Monday, June 20, 2011

How to Create GPO Mapped Drives in Windows 2008 R2

Do you need to create a GPO Mapped Drive for Windows 2008 R2?


NOTE: If you are still using Windows XP (SP3 is the Only Supported version from Microsoft) Desktops. You must install this patch via WSUS (Windows Update) in order for GPO Drive Mapping on a Windows 2008 R2 Domain to work: KB943729


http://support.microsoft.com/kb/943729


Quick a dirty:

1. Create your AD
2. Create your GPO Groups in AD and make them simple and human readable please people...
3. Now the fun stuff...






5. Tweak to your needs!

Have fun...
~MigrationKing


Share:

Saturday, June 18, 2011

Active Directory Bulk User Import - Using DSAdd User

Need to get a lab live? If you are tired of waisting money and hours on Google searching for Active Directory User Import Tools and commands, just use this Excel File to run a bulk of users in a batch file from PowerShell or Command Prompt.

Here is the dsadd user command that will be created by the excel file by just adding your users and department OU sections:

dsadd user "cn=Migration King,ou=Users,ou=IT,ou=Departments,dc=us,dc=migrationking,dc=com" -fn Migration -ln Migration -samid MKing -upn MKing@migrationking.com -display "Migration King" -pwd P@ssw0rd -mustchpwd yes -disabled no

(For people that submit tweaks and fixes, please email support @ migrationking.com and we will add your edits and your name showing who submitted the correction/edits).
1. Option A: Sign into Google Docs and Copy the template. http://goo.gl/Lpsl7
1a. Option B. Download a local copy if you are still absolutely addicted to Microsoft Excel.
1b. Option C. Fill out the data, check it and then just export the Text File to Create the Batch file for AD.

2. Add Your Users and OU Information for your Department and Users (KISS as a rule for AD Departments)

3. Modify =CONCATENATE if you are overly complex and super corporate, if not drop in your data under "AddActiveDirectoryBulkUsers" sheet.

4. Check the "BulkUsersSourceFile" to see that data is populated correctly.

5. Review the "ExportTextFile" script lines for accuracy (saves a headache later). Then export.

6. Option A: Create a .bat file from Notepad File you exported and then run this from Command Prompt.

7. Option B: Spartan Style! Copy and Paste right into PowerShell Window

8. Verify accounts on your Domain Controller (onsite or via RackspaceCloud Servers if your in the cloud)

Booyaaahhhh!!! Your done. Wasn't that fast and easy? And you didn't have to crack out your credit card or beg your manager to buy you some complicated program for Active Directory Imports.

Now, start setting up Google Apps Directory Sync for Google Apps for Work Implementation.

* There are multiple options to use for Production environments at scale. Group policy has a lot of flexibility also. Here are some good programs for AD Import and Export:

Level I (I can rock this out during lunch!)
Levels II (I can get through this in a day or two...or three)
Levels III (OMG It's Complicated! WHAT were they thinking when they released this??!)

Level I. ActiveDirectory Import - http://www.activedirectoryexport.com/ScreenShots.aspx
Level II. ManageEngine - AD Bulk Users (Their URL is too long, here's a link)
Level III. ScriptLogic - http://www.scriptlogic.com/products/activeadmin/

PluralSight Training: http://goo.gl/roo8Y

* Everything here is best advice and at your own risk so if you break something, please don't blame us. Have fun! ~MigrationKing
Share:

Wednesday, May 4, 2011

How to Install VMware Tools in Ubuntu 12.04LTS

This is a quick down and dirty on installing VMware tools in Ubuntu 12.04LTS on VMware ESX 5.1 Installation was conducted on a Virtual Machine to create a Ubuntu 12.04LTS Server template.

1. Download Ubuntu 12.04 LTS - http://www.ubuntu.com/download/server/download - 64-bit
2. Knowledge of mounting .ISO inside of Datastore on VMware vCenter 4.0+ is assumed.
3. Install Ubuntu 12.04LTS Server to your specifications for your template. I am using LVM + 512MB
4. sudo apt-get update && sudo apt-get upgrade
5. sudo mkdir /media/vmware
6. sudo mount /dev/cdrom /media/vmware
7. cp /media/vmware/VMware*tar.gz /tmp | cd /tmp
8. tar xzvf VMware*.gz
9. cd vmware-tools-distrib
10. sudo ./vmware-install.pl
11. Accept all defaults
12. sudo reboot and Enjoy....
Share:

Sunday, April 3, 2011

How to Setup iSCSI on Windows 2008 R2 Server

Configuration: VMware vSphere 4.0, ESX Hosts, EMC AX4-5 Celerra's, 2 HP Proliant DL380G7 Servers for Veeam 5.0.2 Backup and Replication (1 Server for Main Office and 1 for Collocation Datacenter Site), 2 Cisco Switch (Storage Switch) Main/Collocation Site configuration, Qlogic iSCSI HBA Server Card connectivity to SAN's.

Goal: Connect iSCSI HBA Cards to SAN through iSCSI Initiator on Windows 2008 R2 SP1 Servers.

1. Go to the QLogic website (HBA Drivers Website) if it is an OEM choose EMC, NetApp, etc. This tutorial is for a QLogic EMC HBA. (This is tested to work for Dell PowerEdge/HP Proliant Servers)

Driver Download Link

1a. You will also need to download the EMC PowerPath Server Utility for Windows Server x64 (2008 R2). And make sure that you download and install the Navisphere Server Utility (Windows/VMware) - [Just register your server in Navisphere if you have already configured your AX4-5]

2. Install the drivers and you should now see QLogic iSCSI Adapter under Storage Processors in Device Manager.

3. You can use SANSurfer for QLogic to configure the cards (Recommended) or you can change the configurations on the QLogic iSCSI Adapter itself. I had to many problems from the Driver configuration Window, so just download and use SANSurfer. The password is 'config'.

4. Check your settings on the SAN for iSCSI since your configurations of SANSurfer, you must make sure you can ping your SAN IP first before doing anything.


4a. Make sure you can ping your SAN from the Device Manager QLogic iSCSI Adapter. Make sure that the IP is on the same IP Subnet as the SAN. If it is 10.10.1.XX, then your iSCSI card has to be on 10.10.1.XX to communicate. Make sure that the server switch is setup right also! If you can't ping, FIX THIS FIRST!!!



5. Ok. Now you can ping the SAN's IP Port of 10.10.1.11 (or whatever) with your Server iSCSI IP of 10.10.1.50. Great. Now, let's configure Windows Server 2008 R2 SP1 iSCSI Initiator.

5a: Open iSCSI Intiator. 
5b: Click on the Discovery Tab. 
5c. Click on Discover Portal
5d. Enter the IP Address of the SAN (#4 Above) 
5e. Select the Local Adapter (your iSCSI HBA Card) and the iSCSI IP (Troubleshooting Tip: If no IP is showing or it is showing all 0000:0000:000 just pick it anyway. Make sure it is the right HBA by selecting the same from the same Adapter row. So...if it is the 2nd iSCSI Adapter HBA, pick the 2nd Initiator IP option...OK?) 
5f.  If you are using CHAP/Initiator Authentication use your iSCSI Intiator (Make the Initiator the default or be warned of plenty of SAN Configuration Headaches)


 6. Click on Volumes and Devices and click on Auto configure. It will come up with gobbledegoop. This is when you have to go to Disk Management and Configure the SAN Drives as NTFS (Troubleshooting Tip: NTFS 101: If the SAN LUN was/is used for anything else, it will not let you format the drive or Initialize  the disk, so NO you will not be sharing this LUN, it will need to be dedicated to format and use. So do not waist time trying to get it to work.)

6a. (Troubleshooting Tip: I highly recommend naming the HDD properties by the SAN LUN Name for Troubleshooting and problem resolution later.)










Share:

Thursday, February 24, 2011

How to set up Remote Desktop Services on Windows 2008 R2

Ok...Microsoft threw Terminal Server under the bus and named it Remote Desktop Services and completely changed how your register the licenses! Here is the How-To so that it doesn't get on other people's nerves as much as it did me when trying to activate the licensing with Microsoft's Technical Support. Which was absolutely no help at all. Yes, after 4 transfers, I just went ahead and figured it out myself:

1. Open Server Manager. Install the Remote Desktop Services Role
2. Listen...Just follow the pictures below! It is 22 Steps!
3. Next are all of the steps...I am going to save you some Money $$$ on a support call! =)

























Share:

Configure rsyslog on Red Hat Enterprise Linux 6 (RHEL6) for Cisco Switches

One of the problems that you can face during configuration of cisco switches for Red Hat Enterprise Linux 6 is the correct formatting. I had to go through this and make sure it is working for Sonicwall and Cisco Switches so here you go! Also, if I were you, I would add a disclaimer to let someone else know about or not to change the configurations.

1. create your file under /var/log/
2. [username@servername log] touch cisco-example
3. Next you have to Edit rsyslog
4. [username@servername log] vi /etc/rsyslog.conf


#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  /var/log/maillog

# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log

# Cisco Switch Logging
:fromhost-ip, isequal, "192.xxx.xxx.xxx""    /var/log/cisco-example1
& ~
# Cisco Switch Logging
:fromhost-ip, isequal, "192.xxx.xxx.xxx""    /var/log/cisco-example2
& ~
# Cisco Switch Logging
:fromhost-ip, isequal, "192.xxx.xxx.xxx"    /var/log/cisco-example3
& ~
# Cisco Switch Logging
:fromhost-ip, isequal, "192.xxx.xxx.xxx"   /var/log/cisco-example4
& ~
# Sonicwall Firewall Logging
:fromhost-ip, isequal, "192.xxx.xxx.xxx"      /var/log/sonicwall
& ~

5. Make sure your UDP Port is open in /etc/sysconfig/iptables
6. Add the following lines to your /etc/sysconfig/iptables
7. [username@servername log] vi /etc/sysconfig/iptables
# Port for Syslog Communciations on UDP Port 514
-A INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT

8. service iptables restart
9. service rsyslog restart
10. tail -f /var/log/cisco-example or whatever you are logging to make sure it is writing to your logs.
11. Install Splunk on a VM or another server and start generating some super reports from the logs for your management so that they will love you!

NOTE: If you can't tell what "&" is, it is the ampersan symbol above #7 on the keyboard. =)

Red Hat Reference Article: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/ch-Viewing_and_Managing_Log_Files.html
Share:

Wednesday, February 23, 2011

Configure Debian Rsyslog for Cisco Switches and Routers


Quite often Network Administrators are obligated to keep logs from their cisco devices, either for troubleshooting or due to be compliant with IT Security Policy. In this article I will describe fast and easy way to setup saving logs from your Cisco devices to rsyslog server on Debian Linux.

The first step is to edit rsyslog configuration file. Open /etc/rsyslogd.conf and add following line
# # Logging for Cisco router 192.168.1.1 # local7.* /var/log/cisco
local7 is the default name under which cisco devices logs their messages. /var/log/cisco specifies the file to which messages will be written. You also have to uncomment / add below lines which will enable rsyslogd to listen on UDP port 514.
# provides UDP syslog reception $ModLoad imudp $UDPServerRun 514
The last change you have to make to rsyslog.conf is to allow your cisco device to write to it, that is done using below entry in rsyslog.conf
$AllowedSender UDP, 127.0.0.1, 192.168.1.1
Then we create the log file by utilizing the touch command
linq:/etc# cd /var/log linq:/var/log# touch cisco
After we made all changes we just have to restart rsyslogd service to implement them.
linq:/var/log# /etc/init.d/rsyslog restart Stopping enhanced syslogd: rsyslogd. Starting enhanced syslogd: rsyslogd.
To start writing messages from our router to syslog server we need to configure logging. First we configure our syslog server ip by using logging host command. We can filter the number of messages being logged by using logging trap command. All available options are summarized in the table below.
Login to the router: z-acte#conf t Enter configuration commands, one per line. End with CNTL/Z. z-acte(config)#logging host 192.168.1.19 sequence-num-session z-acte(config)#logging trap 7
logging trap 7 will set logging to debug level
Sometimes we may additionally need to log all nat translations, which can be enabled by using the ip nat log translations command.
z-acte(config)#ip nat log translations syslog
Table with logging levels
LevelKeywordDescription
0emergenciesSystem is unusable.
1alertsImmediate action is needed.
2criticalCritical conditions exist.
3errorsError conditions exist.
4warningsWarning conditions exist.
5notificationNormal, but significant, conditions exist.
6informationalInformational messages.
7debuggingDebugging messages.
To check that everything works correctly issue below commands
z-acte#debug ip packet
In your log on Linux you should see entry similar to the below one:
Feb 24 03:40:45 192.168.1.1 187368786: [syslog@9 s_sn="186126345"]: 188251944: *Feb 24 03:34:30.023 PCTime: IP: tableid=0, s=192.168.1.1 (local), d=192.168.1.19 (Vlan1), routed via FIB
To disable packet debugging use below commad
z-acte#no debug ip packet
To check that NAT translations are being logged correctly issue ping command from any host on your network to a remote host, which should generate entry similar to below
Feb 24 03:43:16 192.168.1.1 187368860: [syslog@9 s_sn="186126419"]: 188252014: *Feb 24 03:36:59.631 PCTime: %IPNAT-6-CREATED: icmp 192.168.1.2:4 62.89.67.179:4 212.77.100.101:4 212.77.100.101:4
The last step is to save our router configuration.
z-acte#copy running-config startup-config Destination filename [startup-config]? Building configuration... [OK]
Share: