Thursday, 19 December 2013

Blog Move

Just letting you all know, I have recently moved my blogs across to my new blogging site - http://modalyitblog.wordpress.com/

Thursday, 12 December 2013

PowerShell - Disable AD Account & Enable Out Of Office Reply

PowerShell - Disable AD Account & Enable Out of Office

Here is a nice simple script that admins can run to disable a user account within AD, move the account to the "Disabled Users" OU with the user description stamped with the user account used to run the script and the time & date, set a standardised out of office reply (informing people they have left the company) and removes the user from the global address list in Exchange.

All that is needed is the AD username of the user you wish to disable.

Update - 14/12/2013.

I have added additional functionality to send an email confirmation to the manager of the account you are disabling and added additional informational comments. Extracts of the send mail function were used from http://blogs.msdn.com/b/rkramesh/archive/2012/03/16/sending-email-using-powershell-script.aspx.

# *************************************************************************
# ****** Disable Active Directory User Account & Set Out Of Office PowerShell Script   ******
# ******                                                                                                                 ******
# ****** Created by Maurice Daly on 12/12/2013                                                      ******
# ****** Follow me on Twitter - modaly_it                                                                ******
# ******                                                                                                                 ******
# ****** Updated on 14/12/2013                                                                              ******
# ****** Description updated to use active directory name instead of the username      ******
# ****** Email confirmation now sent to ex-employee's manager                                 ******
# ******                                                                                                                  ******
# ***************************************************************************


# Import Required PS Modules
cls
write-host "Importing Active Directory PS Commandlets"
Import-Module ActiveDirectory
write-host "Importing Exchange Server PS Commandlets"


# Connect to MS Exchange
write-host "Connecting to MS Exchange"
$ExchangeSMTP = "YOURSMTPSERVER"
$ExchangePowerShell = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri
http://YOUREXCHANGESERVER/Powershell
Import-PSSession $ExchangePowerShell

cls
write-host "Disable Active Directory User Account & Enable Out Of Office"
write-host ""


# Get Variables
$DisabledDate = Get-Date
$LeaveDate = Get-Date -Format "dddd dd MMMM yyyy"
$DisabledBy = Get-ADUser "$env:username" -properties Mail
$DisabledByEmail = $DisabledBy.Mail


# Prompt for AD Username
$Employee = read-host "Employee Username"
$EmployeeDetails = Get-ADUser $Employee -properties Mail,Manager
$Manager = Get-ADUser $EmployeeDetails.Manager -Properties Mail
$ManagerEmail = $Manager.Mail


cls
# Prompt for confirmation
write-host "******************** CONFIRM USER DISABLE REQUEST ***********************"
write-host ""
write-host -ForegroundColor Yellow "Please review the Employee details below to ensure you are disabling the correct user account."
Get-ADUser $Employee | fl
$UserDetails = Get-User $Employee

$choice = ""
 while ($choice -notmatch "[y|n]"){
     $choice = read-host "Do you want to continue? (Y/N)"
     }

# Actions
if ($choice -eq "y"){
        cls
        write-host "******************************** DISABLING USER ACCOUNT ********************************"
        write-host ""
        write-host "Step1. Modifying user description for audit purposes" -ForegroundColor Yellow
        Set-ADUser $Employee -Description "Disabled by $($DisabledBy.name) on $DisabledDate"
        write-host "Step2. Disabling $Employee Active Directory Account." -ForegroundColor Yellow
        Disable-ADAccount $Employee
        write-host "Step3. Moving $Employee to the Disabled User Accounts OU." -ForegroundColor Yellow
        write-host ""
        Get-ADUser $Employee | %{move-ADObject $_.DistinguishedName -targetpath 'OU=Disabled User Accounts,DC=YOURDOMAIN,DC=YOURDOMAIN'
        write-host "Waiting 15 seconds for AD & Exchange OU update to complete"
        sleep -Seconds 15
        write-host ""
        write-host "Refreshing Employee Details for Exchange Modification."
        write-host ""
        Get-ADUser $Employee -Properties Description | Format-List Name,Enabled,Description
        write-host "Step 4. Setting Exchange Out Of Office Auto-Responder." -ForegroundColor Yellow
        Set-MailboxAutoReplyConfiguration $Employee -AutoReplyState enabled -ExternalAudience all -InternalMessage "Please note that I no longer work for $($UserDetails.company) as of $LeaveDate." -ExternalMessage "Please note that I no longer work for $($UserDetails.company) as of $LeaveDate."
        write-host "Step 5. Removing $Employee from Exchange Global Address Book." -ForegroundColor Yellow
        Get-Mailbox -Identity $Employee | Set-mailbox -HiddenFromAddressListsEnabled $true
        Write-Host "Step 6. Sending Confirmation E-mail To Employee's Manager." -ForegroundColor Yellow
        $msg = new-object Net.Mail.MailMessage
        $smtp = new-object Net.Mail.SmtpClient($ExchangeSMTP)
        $msg.From = "$($DisabledBy.Mail)"
        $msg.To.Add("$($Manager.Mail)")
        $msg.subject = "IT Notification - Employee Leaver Confirmation"
        $msg.body = "This email is confirm that $($Userdetails.Name)'s account has been disabled. An out of office notification advising that $($Userdetails.Name) has left the company has also been set. Note that the account will be deleted after 30 days."
        $smtp.Send($msg)
                  
      
                }
     }
    
 else {
        write-host ""
        write-host "Employee disable request cancelled" -ForegroundColor Yellow}





Disclaimer - Use this script at your own risk, I accept no responsibility for any issues arising from it.
 


 

Saturday, 7 December 2013

Book Review - Hyper-V Replica Essentials

E-Book Review: Hyper-V Replica Essentials

Hyper-V Replica Essentials

Language : English
Release Date : October 2013
ISBN : 1782171886
ISBN 13 : 9781782171881
Author(s) :
Vangel Krstevski

URL : http://bit.ly/1aDezz9

I was recently asked to review a new publication for Packt Publishing which focuses purely on one of the most talked about features in Windows 2012 server - Hyper-V Replica.

Hyper-V Replica Essentials is one of the first publications to focus specifically on the Hyper-V replica role alone, which probably is a good thing given that for most businesses in the SME sector will be looking to make this feature part of their disaster recovery / business continuity plan.

The author Vangel Krstevski has produced this step by step guide (96 pages in total) with one aim, to provide you the reader with a basic understanding of the technologies covered and to provide a means to setup a highly available Hyper-V cluster with disaster recovery. The book commences with an overview of virtualisation and Microsoft’s real entry into the virtualisation game with Windows Server 2008 R2 before swiftly moving on to Windows Server 2012 Hyper-V Replica.

The Good Points

The author has opted to take the reader through the entire process of establishing a functional environment up with step by step screen shots of the installation procedures and provides basic architectural diagrams. Going down this route ensures that even junior administrators and server engineers who are unfamiliar with scripting everything through PowerShell can produce a basic deployment that in theory, just works.

I found the book to be structured well and easy to read, the inclusion of screenshots ensures that a visual reference point accompanies your build. Chapters 3 & 5 provide even the most sceptical admin/engineer who is more familiar with technologies from other vendors such as VMWare, that administration and failover processes are really that straight forward to test or implement. This provides piece of mind to those making or suggesting a switch in virtualisation platform.

Chapter 4 focuses on setting up the PKI requirements for securing replication which for those of you unfamiliar with certificates is particularly useful whilst the final chapter deals with administration of your clustered highly available, DR enabled environment. External reference links are also provided in the final chapter for those of you who wish to find out more in depth information.

Some Objective Criticism

As previously mentioned the author takes the route of using GUI based procedures for installing the various roles, this is good for the novice user however seasoned administrators are moving more and more towards PowerShell scripting their installations and I believe to omit these commands to be an oversight. One example would be the QOS bandwidth throttling in Hyper-V as this is handled purely through PS commands, vital for those who do not wish to find that their nice new feature has saturated their WAN links as soon as it goes into production.

One other key point missed within the book is around replication of the page file and the serious implications this can have on the Hyper-V replica logs (HRL files). Microsoft recommend that the page file is relocated to a separate VHD for this purpose as the VHD can then be excluded on the replication, however the page file disk must be excluded on the initial VM replication configuration and cannot be implemented retrospectively. http://social.technet.microsoft.com/wiki/contents/articles/12800.hyper-v-virtual-hard-disks-with-paging-files-should-be-excluded-from-replication.aspx

Last of all I believe more detail around NIC roles within Hyper-V and VLAN segregation should have been covered, even at a basic level. Without clear definition networking can be the downfall of any Hyper-V deployment, especially when it gets down to the storage layer.

Conclusion

Hyper-V Replica Essentials provides even novice users with a means to set up and provide their business with a business continuity solution through the free out of the box Hyper-V replica feature in Windows Server 2012.

At the time of writing I would suggest that at €16.14 for the electronic E-Book (which I opted for and found a joy to read on my iPad) provides excellent value for money, especially when you consider a basic Hyper-V training course would cost multiples of this amount. In fact why not use the difference to purchase some additional literature from Packt's extensive book list, for more info visit their website at http://www.packtpub.com.

Finally, I would personally like to see an updated version to cover the updated features of Hyper-V replica in Windows 2012 R2 and potentially address some of the points I have raised above.

Friday, 30 August 2013

Hyper-V Replica - Large HRL File Growth Caused By SCOM HealthService.exe

Windows 2012 Hyper-V Replica

Initial Thoughts & Highlights

Having recently migrated all of my virtual servers to new hardware / Windows 2012 cluster I was free to reload our legacy Windows 2008 R2 cluster with 2012 and enable the much talked about Hyper-V replica feature as our DR solution.

My first impressions on the new feature were obviously positive given the fact it is a "free" feature of the operating system and allows us to replicate between two different hardware platforms. My only criticism during the initial stage was the inability to modify the replication delta times and the path to which the initial replication takes place, but all were minor details and indeed the R2 release will bring the ability to change the replication time value in the not so distant future.

Following replication of half the server estate I went through the failover test process with no issues, providing much kudos to myself for delivering the solution to the business at a minimal cost. It also provided a better night sleep knowing that a SAN failure would be recoverable in a short period of time.

Replication Size Concerns

Having observed our replication figures for a 24 hour period I found that the average replication figures were greatly higher than anticipated, ranging from low MB's on some servers to high MB's on others. As a sanity check I reset the figures and continued to monitor the growth for another 24 hours, with the end result not being consistent values for both sets of 24 hour periods.

The greatest concern I had at this point was even virtual servers with minimal roles had growth of at least 8MB every 5 minutes, which when you consider I have a relatively small estate of 60 virtual servers it would equate to a replication requirement of 138GB's per 24 hour period.

(Growth Figure x Intervals Per Hour x Number of Hours x Number of Servers)

When I looked at these figures it became clear that replicating this volume of traffic over a WAN connection would have serious issues regardless of our local connectivity.

Something has to be wrong.

Diagnosing The Issue

Taking the 8MB figure I set out to determine why our less critical / work loaded servers exhibited this behaviour. Taking a look at my estate and I found an exception to the rule on a DMZ hosted server, so why was this machine behaving differently I thought. The answer was the server in question was not monitored by our Systems Center product suite as it was essentially retired.

Now I had a definite line of enquiry I set about disabling services to determine the issue, the end result was the SCOM Health Service (HealthService.exe) agent being determined as the culprit.

Issue Found

When the SCOM Agent is running it causes a HRL delta of 8192kb to occur every 5 minutes, disabling the service shows a clear reduction in the HRL file growth to the point that the HRL file does not grow for large periods when running tests with replication paused.

UPDATE - 17/10

After much logging MS Support have concluded that the IO generated by the SCOM edb database is causing the issue but this is by design. Looks like it is time to look at another replication package such as Veeam to replace Hyper-V replica for my environment as the overhead is too high. A real shame given the hype about Hyper-V replica.


Friday, 15 March 2013

Exchange Migration - Correcting IMAP folders

Following a legacy migration from an old email server I found that users had difficulty with particular folders that were migrated over displaying their correct contents in Outlook. If the user opened the folder in OWA they had no issue.

The cause of this behaviour is due to the folder type being set as an IMAP folder in Exchange. To correct this issue simply follow the below procedure (as always after making the required backups):

Download and Install ExFolders:
  1. Confirm you are running at least SP1 for Exchange 2010
  2. Download ExFolders for Exchange 2010 (SP1+) from http://gallery.technet.microsoft.com/Exchange-2010-SP1-ExFolders-e6bfd405
  3. Install the ExFolders utility by running the registry file contained within the ZIP and copying the ExFolders.exe file to the Exchange bin directory
Run the ExFolders utility:
  1. Run the ExFolders.exe file
  2. Click on File - Connect
  3. Connection Type should be set to Mailboxes and Connect by set to Database
  4. Click on the Select button next to the "Global Catalog" section. Enter a DC running the global catalog role
  5. Click on Select next to the "Database(s)" section and select the required exchange database
  6. Click OK, at this point you should see a list of mailboxes contained within the database(s) you selected from the previous step
  7. To run modifications for all mailboxes simply highlight the Mailboxes root, otherwise highlight the user mailbox you wish to update
  8. To enable logging for troubleshooting purposes click on Tools, Options and enable both the "Enable logging to file" and "Enable extended logging" then click OK
  9. Click on Tools - Custom Bulk Operation then paste in the following into the Overall Filter section : (&(0x3613001E=IPF.Imap))
  10. Now click on the Add button and on select "Other folder properties" on the Operation Type prompt
  11. Click on the Property drop down list and select "PR_CONTAINER_CLASS : 0x3613001E"
  12. Enter the following into the Value field : IPF.Note and click on the Add button
  13. Click OK and OK again
  14. The update process will now run, correcting all IPF.Imap folders contained within the selected Database / Mailbox to the standard IPF.Note format

Note that it can take a few minutes for Outlook to update the folder type information.

I hope this helps you out.

Thursday, 3 January 2013

System Center 2012 SP1 RTM

System Center 2012 SP1 has been officially hit RTM status and been released to Microsoft VLC customers.

If you havent been planning your upgrade already then you might want to review the list of improvements and additional features included in the new release, these include DPM's ability to back up data de-dupe volumes from Windows 2012, support for Windows 8 / 2012 in SCCM and Azure support in DPM/SCOM.

Kevin Greene (SCOM MVP) has a good article on the upgrade process for SCOM 2012 -
Part 1 : http://kevingreeneitblog.blogspot.ie/2012/12/scom-2012-installing-service-pack-1-rtm.html
Part 2 : http://kevingreeneitblog.blogspot.ie/2013/01/scom-2012-installing-service-pack-1-rtm.html
Part 3 : http://kevingreeneitblog.blogspot.ie/2013/01/scom-2012-installing-service-pack-1-rtm_2.html

I will be running through the SCCM and DPM upgrades on a later post.