AD PowerShell konta którym hasło wygasło

The Default Execution Policy is set to restricted, you can see it by typing: Get-ExecutionPolicy You should type the following to make it go to unrestricted mode: Set-ExecutionPolicy unrestricted

Wydaje mi się, że wersję systemu możemy pominąć jeśli pytanie jest o PowerShella.

@dniemczok: zainteresują się zestawem komend od Quest Software - linku TUTAJ

http://www.quest.com/powershell/activeroles-server.aspx

Zainstaluj sobie to na komputerze z którego chcesz sprawdzić hasła.

Następnie w konsoli Powershell wklej polecenie:

Add-PSSnapin Quest.ActiveRoles.ADManagement

Poleceniem:

Get-QADUser | select Name, PasswordExpires | sort PasswordExpires -desc | ft -AutoSize

Wyświetlisz wszystkich użytkowników w raz z datą wygaśnięcia ich haseł.

Dzięki sortowaniu będziesz miał jasny wgląd na kolejność wygasających haseł.

W dalszej kolejności możesz dodać porównanie do aktualnej daty i wyświetlić tylko te pozycje, które są mniejsze (czyli w czasie przeszłym)

Jeśli byłbyś zainteresowany, mogę podzielić się skryptem który wykorzystuję do sprawdzania dni do terminu wygaśnięcia haseł użytkowników.

To jest skrypt, który wyświetla userów, którym hasło wygaśnie w ciągu $Next dni. Można go przerobić, żeby wyświetlał wygasłych

#requires -version 2.0

#this script assumes all users have the same policy and does
#not take fine grained password policies into account.

#The -Next parameter indicates how many days to check. In other words
#user accounts with expiring passwords in the next X days.

Param([int]$Next=6)

Import-Module ActiveDirectory

#get current domain password policy
$policy=Get-ADDefaultDomainPasswordPolicy
#save the password age in days
$days=$Policy.MaxPasswordAge.TotalDays

$Start=(Get-Date).AddDays(-$days)
$End=(Get-Date).AddDays(-($days-$next))

#get all users with passwords that have not expired and was set between
#the start and end dates

#you can select as many other properties as you'd like
Get-ADUser -filter {
 Enabled -eq $True -AND PasswordLastSet -ge $Start.Date -AND PasswordLastSet -le $End.Date -AND PasswordNeverExpires -eq $FALSE
 } -properties *

MAC - producent

http://www.digipedia.pl/mac/

SNMP LINUX

Nagios
/etc/snmp/snmpd.conf
rocommunity public


/etc/snmp/snmpd.conf

agentAddress  udp:10.x.x.x:161
rocommunity public  10.x.x.x
                                               
# rocommunity public  default    -V systemonly

sysLocation   Lokalizacja
sysContact     Me w nawiasach większe mniejsze adres email



Xenserver 6.x

How to enable SNMP on Citrix XenServer 6

Today I needed to enable SNMP on my XenServer lab at home, I was looking for an efficient way to monitor my XenServer. I found a Linux distribution very handy for a Cacti box, EZCacti, you can download it here : http://cactiez.cactiusers.org/download/

So to enable SNMP on XenServer 6, you need to follow the following guide. Please keep in memory you shouldn’t do that on your XenServer in a production environment, Citrix won’t be able to bring support if you modify the dom0.

First step, you need to allow SMTP to be able to collect and allow Cacti to get information from SNMP on the port 161/UDP :

Edit the file /etc/sysconfig/iptables with vi and add the following line :

/etc/sysconfig/iptables

-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 161 -j ACCEPT

and then restart the iptables service using the following command line : service iptables restart

Now you need to configure your SNMP settings (community etc…) by editing the following file with vi : /etc/snmp/snmpd.conf

/etc/snmp/snmpd.conf

###############################################################################
# Access Control
###############################################################################
 
# As shipped, the snmpd demon will only respond to queries on the
# system mib group until this file is replaced or modified for
# security purposes.
 
####
# First, map the community name "public" into a "security name"
 
#       sec.name       source        community
com2sec archynet 192.168.0.0/24 public
 
####
# Second, map the security name into a group name:
 
#       groupName      securityModel securityName
group notConfigGroup v1 archynet
group   notConfigGroup v2c           notConfigUser
 
####
# Third, create a view for us to let the group have rights to:
 
#    name          incl/excl  subtree         mask(optional)
view    systemview    included   system
view    systemview    included   interfaces
view    systemview    included   at
view    systemview    included   ip
view    systemview    included   icmp
view    systemview    included   tcp
view    systemview    included   udp
view    systemview    included   snmp
 
####
# XenServer control domain does not support IPv6.
#
view    systemview    excluded   ipv6InterfaceTableLastChange
view    systemview    excluded   icmpStatsInErrors.ipv6
view    systemview    excluded   icmpStatsInMsgs.ipv6
view    systemview    excluded   icmpStatsOutErrors.ipv6
view    systemview    excluded   icmpStatsOutMsgs.ipv6
view    systemview    excluded   icmpMsgStatsInPkts.ipv6
view    systemview    excluded   icmpMsgStatsOutPkts.ipv6
 
####
# Finally, grant the group read-only access to the systemview view.
 
#       group          context sec.model sec.level prefix read       write  notif
access  notConfigGroup ""      any       noauth    exact  systemview none   none
 
###############################################################################
# System contact information
#
 
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root  (edit /etc/snmp/snmpd.conf)

Make the change on your smtpd.conf file on the two line (in red) you can find in the example above, of course you’ll need to change the IP range to match your network subnet.

Now you need to start the SNMP service using the following command line : service snmpd start

Finally, to enable the automatic start of the SNMP service at your XenServer startup, type : chkconfig snmpd on

Now I can begin to work on Cacti and try to monitor the host and the VMs (Next blog to come)

mount vmfs iscsi console

1. Log in as root to the ESX host which cannot mount the datastore using an SSH client. For more information, see Unable to connect to an ESX host using Secure Shell (SSH) (1003807).
   Note: All of the commands listed are available in ESXi via the vSphere CLI.
2. Run the command:
   
   # esxcfg-volume -lThe results appear similar to:
   
   VMFS3 UUID/label: 4b057ec3-6bd10428-b37c-005056ab552a/ TestDS
   Can mount: Yes
   Can resignature: Yes
   Extent name: naa.6000eb391530aa26000000000000130c:1 range: 0 - 1791 (MB)Record the UUID portion of the output. In the above example the UUID is 4b057ec3-6bd10428-b37c-005056ab552a.Note: The Can mount value must be Yes to proceed with this workaround.
   Note: The esxcfg-volume command has been depreciated in ESXi 5.0 in favor of the esxcli command. For more/related information, see vSphere handling of LUNs detected as snapshot (1011387).
    
3. Run the command:
   np:
   # esxcfg-volume -m 4b057ec3-6bd10428-b37c-005056ab552a
 

4. Rescan All

uninstall firefox psexec

psexec -s \\computer_name "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /S

Wireshark example

Show only SMTP (port 25) and ICMP traffic:

*

tcp.port eq 25 or icmp

Show only traffic in the LAN (192.168.x.x), between workstations and servers -- no Internet:

*

ip.src==192.168.0.0/16 and ip.dst==192.168.0.0/16

TCP buffer full -- Source is instructing Destination to stop sending data

*

tcp.window_size == 0 && tcp.flags.reset != 1

Filter on Windows -- Filter out noise, while watching Windows Client - DC exchanges

*

smb || nbns || dcerpc || nbss || dns

Sasser worm: --What sasser really did--

*

ls_ads.opnum==0x09

Match packets containing the (arbitrary) 3-byte sequence 0x81, 0x60, 0x03 at the beginning of the UDP payload, skipping the 8-byte UDP header. Note that the values for the byte sequence implicitly are in hexadecimal only. (Useful for matching homegrown packet protocols.)

*

udp[8:3]==81:60:03

The "slice" feature is also useful to filter on the vendor identifier part (OUI) of the MAC address, see the Ethernet page for details. Thus you may restrict the display to only packets from a specific device manufacturer. E.g. for DELL machines only:

*

eth.addr[0:3]==00:06:5B

It is also possible to search for characters appearing anywhere in a field or protocol by using the matches operator.

Match packets that contains the 3-byte sequence 0x81, 0x60, 0x03 anywhere in the UDP header or payload:

*

udp contains 81:60:03

Match packets where SIP To-header contains the string "a1762" anywhere in the header:

*

sip.To contains "a1762"

The matches operator makes it possible to search for text in string fields and byte sequences using a regular expression, using Perl regular expression syntax. Note: Wireshark needs to be built with libpcre in order to be able to use the matches operator.

Match HTTP requests where the last characters in the uri are the characters "gl=se":

*

http.request.uri matches "gl=se$"

Note: The $ character is a PCRE punctuation character that matches the end of a string, in this case the end of http.request.uri field.

Filter by a protocol ( e.g. SIP ) and filter out unwanted IPs:

ip.src != xxx.xxx.xxx.xxx && ip.dst != xxx.xxx.xxx.xxx && sip

[ Feel free to contribute more ]

Gotchas

Some filter fields match against multiple protocol fields. For example, "ip.addr" matches against both the IP source and destination addresses in the IP header. The same is true for "tcp.port", "udp.port", "eth.addr", and others. It's important to note that

*

ip.addr == 10.43.54.65

is equivalent to

ip.src == 10.43.54.65 or ip.dst == 10.43.54.65

This can be counterintuitive in some cases. Suppose we want to filter out any traffic to or from 10.43.54.65. We might try the following:

*

ip.addr != 10.43.54.65

which is equivalent to

ip.src != 10.43.54.65 or ip.dst != 10.43.54.65

This translates to "pass all traffic except for traffic with a source IPv4 address of 10.43.54.65 and a destination IPv4 address of 10.43.54.65", which isn't what we wanted.

Instead we need to negate the expression, like so:

*

! ( ip.addr == 10.43.54.65 )

which is equivalent to

! (ip.src == 10.43.54.65 or ip.dst == 10.43.54.65)

This translates to "pass any traffic except with a source IPv4 address of 10.43.54.65 or a destination IPv4 address of 10.43.54.65", which is what we wanted.

Expand VMFS

When trying to grow or expand a VMFS volume, you see these symptoms:

* One or more storage devices have been increased in capacity from the storage array.
* When you click Increase, there are no available devices to select.
* When you click Increase, a device is listed but does not have Expandable = Yes.
* When you select the volume and click Next, you see the error: