It seems that I have been asked to provide a lot of user (& computer) logon information over the past few months. In order to provide this information, I (as others have) leveraged the LastLogonTimeStamp attribute to determine when a user (or computer) logged on last. Assuming you have a Windows 2003 forest mode Active …
Category: Technical Reference
Oct 21 2014
Hyper-V How to install integration services when the virtual machine is not running
From Microsoft’s Virtualization Blog, How to install integration services when the virtual machine is not running: We’ve been talking to a lot of people about deploying integration services (integration components) lately. As it turns out, they’re pretty easy to patch offline with existing Hyper-V tools. First, why would you update integration services on a not-running …
Oct 18 2014
Windows Server 2012 R2 Features
Single post coverage of all of the major new and updated features in Windows Server 2012 R2 This covers the following technology areas: iSCSI Target Server SMB Windows Deployment Services Active Directory BitLocker DFS Replication DHCP DNS Server Failover Clustering File and Storage Services File Server Resource Manager Group Policy Hyper-V Hyper-V Network Virtualization Hyper-V …
Oct 14 2014
New & Updated Features in Windows Server 2012 R2
New & Updated Features in Windows Server 2012 R2 Expanded from: http://technet.microsoft.com/en-us/library/dn250019 What’s New for iSCSI Target Server in Windows Server 2012 R2 iSCSI Target Server enables you to network boot multiple computers from a single operating system image that is stored in a centralized location. iSCSI Target Server can boot hundreds of computers by …
Oct 12 2014
Hyper-V VM Generation Differences
From the Microsoft Tip of the Day Blog: Generation 2 VMs replace a large number of emulated devices with resource efficient synthetic devices. Here is a list of Generation 1 devices that you will not find in a new Generation 2 VM. BIOS COM Ports DMA Controller Floppy Controller i8042 Keyboard Controller IDE Controller …
Oct 10 2014
PowerShell and Ambiguous Name Resolution (ANR) Search in Active Directory
I was recently asked how to find a user when you have data that may be the SamAccountName or in another attribute. My first thought was leveraging Ambiguous Name Resolution (ANR) Search in Active Directory. ANR enables you to find a user when you have some information about a user, but don’t know exactly to …
Oct 02 2014
Using PowerShell to Perform a Reverse DNS Lookup in Active Directory
Typically, one would use ping -a to get the hostname for a specific IP address which performs a DNS reverse lookup. Querying AD for a computer with an IP works great for computers joined to the Active Directory domain since most computers in AD have the IP Address configured on the computer account. When the …
Oct 01 2014
Black Hat USA 2014 Presentation: Investigating PowerShell Attacks
Black Hat USA 2014 Presentation: Investigating PowerShell Attacks This is an excellent presentation and I highly recommend anyone who is an admin or who is responsible for AD security. Investigating PowerShell Attacks Ryan Kazanciyan Technical Director, Mandiant Matt Hastings Consultant, Mandiant Over the past two years, we’ve seen targeted attackers increasingly utilize PowerShell to conduct …
Sep 30 2014
Azure & Active Directory
Azure is big. It’s really big. Seriously, it’s hard to comprehend just how big it really is. (Apologies to Douglas Adams.) In July of last year, then-CEO Steve Ballmer stated that Azure data centers held “comfortably over a million physical servers.” Last year, Azure server purchases accounted for 17% of all server purchases worldwide. …
Sep 28 2014
PowerShell: ADSI and Case Sensitivity
In developing a custom PowerShell script which leveraged ADSI, I noticed that the script wasn’t working properly. Here’s a sample block of the script which uses ADSI to get changes made to ExtensionAttribute11 as part of an Active Directory Convergence test script: 1 2 3 4 $ADSITarget = [ADSI]”LDAP://$DC” $Searcher = New-Object DirectoryServices.DirectorySearcher($ADSITarget,”(sAMAccountName=$ConvergenceObject)”) $ConvergenceObjectData = …
Recent Comments