Networking on Zachary Loeber's Blog

PowerShell: Azure ARM Site Overview

Tue, 31 Jan 2017 03:23:32 +0000

Visualizing an Azure deployment can be a bit tricky. This short Azure summary script is a good way to start though.

Powershell: System Report Script Design

Thu, 09 Oct 2014 21:29:24 +0000

In this post I go back and explain some of my reasoning behind decisions I made in the design of an already released script, Get-AssetReport. This was written over a year ago and forgotten about as one of the many unpublished drafts on my blog. The code behind the script I discuss has been upgraded and used in several of my more popular scripts (AD Asset Report, F5 LTM Report, and Lync 2013 Status Report). Some of this content is slightly dated as I’ve since changed some of the coding but the core concepts are the same. Those digging through my crazy work or learning powershell may get some value from this content so I tidied it up a bit and here it is. Cheers!

Lync 2013: The Many QoS Settings

Sun, 01 Jun 2014 15:13:00 +0000

There are more than a few QoS settings in Lync 2013. Here is a script which should gather most of them in a human readable format for your convenience.

AD Audit Report with Powershell: Part 3

Sat, 11 Jan 2014 04:16:29 +0000

This is my third and final major update to my AD auditing script. This includes a handful of new useful sections such as domain published printers, NPS servers, DHCP servers, as well as SCCM sites and DPs. Other improvements include easier to use script parameters and bug fixes.

Big-IP F5 LTM Load Balancer Documentation Script with Powershell

Fri, 03 Jan 2014 18:11:18 +0000

Here is a script I whipped up to perform a report on your Big-IP LTM load balancers using powershell. The report currently includes the virtual servers, pools, and various bits of status information on both. Big-IP iControl modules are needed (for obvious reasons).

Gather Remote Command Results With Powershell

Thu, 19 Sep 2013 16:22:41 +0000

Send a remote command using wmi, alternate credentials, and multiple runspaces then retrieve the results serially using mapped secure channels to the remote host. The remote command execution function supports custom timeout parameters in case of wmi problems and returns the remote tmp file information containing the command results. You can view verbose information on each runspace thread in realtime with the -Verbose option.

Gather Remote Installed Programs With Powershell

Wed, 28 Aug 2013 13:25:22 +0000

Gather program install information for one or more systems using wmi, alternate credentials, and multiple runspaces. Function supports custom timeout parameters in case of wmi problems and returns from the registry program name, manufacturer, and uninstall information. You can view verbose information on each runspace thread in realtime with the -Verbose option.

Multithreaded Remote Registry Gathering with Powershell

Wed, 07 Aug 2013 03:11:49 +0000

Gather specific subkey values or an entire registry key’s subkey values with powershell and multithreading.

Multithreaded System Asset Gathering with Powershell

Mon, 05 Aug 2013 17:35:31 +0000

This function gathers a plethora of useful system information via WMI and multithreading with powershell.

Enhanced Remote Server Connectivity Testing With Powershell

Tue, 25 Jun 2013 14:22:18 +0000

Test the following connectivity methods to a server: RDP, ping, rpc, wsman, sccm agent, scom agent, and remote registry. Optionally an alternate credential can be used. Versatility is added with options to return only true/false when singular tests are performed.

Use Powershell to Gather Disk/Partition/Mount Point Information

Mon, 24 Jun 2013 04:41:01 +0000

I put together a function for remotely gathering Windows disk information. This was specifically written to accommodate alternate credentials. This script also accounts for the glaring disconnect between win32_Volume and win32_DiskDrive within WMI.

Audit User Profile Folders With Powershell

Fri, 21 Jun 2013 18:46:09 +0000

This function will aggregate sub-folders within a folder on a server and attempt to associate them with user IDs within a domain and provide additional information. This script can also be used to move folders for disabled or non-existent accounts.

VMware: VMware Report Generation GUI

Sun, 17 Feb 2013 17:11:52 +0000

Its been a while since I posted something new. This GUI is meant to configure regular vmware report generation. You are able to select reporting scoped to the whole farm down to individual hosts. Reports can be emailed or saved and be generated based on custom thresholds.

Exchange: Co-existence Client Access Preparation Report

Wed, 16 Jan 2013 03:36:50 +0000

If you upgrade Exchange in a co-existence scenario (you want to keep the same client access namespace) there is one crucial moment of truth which must be overcome. This is the phase of the migration I’ve come to call the “dns flip-over” or the “client access part”. Without preparation this part of the migration can be a real headache as issues are directly experienced by your end users. This is a simple report card you can use to prepare you for this moment.

VMware: Migrating a vCenter virtual appliance to a vCenter Windows server

Mon, 17 Dec 2012 04:30:52 +0000

I finally bit the bullet and migrated my lab from a vCenter virtual appliance to a vCenter Windows server. This is what I did to maintain all my settings and not disrupt any currently running VMs.

Defining Best of Breed in IT

Tue, 11 Dec 2012 06:00:42 +0000

Introduction

Soon I’ll be starting a new position with a company which produces some of the highest quality products in their industry. The company’s products are of such high quality that they typically set the bar in their industry. This made me think of what a truly comprises an excellent solution within the Information Technology. This article is a non-technical personal view of what defines the “Best of breed” technical solutions.

Create Your Own Network Assessment Appliance: Additional Tools

Thu, 29 Nov 2012 02:24:46 +0000

Introduction

I previously did a write up on a personal virtual machine I like to keep at hand for performing network analysis and discovery. I’ve since added a few tools to the VM and documented how they were installed so I figured I’d share on how it was done. Even if you don’t setup everything in this post it may be worthwhile to glance through it for some network engineering tools which are free to setup and use but not highly publicized. Anyone who cares to read this post has likely heard of Solarwinds but I highly doubt you have heard of all the tools in this list (let alone how to set them up). Regardless, I’ll start with a tool anyone worth their salt has heard of though, Cacti…

Exchange – The State Of External Client Access

Thu, 22 Nov 2012 19:58:04 +0000

Introduction

Most within the messaging and collaboration industry are hyped up about the next wave of Microsoft collaboration and messaging products which are soon to be released. Among these products is Exchange 2013 RTM. This type of release typically precedes yet another wave of architecture upgrades across the corporate landscape. Some of these (beta testers) will be will undoubtedly upgrade to Exchange 2013.

Other corporations will start to feel the burn to upgrade as well. These will be organizations which realize that their Exchange 2003/2007 infrastructure is nearing a decade old existence and cannot meet the demands of their ever growing mobile workforce. Realizing they are behind the curve, they may feel hastened to upgrade as well, possibly just to Exchange 2010. Regardless the reason in choosing to upgrade their messaging infrastructure, there are critical design decisions which need to be made in how clients access this infrastructure both internally and externally. This article focuses solely on the external access aspect of the infrastructure.

Exchange 2010: Automated Firewall Rule Generation 1.5

Sat, 11 Aug 2012 10:17:15 +0000

Just some aesthetic changes for upload to the Microsoft scripting repository. Biggest addition is the ability to run the script without parameters (just upgrade the included environment csv to your liking and run the script). Other big addition is the help section.

GenerateExchangeFirewallRequirements_1-5

At the Microsoft Script Repository

Lync 2010: IP/DNS Workbook

Sat, 23 Jun 2012 20:24:40 +0000

I just ran across a Lync article with all kinds of nice tables which distilled the myriad of DNS/IP addresses in a Lync deployment down to an easy to read format. I happen to have created one of these tables myself for a Lync deployment which included a standard Lync pool, XMPP gateway, Lync Mobility, and a single edge server. I figured others may find some use from it as it auto-populates the dns entries and what they are supposed to point to based on what you fill out for the highlighted cells. Sure you get some of this in the Lync Server 2010 Planning Tool but this offers a slightly different view of the environment as well as a nice one page overview.

Active Directory: Best Practices Workbook

Mon, 28 May 2012 21:57:58 +0000

This is a checklist for technicians performing Active Directory assessments. It is broken down by category and best practice. Some items listed are not really a best practice, but rather something which you may find in an environment which should be rectified (as part of an audit perhaps).

Create Your Own Network Assessment Appliance

Mon, 09 Apr 2012 00:49:19 +0000

In this write-up I setup several network assessment tools which can be used in the discovery process of a new environment. This can be useful for a newly hired sysadmin or a consultant in rapidly gathering information to assess the health and/or state of a network.

Introduction

I often find myself assessing a foreign network infrastructure for performance or other issues. Depending on the size of the environment, digesting everything can be daunting without the help of some third party tools. I’ve been using a custom Linux VM on my workstation that has all kinds of tools specifically for gathering information about a network’s performance, layout, and statistics. I’ve decided to retool the VM I currently use and take better notes on what I install so others may do the same if they so desire.

Sysadmin Task: Migrate DNS

Sat, 24 Mar 2012 16:07:54 +0000

I’ve migrated DNS servers more than a few times and find that I’m doing the same tasks or using the same custom scripts over and over again. Here is my quick and dirty task list with some powershell scripts you too might find of use. As there are a hundred ways to skin this cat I don’t claim my methods to be the best but they sure are fast and far easier than manually changing a dns address on hundreds of servers, workstations, and network devices.

Virtualization: vCPU Provisioning Best Practices

Fri, 23 Mar 2012 01:31:47 +0000

I had always been of the mindset that when provisioning new VMs it is best to start out with less vCPUs and add more as they are required (unless you specifically know that you will be using and needing more for such things as sql server or exchange). I had even recently felt some vindication of this provisioning best practice in reading a book recently (Critical VMware Mistakes You Should Avoid)

Exchange 2010: Changing an invalid DNS suffixed server

Thu, 01 Mar 2012 05:30:13 +0000

I ran into an interesting Exchange 2010/2007 co-existence issue today. After a new Exchange 2010 (all-in-one) server was introduced into the environment traffic would only flow from the 2010 server to the 2007 hub/cas server and not the other way around. The mail queues stated the last error to be

“Initial error: 451 4.4.0 dns query failed. The error was: SMTPsend.dns.nonexistentdomain; nonexistent”

Exchange 2010 One-liner: Get All Network Interface Information

Fri, 19 Aug 2011 16:57:15 +0000

Here are a few quick powershell one-liners to get all the network interface information in your exchange environment:

$ExchServers=(Get-ExchangeServer); @(foreach ($Srv in $ExchServers) {Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName $Srv.Name | select @{Name="Server";Expression={$Srv.Name}},@{Name="DNS Host Name";Expression={$_.DNSHostName}},@{Name="Server Role";Expression={$Srv.ServerRole}},Description,@{Name="IP Address";Expression={$_.IPAddress}},@{Name="IP Subnet";Expression={$_.IPSubnet}},@{Name="Default Gateway";Expression={$_.DefaultIPGateway}},@{Name="Mac Address";Expression={$_.MacAddress}},@{Name="DNS Suffix Search Order";Expression={$_.DNSDomainSuffixSearchOrder}},@{Name="DNS Server Search Order";Expression={$_.DNSServerSearchOrder}},FullDNSRegistrationEnabled}) |Export-Csv -NoTypeInformation "C:\Temp\Exchange-network.csv"

If you just want interface information for Exchange 2010 servers:

$ExchServers=(Get-ExchangeServer | where {$_.ServerRole -ne "None"}); @(foreach ($Srv in $ExchServers) {Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName $Srv.Name | select @{Name="Server";Expression={$Srv.Name}},@{Name="DNS Host Name";Expression={$_.DNSHostName}},@{Name="Server Role";Expression={$Srv.ServerRole}},Description,@{Name="IP Address";Expression={$_.IPAddress}},@{Name="IP Subnet";Expression={$_.IPSubnet}},@{Name="Default Gateway";Expression={$_.DefaultIPGateway}},@{Name="Mac Address";Expression={$_.MacAddress}},@{Name="DNS Suffix Search Order";Expression={$_.DNSDomainSuffixSearchOrder}},@{Name="DNS Server Search Order";Expression={$_.DNSServerSearchOrder}},FullDNSRegistrationEnabled}) |Export-Csv -NoTypeInformation "C:\Temp\Exchange2010-network.csv"

Exchange 2010: Network Communication Table

Sat, 30 Jul 2011 17:06:36 +0000

I figured I’d post the massive table of firewall rules I compiled for my Exchange 2010 firewall generation script. It has both the source and destination roles for many aspects of an Exchange environment. Where there are ???’s is where I’m simply not certain (mainly around encryption between certain roles). If anyone spots any mistakes or omissions please let me know and I’ll update the accordingly.

Exchange 2010 Network Communication Table By Role

Exchange 2010: Automated Firewall Rule Generation 1.4

Fri, 29 Jul 2011 15:28:07 +0000

I made some updates to the automated firewall rule generation script. This includes some updates to the firewall rule spreadsheet to give information on setting setic ports and port ranges for RPC based services. This csv file may be a good general reference even without the script.

Exchange 2010: Automated Firewall Rule Generation 1.2

Wed, 20 Jul 2011 16:35:08 +0000

I made a few changes to this script to make it more modular and to allow for more exceptions in regards to DAGs and sites. Enjoy!

Exchange 2010 Firewall Rule Generation Script

Exchange 2010: Automated Firewall Rule Generation

Fri, 24 Jun 2011 16:40:50 +0000

A single, or even a dual site Exchange 2010 deployment does not usually require too much internal firewall manipulation. But if you have to setup a Exchange 2010 environment where there are many global sites or a heavily segmented network, the number of firewall requests required to get a fully functioning configuration working can be daunting. Wouldn’t it be nice to have some of those firewall rules automatically generated for you?

Windows: 2003 to 2008 R2 RADIUS Migration

Thu, 17 Mar 2011 12:58:12 +0000

I found myself doing yet another Windows 2003 IAS Radius server migration to 2008 R2 NPS. I found that I had my prior notes and was able to do this quickly but, hell, if I’m looking this up in my own notes I may as well just post this succinct little procedure.

Windows: 2003 to 2008 R2 RADIUS Migration

Thu, 17 Mar 2011 12:58:12 +0000

BIG-IP: Quick Tip

Tue, 01 Mar 2011 00:35:06 +0000

They silently (well maybe not so silent as I didn’t check if it was announced) published an internal tool that the F5 support engineers use for troubleshooting Big-ip load balancer configuration dumps. With a login account you can access this tool at the aptly named URL of http://ihealth.f5.com. This has some really cool info that you might fine useful in resolving load balancer issues in your environment.

Active Directory: Role Based Access Modeling

Tue, 22 Feb 2011 04:22:28 +0000

Much of my time is spend delving into the minutia of a particular technology to resolve issues or improve department processes. But sometimes understanding and implementing a technology is not the best “fix” for an issue. Sometimes it is a mindset or a model that needs to change. I came up with this security grouping model to address some of the pains of managing permissions across large groups of systems in our environment. Ok, I modified a long standing Microsoft recommendation of AGDLP (an abbreviation of “account, global, domain local, permission”) to meet our needs. Regardless here is a quick rundown of this security group model I devised if anyone is interested.

Virtual Connect: Cisco MDS 9500 Fiber Connectivity

Fri, 04 Feb 2011 01:14:02 +0000

I’ve done quite a bit of work with HP’s Virtual Connect and C7000 blade enclosures in a contained (almost pure HP) environment. Today I ran into an issue which flummoxed both myself and an on-site engineer while attempting to connect the VC 8gb interconnect bays to the Cisco MDS fiber module for an upcoming (and exciting!) VMAX implementation.

Big-IP: Custom IIS SOAP Monitor

Sat, 22 Jan 2011 17:32:01 +0000

In working on a production issue with my company’s flagship SaaS product I worked with some of the brilliant F5 engineers to isolate one web server in the load balanced pool which was intermittently failing. The F5 engineer recommended a health monitor that does more than just poll for a static page. He suggested we implement some kind of soap call to make the application pool do some work and return a result (I guess in case the IIS application pool is misbehaving but not down). So I worked with one of our developers to do just that but ran into some caveats which required yet another custom health monitor.

Big-IP: Sharepoint 2010 Monitor

Fri, 21 Jan 2011 15:08:24 +0000

While specing out a Sharepoint 2007 to 2010 migration I discovered that the default monitor created by the application template on our big-ip LTM load balancers does not work. In seeking a solution I ran across this gentleman’s blog with a custom external monitor but found that it didn’t really work. The solution to make it work was simple (as I explained on his blog in a comment). I went ahead and extended it to be more environment generic.

Run Updates = Rocket Science

Fri, 05 Nov 2010 02:58:44 +0000

So, I just recently tried to do some basic updates for ocs 2007 R2 by running the venerable “serverupdateinstaller.exe” found HERE. Thank goodness I setup a highly redundant load balanced farm of front end servers as the first server updated immediately had issues with the front-end services starting. Wow, updates strike again (other stories forthcoming soon, I promise).

Exchange 2010 SP1: DAG Node Maintenance

Thu, 04 Nov 2010 20:22:18 +0000

If you are performing maintenance on DAG nodes here is the process you want to go through (along with a slight caveat to fix a possible active copy move issue you may run into). In my environment I have three nodes in a cross-site dag.

All the commands below are run in an administrative exchange powershell prompt.

Microsoft Unified Access Gateway 2010 Notes

Mon, 02 Aug 2010 19:11:42 +0000

If you are new to the Microsoft Unified Access Gateway then you really should know some of these things I ran into while trying to get my array setup and running smoothly. Sure, to find my single post among the masses is probably not going to happen, but if you do find it before you start your endeavor then I promise you will be saved time and frustration. The first major frustration, the installation….

OCS 2007 R2: Quick Script

Mon, 02 Aug 2010 18:54:38 +0000

I ran across this in one of the documents I wrote up while doing a side by side migration of our office communication server 2007 pool to 2007 R2. It is a quick script to automate the process of creating and assigning permissions for the shares needed in the front end server installation. I wrote it pretty quickly so use at your own discretion of course. Save as a .cmd or .bat and run directly on the front end server.

Windows 2008 (and 2008 R2) Tips

Thu, 01 Jul 2010 16:15:46 +0000

Just a small list of 2008(R2) command line tips and tricks for the every day admin.

ESX 4.0: Post-Install Script

Wed, 23 Dec 2009 04:08:02 +0000

Sure there are better ways to mass deploy ESX servers, but this way will save the one off farm deployment person some time 🙂 I took liberties in assuming you would be able to fill in the blanks for variables so or _VARIABLE_ will need to be replaced ad-lib style. Just for you my friend, served up proper on a hyper-link plate….. esx4_postinstall

BIG-IP: Load Balancer Upgrade

Mon, 07 Dec 2009 14:46:24 +0000

I had the pleasure of doing an F5 BIG-IP load balancer upgrade recently and am happy with the way the F5 people have designed their systems for fail over. Essentially you will use different system partitions to host different versions of their product and you change which one you want to boot to after updating the inactive partition. This, theoretically, means you can always go back to a working configuration if something goes awry. I’m unhappy with how fragmented their documentation is in getting from point A to point B though. Here is a quick rundown of what I had to do…

CentOS/Redhat 5.x Post-Install Script

Sat, 21 Nov 2009 18:51:06 +0000

I whipped up a post install script to run on our new linux servers that drastically reduced the amount of manual effort involved with post-deployment configuration. I’m sure this could some how be integrated into the kick deployment. In any case, this script helps setup your sudo users, snmp services, and some other basic things. Modify to your environment and run directly after deployment on your headless linux servers. Save the script and change to .sh and run with sh ./centos-postinsatll.sh at a command prompt. Cheers!

CentOS/Redhat 5.x Kickstart Deployment

Thu, 19 Nov 2009 21:39:18 +0000

Not too long ago I was tasked with deploying a decent number of CentOS 5.3 and Redhat servers to BL490 blades and VMs in our datacenter (part of a massive environment deployment with HP C7000 enclosures, virtual connect, and a lot of patience). I hate manual configuration so I figured now is as good of time as any to get on the kickstart bandwagon. Here is how I did it:

Windows: Some Small System Administration Scripts

Fri, 30 Oct 2009 18:03:27 +0000

Here are a few scripts that I have cobbled together over the last few years. They are small and useful but nothing earth-shattering. One gets information about a remote system and who is logged in. The other can remotely reset the administrator password. Both obviously require you have the permissions to do so on the remote machines. Both accept multiple computer names divided by a semi-colon. Save and change the extension from .txt to .hta

GetAsset

ResetAdminPass

GNS3 on Ubuntu 8.04 – Migrating Your Install

Tue, 09 Sep 2008 20:39:00 +0000

Don’t have much time due to work obligations but I wanted to quickly drop this one out there for any who have followed my install guides. I was always ragging on and on about making the install somewhat portable by putting it into the /opt/ directory and now I’ll give a good example why.

Ubuntu Server 8.04 Post Install Tip #1: Auto Updating

Thu, 03 Jul 2008 16:42:43 +0000

On a headless server that you have at home or for testing I like to make sure that all security updates and trivial updates are done automatically. A good sys admin will shy away from this practice for a good reason, updates can mess things up. In a production environment or where the server setup is very complex I can understand the need to manually run updates. For me, well I’m lazy when it comes to my home machines and generally don’t have too complex of setups. Also, in my experience, I’ve hardly ever seen an apt security or trivial update cause any harm (desktop linux I have seen issues though). That being said, I like to force security and trivial updates to happen daily.

GNS3 on Ubuntu 8.04 – Choosing and Using your IOS

Thu, 12 Jun 2008 15:53:53 +0000

As promised here is the post regarding choosing and using an IOS image that will fit your study needs.

If you followed the first post in this series you are technically now ready to start loading up images and making labs of your own. You will need to get your hands on some IOS images (legally of course).But which IOS should you use?

GNS3 on Ubuntu 8.04 – Install Guide

Thu, 12 Jun 2008 13:53:54 +0000

GNS3 is a frontend for dynagen (which is a scripting language for dynamips). Getting it to work nicely in Ubuntu was a bit of a pain in the arse but I was able to get it to work in a manner I’m happy with. This setup will essentially encapsulate a large portion of the install to one directory in /opt. Some libraries and executables will be installed through apt though, but not many. I previously wrote part of a writeup for this on Ubuntu 7.10, I’d ignore that in favor of this one which is much more up to date and polished.

Headless torrentbox with ipblock

Thu, 14 Feb 2008 16:10:54 +0000

As you may or may not know there are a lot of people who seem to be interested in the torrent activities of others. Some just like to track, others are government agencies, and of course the RIAA. I personally don’t like this intrusion into my habits so I do my best to block their attempts. In this small tutorial I’m going to cover how to install torrentflux with ipblock and fail2ban in a headless mode so you can download and seed torrents a bit more securely.

Moving the PDC Emulator FSMO Role – Time Server Issues

Fri, 02 Nov 2007 17:16:26 +0000

I did not want this to be my first post but it needs to be posted out there somewhere for all to read.

There are plenty of documents out there on how to seize the FSMO roles in a windows 2003 domain controller, so I’ll not discuss how that is done. But many of them do not tell you a few extra steps needed if you are moving the PDC Emulator role and that server is (as it should be by default