Monthly Archive

Categories

Monthly Archives: December 2008

Problem

Looks like there is a problem with my main blog on Spaces.Live.com.   I am trying to find out what has happened to it.  Hopefully normal service will be resumed soon.

Early Christmas present – PowerShell CTP3

Like all good boys and girls I make sure I’m asleep nice and early on Christmas Eve so Father Christmas isn’t disturbed on his rounds.  This year his alarm clock must have gone off early as he delivered a present overnight – PowerShell V2 CTP3 has arrived!!!!

It can be downloaded from

http://www.microsoft.com/downloads/details.aspx?familyid=c913aeab-d7b4-4bb1-a958-ee6d7fe307bc&displaylang=en&tm

if you want to try the remoting features (or the background jobs) you will need to download Win-RM CTP3 from

https://connect.microsoft.com/Downloads/Downloads.aspx?SiteID=200

Note:   Win-RM CTP3 only works on Vista SP1 and Windows 2008

Enjoy

 

Technorati Tags: PowerShell,CTP3

S.DS.AD – SiteLinks

SiteLinks are used to control replication between Active Directory Sites.  We have already seen how to find the current site and how to view the domain controllers in that site.  How do we know what sites our site is replicating with – follow the sitelinks.

$site = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite()
$site.SiteLinks

For each sitelink we will see

Name                         : DEFAULTIPSITELINK
TransportType                : Rpc
Sites                        : {Site1, Default-First-Site-Name}
Cost                         : 100
ReplicationInterval          : 03:00:00
ReciprocalReplicationEnabled : False
NotificationEnabled          : False
DataCompressionEnabled       : True
InterSiteReplicationSchedule :

The replication interval is shown as HH:MM:SS. We will discover how set this using PowerShell later.

 

Technorati Tags: PowerShell,Active Directory

S.DS.AD – sites

Sites are the foundation of the physical topology of Active Directory. While there has been a lot posted about working with users and groups i.e. the data in Active Directory there hasn’t been as much posted about working with the physical structure. 

System.DirectoryServices.ActiveDirectory.ActiveDirectorySite gives us one way to access to the site information.

Finding the site our computer is in just needs us to use a static method

$site = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite()

This has a number of interesting properties

AdjacentSites
BridgeheadServers
Domains
InterSiteTopologyGenerator
IntraSiteReplicationSchedule
Location
Name
Options
PreferredRpcBridgeheadServers
PreferredSmtpBridgeheadServers
Servers
SiteLinks
Subnets

The servers property lists our domain controllers in the site. If we want to find which domain controllers in our site are also global catalog servers

$site = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite()
$site.Servers | Format-Table Name, Domain, @{Label="GC";Expression={$_.IsGlobalCatalog()}} -auto

We take the servers property and use a format-table to display the machine name, the domain (sites are defined at the forest level and can contain multiple domains) and then use a calculated field to determine if a DC is a GC.

 

Technorati Tags: PowerShell,Active Directory

S.DS.AD – netlogon service 2

Last time I said that I wanted to improve the way the data was displayed when we interrogated the netlogon service on our domain controllers. One way we could do it is to use Add-Member to add the data to an object

$a = @()
$type = [System.DirectoryServices.ActiveDirectory.DirectoryContextType]::Domain
$context = New-Object -TypeName System.DirectoryServices.ActiveDirectory.DirectoryContext -ArgumentList $type, "manticore.org"
$dcs = [System.DirectoryServices.ActiveDirectory.DomainController]::FindAll($context)
foreach ($dc in $dcs){
    $s = Get-Service -ComputerName $dc.Name -Name netlogon
    $o = New-Object -TypeName psobject
    $o | Add-Member -MemberType Noteproperty  -Name Name -Value $dc.Name -Force
    $o | Add-Member -MemberType NoteProperty  -Name Status -Value $s.Status -Force
    $a += $o
}
$a | Format-Table -AutoSize

Start by creating an empty array.  We then get our domain controllers as before and iterate through them.  We then create a new object – in this case its a PowerShell object – and use Add-Member to add the properties of the object.  The object is then added to the array.

This technique could be extended to add any number of properties including the current time on the DC that we looked at previously or the status of other services or the replication status.

Format-table is used to display the data. 

A useful technique for pulling data together from multiple objects.

 

Technorati Tags: PowerShell,Active Directory

S.DS.AD – netlogon service

The netlogon service has to be running on your domain controller for authentication to work and for the Active Directory connectivity to happen.  How can we check that this is running on all of our DCs?

$type = [System.DirectoryServices.ActiveDirectory.DirectoryContextType]::Domain
$context = New-Object -TypeName System.DirectoryServices.ActiveDirectory.DirectoryContext -ArgumentList $type, "manticore.org"
$dcs = [System.DirectoryServices.ActiveDirectory.DomainController]::FindAll($context)
foreach ($dc in $dcs){
    $s = Get-Service -ComputerName $dc.Name -Name netlogon
    Write-Host "$dc.Name   the netlogon service is $($s.Status)"
}

Get all of the domain controllers in the domain as before.  We then loop through them using get-service to test the service for the individual machines. 

The output is a bit messy so next time we’ll look at tidying that up.

 

Technorati Tags: PowerShell,Active Directory

S.DS.AD – Replication

We can us e what we have learnt about domain controllers to enables to have a way to examine the replication between domain controllers.

$type = [System.DirectoryServices.ActiveDirectory.DirectoryContextType]::Domain
$context = New-Object -TypeName System.DirectoryServices.ActiveDirectory.DirectoryContext -ArgumentList $type, "manticore.org"
$dcs = [System.DirectoryServices.ActiveDirectory.DomainController]::FindAll($context)
foreach ($dc in $dcs){
    $dc.Name
    $dc.GetAllReplicationNeighbors() | Format-List PartitionName, SourceServer, LastAttemptedSync, LastSyncMessage
}

We derive our list of domain controllers as previously.  This time though we iterate through the list of domain controllers. Foreach domain controller we get the replication partners and then we display the partitions that are being replicated, the source server, the last time synchronisation was attempted and the message. If the message reads anything but “The operation completed successfully.” then you need to investigate.

 

Technorati Tags: PowerShell,Active Directory

S.DS.AD – Domain Controllers

We saw one method of accessing domain controllers when we were looking at the domain class - http://richardsiddaway.spaces.live.com/blog/cns!43CFA46A74CF3E96!1932.entry

If we want to work directly with a domain controller we can create an object for the domain controller like this

$type = [System.DirectoryServices.ActiveDirectory.DirectoryContextType]::DirectoryServer
$context = New-Object -TypeName System.DirectoryServices.ActiveDirectory.DirectoryContext -ArgumentList $type, DC02.Manticore.org
$dc = [System.DirectoryServices.ActiveDirectory.DomainController]::GetDomainController($context)
$dc

In a similar way to working with a forest (or a domain though I didn’t list it) we set the context by defining the object type – in this case a directory server ie a domain controller and the FQDN of the domain controller. We then use the GetDomainController static method – notice we are using a lot of static methods in these examples – of the DomainController class.

Things we can do with domain controllers include

CheckReplicationConsistency
EnableGlobalCatalog
GetAllReplicationNeighbors
GetDirectoryEntry
GetDirectorySearcher
GetHashCode
GetReplicationConnectionFailures
GetReplicationCursors
GetReplicationMetadata
GetReplicationNeighbors
GetReplicationOperationInformation
IsGlobalCatalog
MoveToAnotherSite
SeizeRoleOwnership
SyncReplicaFromAllServers
SyncReplicaFromServer
TransferRoleOwnership
TriggerSyncReplicaFromNeighbors

Some of these don’t work in Windows 2008 especially the TransferRoleOwnership method.

The domain controller class has a number of interesting properties including

CurrentTime
Domain
Forest
HighestCommittedUsn
InboundConnections
IPAddress
Name
OSVersion
OutboundConnections
Partitions
Roles
SiteName
SyncFromAllServersCallback

The current time property allows us to check for time issues – remember that Kerberos doesn’t like time differences between machines that are greater than a defined limit – 5 minutes by default.  Lets see how we can check this.

$type = [System.DirectoryServices.ActiveDirectory.DirectoryContextType]::Domain
$context = New-Object -TypeName System.DirectoryServices.ActiveDirectory.DirectoryContext -ArgumentList $type, "manticore.org"
[System.DirectoryServices.ActiveDirectory.DomainController]::FindAll($context) | Format-Table Name, CurrentTime

Create the context for the domain and then use the FindAll() static method of the DomainController class. We can then pipe that into a format-table that displays the DC name and its current time

 

PowerShell in Practice – Chapter 7

Chapter 7 – scripts for working with your desktop machines (and servers) – is now available under the Manning Early Access Program - http://www.manning.com/siddaway/

Enjoy

 

Technorati Tags: PowerShell

For want of a cable

Had to buy a new printer this weekend.  Found a very good deal on a combined printer, copier, scanner – ideal for what I need for home use.

Couldn’t believe there wasn’t a USB cable in the box.  Come on guys a printer that doesn’t hook up to the computer ain’t much use.  What was worse was that no where on the box did it say that there wasn’t a cable so of course I didn’t discover this until I was home.  Guess what I didn’t have a spare of in the house?  Yep a USB cable to run the printer.

Another trip into town this afternoon to get the cable.

Those of you who know me well will be able to guess the sort of comments I was making about the manufacturers 🙂

Seriously, it should be plainly stated on the OUTSIDE what extras are needed to hook any peripheral up to a computer.

 

Technorati Tags: Printers,Rant