Category: Technical Reference

Powershell Code: Determine LastLogonTimeStamp Replication Time

It seems that I have been asked to provide a lot of user (& computer) logon information over the past few months. In order to provide this information, I (as others have) leveraged the LastLogonTimeStamp attribute to determine when a user (or computer) logged on last. Assuming you have a Windows 2003 forest mode Active …

Continue reading

Hyper-V How to install integration services when the virtual machine is not running

From Microsoft’s Virtualization Blog, How to install integration services when the virtual machine is not running: We’ve been talking to a lot of people about deploying integration services (integration components) lately.  As it turns out, they’re pretty easy to patch offline with existing Hyper-V tools. First, why would you update integration services on a not-running …

Continue reading

Windows Server 2012 R2 Features

Single post coverage of all of the major new and updated features in Windows Server 2012 R2 This covers the following technology areas: iSCSI Target Server SMB Windows Deployment Services Active Directory BitLocker DFS Replication DHCP DNS Server Failover Clustering File and Storage Services File Server Resource Manager Group Policy Hyper-V Hyper-V Network Virtualization Hyper-V …

Continue reading

New & Updated Features in Windows Server 2012 R2

New & Updated Features in Windows Server 2012 R2 Expanded from: http://technet.microsoft.com/en-us/library/dn250019 What’s New for iSCSI Target Server in Windows Server 2012 R2 iSCSI Target Server enables you to network boot multiple computers from a single operating system image that is stored in a centralized location.  iSCSI Target Server can boot hundreds of computers by …

Continue reading

Hyper-V VM Generation Differences

  From the Microsoft Tip of the Day Blog: Generation 2 VMs replace a large number of emulated devices with resource efficient synthetic devices.  Here is a list of Generation 1 devices that you will not find in a new Generation 2 VM. BIOS COM Ports DMA Controller Floppy Controller i8042 Keyboard Controller IDE Controller …

Continue reading

PowerShell and Ambiguous Name Resolution (ANR) Search in Active Directory

I was recently asked how to find a user when you have data that may be the SamAccountName or in another attribute. My first thought was leveraging Ambiguous Name Resolution (ANR) Search in Active Directory. ANR enables you to find a user when you have some information about a user, but don’t know exactly to …

Continue reading

Using PowerShell to Perform a Reverse DNS Lookup in Active Directory

Typically, one would use ping -a to get the hostname for a specific IP address which performs a DNS reverse lookup. Querying AD for a computer with an IP works great for computers joined to the Active Directory domain since most computers in AD have the IP Address configured on the computer account. When the …

Continue reading

Black Hat USA 2014 Presentation: Investigating PowerShell Attacks

Black Hat USA 2014 Presentation: Investigating PowerShell Attacks This is an excellent presentation and I highly recommend anyone who is an admin or who is responsible for AD security. Investigating PowerShell Attacks Ryan Kazanciyan Technical Director, Mandiant Matt Hastings Consultant, Mandiant Over the past two years, we’ve seen targeted attackers increasingly utilize PowerShell to conduct …

Continue reading

Azure & Active Directory

  Azure is big. It’s really big. Seriously, it’s hard to comprehend just how big it really is. (Apologies to Douglas Adams.) In July of last year, then-CEO Steve Ballmer stated that Azure data centers held “comfortably over a million physical servers.” Last year, Azure server purchases accounted for 17% of all server purchases worldwide. …

Continue reading

PowerShell: ADSI and Case Sensitivity

In developing a custom PowerShell script which leveraged ADSI, I noticed that the script wasn’t working properly. Here’s a sample block of the script which uses ADSI to get changes made to ExtensionAttribute11 as part of an Active Directory Convergence test script: 1 2 3 4 $ADSITarget = [ADSI]”LDAP://$DC” $Searcher = New-Object DirectoryServices.DirectorySearcher($ADSITarget,”(sAMAccountName=$ConvergenceObject)”) $ConvergenceObjectData = …

Continue reading