AD PowerShell konta którym hasło wygasło

The Default Execution Policy is set to restricted, you can see it by typing: Get-ExecutionPolicy You should type the following to make it go to unrestricted mode: Set-ExecutionPolicy unrestricted

Wydaje mi się, że wersję systemu możemy pominąć jeśli pytanie jest o PowerShella.

@dniemczok: zainteresują się zestawem komend od Quest Software - linku TUTAJ

http://www.quest.com/powershell/activeroles-server.aspx

Zainstaluj sobie to na komputerze z którego chcesz sprawdzić hasła.

Następnie w konsoli Powershell wklej polecenie:

Add-PSSnapin Quest.ActiveRoles.ADManagement

Poleceniem:

Get-QADUser | select Name, PasswordExpires | sort PasswordExpires -desc | ft -AutoSize

Wyświetlisz wszystkich użytkowników w raz z datą wygaśnięcia ich haseł.

Dzięki sortowaniu będziesz miał jasny wgląd na kolejność wygasających haseł.

W dalszej kolejności możesz dodać porównanie do aktualnej daty i wyświetlić tylko te pozycje, które są mniejsze (czyli w czasie przeszłym)

Jeśli byłbyś zainteresowany, mogę podzielić się skryptem który wykorzystuję do sprawdzania dni do terminu wygaśnięcia haseł użytkowników.

To jest skrypt, który wyświetla userów, którym hasło wygaśnie w ciągu $Next dni. Można go przerobić, żeby wyświetlał wygasłych

#requires -version 2.0

#this script assumes all users have the same policy and does
#not take fine grained password policies into account.

#The -Next parameter indicates how many days to check. In other words
#user accounts with expiring passwords in the next X days.

Param([int]$Next=6)

Import-Module ActiveDirectory

#get current domain password policy
$policy=Get-ADDefaultDomainPasswordPolicy
#save the password age in days
$days=$Policy.MaxPasswordAge.TotalDays

$Start=(Get-Date).AddDays(-$days)
$End=(Get-Date).AddDays(-($days-$next))

#get all users with passwords that have not expired and was set between
#the start and end dates

#you can select as many other properties as you'd like
Get-ADUser -filter {
 Enabled -eq $True -AND PasswordLastSet -ge $Start.Date -AND PasswordLastSet -le $End.Date -AND PasswordNeverExpires -eq $FALSE
 } -properties *

MAC - producent

http://www.digipedia.pl/mac/

SNMP LINUX

Nagios
/etc/snmp/snmpd.conf
rocommunity public


/etc/snmp/snmpd.conf

agentAddress  udp:10.x.x.x:161
rocommunity public  10.x.x.x
                                               
# rocommunity public  default    -V systemonly

sysLocation   Lokalizacja
sysContact     Me w nawiasach większe mniejsze adres email



Xenserver 6.x

How to enable SNMP on Citrix XenServer 6

Today I needed to enable SNMP on my XenServer lab at home, I was looking for an efficient way to monitor my XenServer. I found a Linux distribution very handy for a Cacti box, EZCacti, you can download it here : http://cactiez.cactiusers.org/download/

So to enable SNMP on XenServer 6, you need to follow the following guide. Please keep in memory you shouldn’t do that on your XenServer in a production environment, Citrix won’t be able to bring support if you modify the dom0.

First step, you need to allow SMTP to be able to collect and allow Cacti to get information from SNMP on the port 161/UDP :

Edit the file /etc/sysconfig/iptables with vi and add the following line :

/etc/sysconfig/iptables

-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 161 -j ACCEPT

and then restart the iptables service using the following command line : service iptables restart

Now you need to configure your SNMP settings (community etc…) by editing the following file with vi : /etc/snmp/snmpd.conf

/etc/snmp/snmpd.conf

###############################################################################
# Access Control
###############################################################################
 
# As shipped, the snmpd demon will only respond to queries on the
# system mib group until this file is replaced or modified for
# security purposes.
 
####
# First, map the community name "public" into a "security name"
 
#       sec.name       source        community
com2sec archynet 192.168.0.0/24 public
 
####
# Second, map the security name into a group name:
 
#       groupName      securityModel securityName
group notConfigGroup v1 archynet
group   notConfigGroup v2c           notConfigUser
 
####
# Third, create a view for us to let the group have rights to:
 
#    name          incl/excl  subtree         mask(optional)
view    systemview    included   system
view    systemview    included   interfaces
view    systemview    included   at
view    systemview    included   ip
view    systemview    included   icmp
view    systemview    included   tcp
view    systemview    included   udp
view    systemview    included   snmp
 
####
# XenServer control domain does not support IPv6.
#
view    systemview    excluded   ipv6InterfaceTableLastChange
view    systemview    excluded   icmpStatsInErrors.ipv6
view    systemview    excluded   icmpStatsInMsgs.ipv6
view    systemview    excluded   icmpStatsOutErrors.ipv6
view    systemview    excluded   icmpStatsOutMsgs.ipv6
view    systemview    excluded   icmpMsgStatsInPkts.ipv6
view    systemview    excluded   icmpMsgStatsOutPkts.ipv6
 
####
# Finally, grant the group read-only access to the systemview view.
 
#       group          context sec.model sec.level prefix read       write  notif
access  notConfigGroup ""      any       noauth    exact  systemview none   none
 
###############################################################################
# System contact information
#
 
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root  (edit /etc/snmp/snmpd.conf)

Make the change on your smtpd.conf file on the two line (in red) you can find in the example above, of course you’ll need to change the IP range to match your network subnet.

Now you need to start the SNMP service using the following command line : service snmpd start

Finally, to enable the automatic start of the SNMP service at your XenServer startup, type : chkconfig snmpd on

Now I can begin to work on Cacti and try to monitor the host and the VMs (Next blog to come)