click on File - Connect
- Connection Type should be set to Mailboxes and Connect by set to Database
- Click on the Select button next to the "Global Catalog" section. Enter a DC running the global catalog role
- Click on Select next to the "Database(s)" section and select the required exchange database
- Click OK, at this point you should see a list of mailboxes contained within the database(s) you selected from the previous step
- To run modifications for all mailboxes simply highlight the Mailboxes root, otherwise highlight the user mailbox you wish to update
- To enable logging for troubleshooting purposes click on Tools, Options and enable both the "Enable logging to file" and "Enable extended logging" then click OK
- Click on Tools - Custom Bulk Operation then paste in the following into the Overall Filter section : (&(0x3613001E=IPF.Imap))
- Now click on the Add button and on select "Other folder properties" on the Operation Type prompt
- Click on the Property drop down list and select "PR_CONTAINER_CLASS : 0x3613001E"
- Enter the following into the Value field : IPF.Note and click on the Add button
- Click OK and OK again
- The update process will now run, correcting all IPF.Imap folders contained within the selected Database / Mailbox to the standard IPF.Note format
Note that it can take a few minutes for Outlook to update the folder type information.
I hope this helps you out.
Thursday, 3 January 2013
System Center 2012 SP1 RTM
System Center 2012 SP1 has been officially hit RTM status and been released to Microsoft VLC customers.
If you havent been planning your upgrade already then you might want to review the list of improvements and additional features included in the new release, these include DPM's ability to back up data de-dupe volumes from Windows 2012, support for Windows 8 / 2012 in SCCM and Azure support in DPM/SCOM.
Kevin Greene (SCOM MVP) has a good article on the upgrade process for SCOM 2012 -
Part 1 : http://kevingreeneitblog.blogspot.ie/2012/12/scom-2012-installing-service-pack-1-rtm.html
Part 2 : http://kevingreeneitblog.blogspot.ie/2013/01/scom-2012-installing-service-pack-1-rtm.html
Part 3 : http://kevingreeneitblog.blogspot.ie/2013/01/scom-2012-installing-service-pack-1-rtm_2.html
I will be running through the SCCM and DPM upgrades on a later post.
If you havent been planning your upgrade already then you might want to review the list of improvements and additional features included in the new release, these include DPM's ability to back up data de-dupe volumes from Windows 2012, support for Windows 8 / 2012 in SCCM and Azure support in DPM/SCOM.
Kevin Greene (SCOM MVP) has a good article on the upgrade process for SCOM 2012 -
Part 1 : http://kevingreeneitblog.blogspot.ie/2012/12/scom-2012-installing-service-pack-1-rtm.html
Part 2 : http://kevingreeneitblog.blogspot.ie/2013/01/scom-2012-installing-service-pack-1-rtm.html
Part 3 : http://kevingreeneitblog.blogspot.ie/2013/01/scom-2012-installing-service-pack-1-rtm_2.html
I will be running through the SCCM and DPM upgrades on a later post.
Monday, 26 November 2012
Reset Microsoft Surface tablet to factory settings
My manager recently purchased two Microsoft surface tablets in the states and of course deployed one of these units to the MD, no big deal I thought (for testing purposes). However connecting it to our exchange server required a password change and this is where the fun began.
Following a successful password change, the password was subsequently forgotten (it happens to us all) and access to the Surface unit was locked. After a quick search in Google I found a link to a TechNet article (http://technet.microsoft.com/en-us/library/ee692045(v=surface.10).aspx) that provides step by step instructions to reset a Surface unit back to Windows Vista factory settings - oh dear god no.
Now for the correct way to reset the tablet in this event:
Following a successful password change, the password was subsequently forgotten (it happens to us all) and access to the Surface unit was locked. After a quick search in Google I found a link to a TechNet article (http://technet.microsoft.com/en-us/library/ee692045(v=surface.10).aspx) that provides step by step instructions to reset a Surface unit back to Windows Vista factory settings - oh dear god no.
Now for the correct way to reset the tablet in this event:
- Boot the Surface tablet to the Windows 8 logon screen
- With the keyboard left shift button held down tap the power icon and choose the restart option
- A menu will appear with several options, pick the Troubleshoot option
- Now you will be presented with options to wipe the device back to factory settings
Subscribe to:
Posts (Atom)