Microsoft DirectAccess

Microsoft DirectAcess has made great strides in Windows Server 2012.

Key Points:

  • First available with Windows Server 2008 R2.
  • Built-in client support for Windows 7 and newer.
  • Provides always-connected connection to corporate network (connects before the user logs on).
  • Leverages IPV6 and 6to4 tunneling (additional configuration required when using Windows Server 2008 R2 as the DirectAccess server).
  • Windows Server 2012 simplifies the deployment process.
  • Client authentication can leverage Kerberos or certificates. PKI is not required when the DirectAccess server is running Windows Server 2012.
  • DirectAccess clients can be managed regardless of where they are as long as they have network connectivity (outside of the corporate network, internet connectivity is required).
  • DirectAccess connections are IPSec encrypted.
  • The DirectAccess server and clients must be domain-joined.
  • The Windows Firewall needs to be enabled on the server and clients.
  • DirectAccess is not VPN.
  • “When you use Windows 7 clients with DirectAccess in Server 2012 or Server 2008 R2, you need to install a separate DirectAccess Connectivity Assistant (DCA), which gives a system tray icon that shows the DirectAccess connection state.”

Great article describing DirectAccess as well as 2008R2 and 2012 differences and improvements:
http://windowsitpro.com/windows-server-2012/directaccess-windows-server-2012

PowerShell: Determine PowerShell Version

$PSVersionTable.PSVersion

If the variable doesn’t exist, then the system is running version 1.0.

Real-Time World Hack Map

This is an incredible map of the world that shows real-time network attacks. The animation makes it look like something out of the movie, “WarGames.”

Most impressive.

http://map.ipviking.com/?_ga=1.106938115.1477390587.1388686673#

 

PowerShell: Using Active Directory .Net methods in PowerShell Part 1

There are times you don’t have access to the Active Directory PowerShell cmdlets. One of the great things about PowerShell is the ability to use .Net in PowerShell scripts. For more, check out Part 2.

Here are some alternatives to using Get-ADForest & Get-Domain:

 

# Get Active Directory Forest Information
$ADForestInfo = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
$ADForestInfo.Name
$ADForestInfo.Sites
$ADForestInfo.Domains
$ADForestInfo.GlobalCatalogs
$ADForestInfo.ApplicationPartitions
$ADForestInfo.ForestMode
$ADForestInfo.RootDomain
$ADForestInfo.Schema
$ADForestInfo.SchemaRoleOwner
$ADForestInfo.NamingRoleOwner
# OR
[System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().Name
[System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().Sites
[System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().Domains
[System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().GlobalCatalogs
[System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().ApplicationPartitions
[System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().ForestMode
[System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().RootDomain
[System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().Schema
[System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().SchemaRoleOwner
[System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().NamingRoleOwner
###
# Get Active Directory Domain Information
  # Target the current (local) computer’s domain:
  $ADDomainInfo = [System.DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain()
  # Target the current user’s domain:
  $ADDomainName = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$ADDomainInfo.Forest
$ADDomainInfo.DomainControllers
$ADDomainInfo.Children
$ADDomainInfo.DomainMode
$ADDomainInfo.Parent
$ADDomainInfo.PdcRoleOwner
$ADDomainInfo.RidRoleOwner
$ADDomainInfo.DomainControllers
# OR
[System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().Forest
[System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().DomainControllers
[System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().Children
[System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().DomainMode
[System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().Parent
[System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().PdcRoleOwner
[System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().RidRoleOwner
[System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().DomainControllers
# Note: Use [System.DirectoryServices.ActiveDirectory.Domain]::GetCOMPUTERDomain().Attribute for the local computer’s domain info.
# Example: [System.DirectoryServices.ActiveDirectory.Domain]::GetCOMPUTERDomain().Forest
###
# Get the local computer’s site information:
$LocalSiteInfo = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite()
$LocalSiteInfo.Name
$LocalSiteInfo.Domains
$LocalSiteInfo.Subnets
$LocalSiteInfo.Servers
$LocalSiteInfo.AdjacentSites
$LocalSiteInfo.SiteLinks
$LocalSiteInfo.InterSiteTopologyGenerator
$LocalSiteInfo.Options
$LocalSiteInfo.Location
$LocalSiteInfo.BridgeheadServers
$LocalSiteInfo.PreferredSmtpBridgeheadServers
$LocalSiteInfo.PreferredRpcBridgeheadServers
$LocalSiteInfo.IntraSiteReplicationSchedule
# OR
[System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite().Name
[System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite().Domains
[System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite().Subnets
[System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite().Servers
[System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite().AdjacentSites
[System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite().SiteLinks
[System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite().InterSiteTopologyGenerator
[System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite().Options
[System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite().Location
[System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite().BridgeheadServers
[System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite().PreferredSmtpBridgeheadServers
[System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite().PreferredRpcBridgeheadServers
[System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite().IntraSiteReplicationSchedule

PowerShell: Get the Dates When the Active Directory Schema Was Updated

 

The Microsoft Scripting Guys blog has a great article on determining when schema updates were performed along with some information about the schema changes – at least enough to see if it was an Exchange update.

 


###########################
# Get Schema Update Dates #
###########################
# Code from: http://blogs.technet.com/b/heyscriptingguy/archive/2012/01/05/how-to-find-active-directory-schema-update-history-by-using-powershell.aspx
write-output "Reading all schema data... " `r
import-module activedirectory
$schema = Get-ADObject -SearchBase ((Get-ADRootDSE).schemaNamingContext) `
-SearchScope OneLevel -Filter * -Property objectClass, name, whenChanged,`
whenCreated | Select-Object objectClass, name, whenCreated, whenChanged, `
@{name="event";expression={($_.whenCreated).Date.ToShortDateString()}} | `
Sort-Object whenCreated

#"`nDetails of schema objects changed by date:"
#$schema | Format-Table objectClass, name, whenCreated, whenChanged `
#-GroupBy event -AutoSize

write-output "`nCount of schema objects changed by date:" `r
Write-output "This displays the approximate date each each schema update was performed." `r
$schema | Group-Object event | Format-Table Count,Name,Group –AutoSize

LSASS Crashing, CNF Objects May Be the Cause

What Happens and How Do I Know if I’m Affected?

When CNF mangled NTDS settings objects are created, the Lsass.exe process may crash and unexpectedly reboot one or more domain controllers. So there is a pretty good chance you’ll know about it. You may not know the root cause of the crash. More specifically though you’ll see the following events in the Application Log which you can look for.

Log Name: Application
Source: Application Error
Date: DateTime
Event ID: 1000
Task Category: Application Crashing Events
Level: Error
Keywords: Classic
User: N/A
Computer: ComputerName
Description:
Faulting application name: lsass.exe, version: 6.1.7601.17725, time stamp: 0x4ec483fc
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb164a
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x1f4
Faulting application start time: 0x01ceb94c671de3dd
Faulting application path: C:\Windows\system32\lsass.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 80a2cd04-2540-11e3-99e2-441ea1d316a4
Faulting package full name: %14
Faulting package-relative application ID: %15

And

Log Name: Application
Source: Microsoft-Windows-Wininit
Date: DateTime
Event ID: 1015
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: ComputerName
Description:
A critical system process, C:\Windows\system32\lsass.exe, failed with status code 255. The machine must now be restarted.

Read more of the blog post:

http://blogs.technet.com/b/askpfeplat/archive/2014/06/23/lsass-crashing-cnf-objects-may-be-the-cause.aspx

 

PowerShell: Get Active Directory Instantiation Date

 

The Scripting Guys blog posted a very useful script on how to determine when the Active Directory Forest was stood up.

 


#############################
# Get AD Instantiation Date #
#############################
# Code from: http://blogs.technet.com/b/heyscriptingguy/archive/2012/01/05/how-to-find-active-directory-schema-update-history-by-using-powershell.aspx
write-output "Checking Active Directory Creation Date... " `r
write-output "Displaying AD partition creation information " `r

Import-Module ActiveDirectory
Get-ADObject -SearchBase (Get-ADForest).PartitionsContainer `
-LDAPFilter "(&(objectClass=crossRef)(systemFlags=3))" `
-Property dnsRoot,nETBIOSName,whenCreated | Sort-Object whenCreated | Format-Table dnsRoot,nETBIOSName,whenCreated -AutoSize

PowerShell: Using a HashTable to Identify Active Directory Schema & Exchange Version

It’s easy to get the Active Directory schema version as well as the installed Exchange (schema) version by using the Active Directory PowerShell cmdlet, Get-ADObject. This script leverages a built-out HashTable to perform a lookup against the version numbers.


###################################
# Create Schema Version Hashtable # 20140606-14
###################################
Write-Verbose "Create Schema Version HashTable `r "
$SchemaVersionTable =
@{
"13" = "Windows 2000 Active Directory Schema" ;
"30" = "Windows 2003 Active Directory Schema";
"31" = "Windows 2003 R2 Active Directory Schema" ;
"44" = "Windows 2008 Active Directory Schema" ;
"47" = "Windows 2008 R2 Active Directory Schema" ;
"51" = "Windows Server 8 BETA Active Directory Schema" ;
"56" = "Windows 2012 Active Directory Schema" ;
"69" = "Windows 2012 R2 Active Directory Schema " ;
"4397" = "Exchange 2000 RTM Schema" ;
"4406" = "Exchange 2000 SP3 Schema" ;
"6870" = "Exchange 2003 RTM Schema" ;
"6936" = "Exchange 2003 SP3 Schema" ;
"10637" = "Exchange 2007 RTM Schema" ;
"11116" = "Exchange 2007 RTM Schema" ;
"14622" = "Exchange 2007 SP2 & Exchange 2010 RTM Schema" ;
"14625" = "Exchange 2007 SP3" ;
"14726" = "Exchange 2010 SP1 Schema" ;
"14732" = "Exchange 2010 SP2 Schema" ;
"14734" = "Exchange 2010 SP3 Schema" ;
"15137" = "Exchange 2013 RTM Schema" ;
"15254" = "Exchange 2013 CU1 Schema" ;
"15281" = "Exchange 2013 CU2 Schema" ;
"15283" = "Exchange 2013 CU3 Schema" ;
"15292" = "Exchange 2013 SP1 Schema" ;
"15300" = "Exchange 2013 CU5 Schema"

}
################################
# Get AD Schema Version Number # 20111029-14
################################
Import-Module ActiveDirectory
Write-Output “Checking Schema version on the PDC Emulator ($ADDomainPDCEmulator) `r ”
$ADSchemaConfigurationDistinguishedName = (Get-ADRootDSE).schemaNamingContext
$ADSchemaVersion = (Get-ADObject $ADSchemaConfigurationDistinguishedName -Property objectVersion).objectVersion
$ADSchemaVersionName = $SchemaVersionTable.Get_Item(“$ADSchemaVersion”)
Write-Output “The current AD Schema Version is $ADSchemaVersion which is $ADSchemaVersionName `r ”
######################################
# Get Exchange Schema Version Number #
######################################
Write-Output “Checking Exchange Schema version `r ”
$ExchangeSchemaConfigurationDistinguishedName = ‘cn=ms-exch-schema-version-pt,’ + $ADSchemaConfigurationDistinguishedName
$ExchangeSchemaVersion = (Get-ADObject $ExchangeSchemaConfigurationDistinguishedName -Property rangeUpper).rangeUpper
$ExchangeSchemaVersionName = $SchemaVersionTable.Get_Item(“$ExchangeSchemaVersion”)
Write-Output “The current Exchange Schema Version is $ExchangeSchemaVersion which is $ExchangeSchemaVersionName `r “

PowerShell: Identifying Cloned Computers by CMID or SID

Here’s the PowerShell command for identifying the computer SID by finding local accounts:
Get-WmiObject -class Win32_UserAccount

This command shows the Information for the first account in the list which should be local:
(Get-WmiObject -class Win32_UserAccount)[0]

Here’s a PowerShell command to run on each of the servers. If the result is the same, they have the same Client Machine ID (CMID):
Get-WmiObject -class SoftwareLicensingService | Select-object ClientMachineID

Here’s a PowerShell command to run on each of the servers. If the result is the same, they have the same Client Machine ID (CMID):
Import-module activedirectory
$AllServers = Get-ADComputer –filter {OperatingSystem –like “*Server*”} –property *
ForEach ($AllServersItem in $AllServers )
{
$ServerName = $AllServersItem.Hostname
$ServerCMID = Get-WmiObject –computer $ServerName  -class SoftwareLicensingService | Select-object ClientMachineID
Write-Output “$ServerName has the CMID: $ServerCMID “
}

57 Tips Every Admin Should Know

GFI’s 57 Tips Every Admin Should Know:

The longer a person serves as a network admin, the more tips and tricks they are likely to pick up along the way. Some could be shortcuts, others might seem like magic, but all are intended to save you time and help you solve problems. Assume that all of these Windows commands should be run from an administrative command prompt if you are using Vista, Windows 7, or Windows 2008.

This list covers the following topics:

  • Active Directory
  • Windows Networking
  • Windows 7
  • Windows 2008
  • Linux

Related Posts: