OldCmp Is Your Friend

April 20th, 2010 by Charles Gardner

I recently found a little gem that needs listing in the Is Your Friend series.  I really appreciate single discrete tools that do a job and do it well.  OldCmp from joeware.net is a great example.  OldCmp is a command line tool to cleanup old accounts from Active Directory.  Within that function the tool has quite a strong set of features to slice and dice through the discovery and disposal of old accounts.

Here is a basic run of the tool to find and list computer accounts that haven’t been accessed in a year:

oldcmp.exe -report -age 365 -llts -sh

When working with a client I am very cautious to delete, so I would disable those accounts and move them to an Archive OU in AD:

oldcmp.exe -disable -age 365 -llts -newparent “ou=Archive,dc=xxxxxxxx,dc=local” -excldn “Archive” -safety 10

If everything looks OK with that, add the -forreal flag to actually do the work and adjust the -safety flag to a reasonable value:

oldcmp.exe -disable -age 365 -llts -newparent “OU=Archive,DC=xxxxxxxx,DC=local” -excldn “Archive” -safety 20 -forreal

If after a couple months no one has squawked about problems, it is probably safe to delete those accounts.

Once the initial disable and move to Archive is done, you can run this to find accounts that may need attention:

oldcmp.exe -report -age 180 -llts -excldn “Archive”

DN cn sAMAccountName dNSHostName pwdLastSet pwage whenCreated accountExpires operatingSystem operatingSystemServicePack operatingSystemVersion userAccountControl
cn=nick,cn=computers,dc=americanacquisition,dc=com nick nick$ nick.americanacquisition.com 2003/06/30-14:31:51 2485 20030630183151.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=pam,cn=computers,dc=americanacquisition,dc=com pam pam$ pam.americanacquisition.com 2003/08/13-17:19:10 2441 20030514220336.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=ray,cn=computers,dc=americanacquisition,dc=com ray ray$ ray.americanacquisition.com 2003/09/08-22:00:12 2415 20030507222643.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=robin,cn=computers,dc=americanacquisition,dc=com robin robin$ robin.americanacquisition.com 2004/01/16-07:53:21 2286 20030530194013.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=vic,cn=computers,dc=americanacquisition,dc=com vic vic$ vic.americanacquisition.com 2004/01/28-10:06:01 2274 20030515201341.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=mitch,cn=computers,dc=americanacquisition,dc=com mitch mitch$ mitch.americanacquisition.com 2004/03/28-12:40:27 2213 20030514211536.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=p3-l295p-02,cn=computers,dc=americanacquisition,dc=com p3-l295p-02 p3-l295p-02$ p3-l295p-02.americanacquisition.com 2004/05/17-07:38:39 2164 20031229192353.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=barbara,cn=computers,dc=americanacquisition,dc=com barbara barbara$ barbara.americanacquisition.com 2004/06/17-07:31:12 2133 20030512143032.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=arlena,cn=computers,dc=americanacquisition,dc=com arlena arlena$ arlena.americanacquisition.com 2004/08/17-13:30:04 2071 20030514201433.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=paul2,cn=computers,dc=americanacquisition,dc=com paul2 paul2$ paul2.americanacquisition.com 2004/09/01-21:38:45 2056 20040218152927.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4096) MBR
cn=p3-l295p-04,cn=computers,dc=americanacquisition,dc=com p3-l295p-04 p3-l295p-04$ p3-l295p-04.americanacquisition.com 2004/09/08-15:17:57 2049 20031229204602.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=cynthia,cn=computers,dc=americanacquisition,dc=com cynthia cynthia$ cynthia.americanacquisition.com 2004/11/12-08:54:52 1985 20040908162639.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=p3-l295p-03,cn=computers,dc=americanacquisition,dc=com p3-l295p-03 p3-l295p-03$ p3-l295p-03.americanacquisition.com 2004/11/18-15:14:28 1978 20031229200132.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4098) MBR DISABLED
cn=p3-l295p-01,cn=computers,dc=americanacquisition,dc=com p3-l295p-01 p3-l295p-01$ p3-l295p-01.americanacquisition.com 2005/01/03-07:53:19 1933 20031229183520.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=p3-l285s-10,cn=computers,dc=americanacquisition,dc=com p3-l285s-10 p3-l285s-10$ p3-l285s-10.americanacquisition.com 2004/12/13-18:14:47 1953 20041213221447.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4098) MBR DISABLED
cn=matt,cn=computers,dc=americanacquisition,dc=com matt matt$ matt.americanacquisition.com 2005/02/07-11:02:28 1897 20030513153031.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=chris,cn=computers,dc=americanacquisition,dc=com chris chris$ chris.americanacquisition.com 2005/02/11-02:47:43 1894 20030512150221.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=joe,cn=computers,dc=americanacquisition,dc=com joe joe$ joe.americanacquisition.com 2005/03/28-09:19:00 1849 20030507213319.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=wade2,cn=computers,dc=americanacquisition,dc=com wade2 wade2$ wade2.americanacquisition.com 2005/03/30-18:38:42 1846 20030630194946.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4098) MBR DISABLED
cn=wade-laptop,cn=computers,dc=americanacquisition,dc=com wade-laptop wade-laptop$ wade-laptop.americanacquisition.com 2005/01/03-10:33:13 1932 20031027210134.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4098) MBR DISABLED
cn=pamela,cn=computers,dc=americanacquisition,dc=com pamela pamela$ pamela.americanacquisition.com 2005/04/21-11:04:01 1824 20030513181210.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=p3-l285s-01,cn=computers,dc=americanacquisition,dc=com p3-l285s-01 p3-l285s-01$ p3-l285s-01.americanacquisition.com 2006/01/11-07:12:09 1560 20050601021813.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4096) MBR
cn=katherine,cn=computers,dc=americanacquisition,dc=com katherine katherine$ katherine.americanacquisition.com 2005/06/20-09:53:38 1765 20040606184650.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4128) MBR PWD_NOT_REQD
cn=p3-l285s-11,cn=computers,dc=americanacquisition,dc=com p3-l285s-11 p3-l285s-11$ p3-l285s-11.americanacquisition.com 2006/01/13-13:17:33 1557 20050303214518.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4096) MBR
cn=gateway450sx4,cn=computers,dc=americanacquisition,dc=com gateway450sx4 gateway450sx4$ gateway450sx4.americanacquisition.com 2005/08/26-08:53:12 1698 20050222201037.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4096) MBR
cn=delld800-05,cn=computers,dc=americanacquisition,dc=com delld800-05 delld800-05$ delld800-05.americanacquisition.com 2007/02/01-18:40:27 1173 20050706210107.0Z 0000/00/00-00:00:00 Windows XP Professional Service Pack 2 5.1 (2600) (4096) MBR
cn=p3-lp2600e-01,cn=computers,dc=americanacquisition,dc=com p3-lp2600e-01 p3-lp2600e-01$ p3-lp2600e-01.americanacquisition.com 2007/12/17-09:06:40 0855 20050510165057.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4098) MBR DISABLED
cn=don,cn=computers,dc=americanacquisition,dc=com don don$ don.americanacquisition.com 2007/05/03-21:25:06 1082 20030513135530.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4096) MBR
cn=thur2,cn=computers,dc=americanacquisition,dc=com thur2 thur2$ thur2.americanacquisition.com 2007/11/06-10:41:08 0895 20040715181300.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4096) MBR
cn=wade,cn=computers,dc=americanacquisition,dc=com wade wade$ wade.americanacquisition.com 2006/01/13-12:44:05 1557 20040614232314.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4096) MBR
cn=steve,cn=computers,dc=americanacquisition,dc=com steve steve$ steve.americanacquisition.com 2005/12/07-12:58:05 1594 20030513184927.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=delld800-03,cn=computers,dc=americanacquisition,dc=com delld800-03 delld800-03$ delld800-03.americanacquisition.com 2007/01/14-19:54:38 1191 20050425194011.0Z 0000/00/00-00:00:00 Windows XP Professional Service Pack 2 5.1 (2600) (4096) MBR
cn=delld800-01,cn=computers,dc=americanacquisition,dc=com delld800-01 delld800-01$ delld800-01.americanacquisition.com 2005/11/03-05:30:45 1629 20030527161644.0Z 0000/00/00-00:00:00 Windows XP Professional Service Pack 2 5.1 (2600) (4096) MBR
cn=p3-l285s-06,cn=computers,dc=americanacquisition,dc=com p3-l285s-06 p3-l285s-06$ p3-l285s-06.americanacquisition.com 2007/05/03-12:40:27 1082 20041028211101.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4096) MBR
cn=p3-l285s-xp,cn=computers,dc=americanacquisition,dc=com p3-l285s-xp p3-l285s-xp$ p3-l285s-xp.americanacquisition.com 2007/05/17-19:06:03 1068 20070517230603.0Z 0000/00/00-00:00:00 Windows XP Professional Service Pack 2 5.1 (2600) (4096) MBR
cn=mail,cn=computers,dc=americanacquisition,dc=com mail mail$ mail.americanacquisition.com 2007/12/30-00:12:13 0842 20071230041213.0Z 0000/00/00-00:00:00 Samba . 3.0.9-2.5-SUSE (69632) MBR NO_PWD_EXPIRE

Is Your Friend, Windows

Hyper-V Server and a UPS

February 17th, 2010 by Charles Gardner

Microsoft’s Hyper-V Server 2008 R2 can be a great hypervisor choice for a small business with just one or two servers.  In this environment though the common power protection scheme is going to be a single, direct-connected UPS with a USB signaling cable.  In this scenario we need to be able to safely shutdown the hypervisor and guests before power gives out.

I claim no original thoughts here, but I did want to preserve a link to a good answer I found and have implemented.  The original thread is here on the Technet Forums.

First create ups-shutdown.vbs and load it with:

set wmi = GetObject(“winmgmts:{impersonationLevel=impersonate,(Shutdown)}!\\.\root\cimv2″)
set batteryColl = wmi.ExecQuery(“select * from Win32_Battery”)
set osColl = wmi.ExecQuery(“select * from Win32_OperatingSystem”)

while true
for each battery in batteryColl
battery.Refresh_
if battery.batteryStatus = 1 and battery.EstimatedChargeRemaining <= 40 then
for each os in osColl
os.Win32Shutdown 1
next
end if
next
wscript.Sleep 15000
wend

Schedule this to run at startup using the Task Scheduler.  (Connect from another machine and set this up.)

Next create ups-monitor.ps1 and insert:

# Initialize Variables
# Shutdown threshold at 50% of remaining UPS capacity
$threshhold = 40
$interval = 60
$OnBattery = 0
$Event = 0

$hostname = hostname

# Create SMTP client
$Server = “mail.xxxxxxxxxxxx.com”
$Port = 25
$Client = New-Object System.Net.Mail.SmtpClient $Server, $Port

$Client.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials

$To      = “admin@xxxxxxxxxxxx.com”
$From    = “hyperv@yyyyyyyyyyyy.com”

# Loop on Battery Query
while (1)
{
$bat = get-wmiobject -class CIM_Battery -namespace “root\CIMV2″
$batstatus = $bat.batterystatus
$batcapacity = $bat.estimatedchargeremaining
$timetoshutdown = $bat.estimatedruntime/2

if ($batstatus -eq 1)
{
$Event = 1
$OnBattery = 1
# “On Battery”

$Subject = “Utility Power Failure: {0} is running On UPS Battery” -f $hostname
$Body   = “UPS at {0} % remaining capacity, approximately {1} minutes before {2} shutdown.” -f $batcapacity, $timetoshutdown, $hostname

if ($batcapacity -lt ($threshhold +5) )
{
$Body = “Shutdown imminent at {0} %, with ” -f $threshhold + $Body
}

}

elseif (($batstatus -eq 2) -and ($OnBattery -eq 1))
{
$Event = 1
$OnBattery = 0
# “Power Restored”

$Subject = “Utility Power Restored to {0}.” -f $hostname
$Body   = “Battery at {0} % capacity. UPS charging… ” -f $batcapacity
}

if ($Event -eq 1) # Create mail message
{
$Event = 0
$Message = New-Object System.Net.Mail.MailMessage $From, $To, $Subject, $Body
$Message.Priority = [System.Net.Mail.MailPriority]::High
try {
$Client.Send($Message)
# “Message sent successfully”
}
catch {
“Exception caught in UPS_Monitor.ps1″
}
}

sleep $interval
}

Change the mail server, to and from address, and you’re in business.

Create ups-monitor.cmd with the following:

powershell -command c:\path\to\your\script\ups-monitor.ps1

Again using Task Scheduler, schedule ups-monitor.cmd to run at startup, and you’re set.

Make sure you have your VMs set to save at shutdown and autostart, and then go pull the plug on that UPS just to make sure things work to your liking.

Also from the above referenced thread, you can check the battery condition using powershell with this:

PS$ get-wmiobject -class CIM_Battery -namespace “root\CIMV2″

Have fun.

Hyper-V, Virtualization, Windows Server 2008

Windows Server Backup WBAdmin

February 14th, 2010 by Charles Gardner

I was just setting up a Hyper-V Server 2008 R2 box and wanted to get backup running to an external drive.  I installed the Windows Server Backup role via the Core Configurator tool, but then the backups need to be configured and run via the wbadmin command line tool.

This command line reference for wbadmin was helpful so I wanted to mark it in case I need it again in the near future.

Hyper-V, Virtualization, Windows

Links of Interest

February 3rd, 2010 by Charles Gardner

Virtualization Benefits for Small Business

Coalescing a few links I’ve been keeping up with for further reading:

A Virtual Door Opens for SMBsA Virtual Door Opens for SMBs

Other, Virtualization

More Interesting Videos – Defcon Peek and TEDx MidAtlantic

November 11th, 2009 by Charles Gardner
Projector

Photo credit pedrosimoes7

I’m bookmarking a couple more videos to watch.

First, Defcon released their teaser set of videos from this year’s con, including Adam Savage’s “Failure”.

https://www.defcon.org/

Second, I saw a link to Marcus Ranum talking at TEDx MidAtlantic.

http://tedxmidatlantic.com/live/#MarcusRanum


Education, Events, Security

DojoCon 2009 Videos Posted

November 10th, 2009 by Charles Gardner

I had the opportunity to watch the first few minutes of the stream of Marcus Ranum’s talk at DojoCon 2009 but then had to go to a client site.  I was happy to see they posted the videos to UStream so I can go back and watch the rest.

Among those who spoke:

  • Richard Bejtlich
  • Marcus Ranum
  • Chris Hoff
  • …and a whole lot more

In case you want to catch up too:

http://www.ustream.tv/channel/dojocon-2009

Education, Events, Security

Disk2vhd P2V Tool for Microsoft Virtualization

November 10th, 2009 by Charles Gardner

This post is mostly a note to myself.  I haven’t tried this yet, but the Disk2vhd tool from Sysinternals is for P2V for Microsoft virtualization such as Hyper-V.

When I get to try this out, I’ll post some notes about using it and how it stacks up against something like VMWare Converter.

Hyper-V, Virtualization

Moving!

June 12th, 2009 by Charles Gardner

Just a quick note.  I will be moving my focus to putting posts up on my company web site at www.sterlingideas.com.  Any really technical items will still end up here, but I am going to make a new effort to post regular content over on the company site, particularly items of interest to my clients.

Be sure to add http://www.sterlingideas.com/feed/rss/ to your feed reader.

Other

How Not To Expose Root in Sendmail

May 23rd, 2009 by Charles Gardner

Quick note:

When you do domain masquerading with sendmail, root is exempted from that by default.  No big deal unless the host name of your system is not actually registered in DNS.  I have a couple VMs that don’t need outside access or DNS registrations, but I’d like to receive their cron output cleanly.

This is a rather easy fix.  In most sendmail .mc files you will find the DOMAIN(generic) statement.  This refers to loading the generic.m4 file which includes a default statement to expose root without masquerading — EXPOSED_USER(`root’).  Copy the generic.m4 to mycustom.m4 and remove the EXPOSED_USER line.  Go to your .mc file and change the DOMAIN(generic) to DOMAIN(mycustom) and rebuild your sendmail.cf file.

Applications

Copy Virtual Machines on VMWare Server 2

May 12th, 2009 by Charles Gardner

This is a simple note to capture process.

  • On the VMWare server, copy the guest’s directory to a new name.
    • cp -ax /vm/srv1 /vm/srv2
  • Rename the vmdk disk image
    • cd /vm/srv2
    • vmware-vdiskmanager -n srv1.vmdk srv2.vmdk
  • Rename the other files
    • mv srv1.* srv2.*
  • Open the VM configuration and change the names there
    • vi srv2.vmx
    • :%s/srv1/srv2/
  • In the VMWare host’s web console, use the Add Virtual Machine to Inventory to add the new VM.

VMWare