Nothing lasts forever

For the last 3 years I have been employed by Knowledge Factory Consulting AB based here in Stockholm, Sweden. But nothing lasts forever, last year KF was purchased by Advania AB. Working in a small companies means that you know everyone, but working at a large company gives you an entirely different possibilities. This is change, one of my first consultant companies had an internal motto “the only constant is change”. You cannot expect things not to change.

Two months ago I turned in my letter of resignation to my boss. At the end of business today I will no longer be affiliated with Knowledge Factory or Advania. I will really miss the all the people that made up the company, what is was and what it is. There is no way I can say this without missing everyone. From some of the best technical guys in the business to the management and sales team and Lotta for making sure we got payed. I know I will run into some of you again, I’m not sure where yet though. My best guesses are Microsoft Ignite, at customers or perhaps over an after work beer.

I will continue to deliver what I do best. For inquiries please contact Toriv AB, just call me or mail [email protected]

During the coming weekend I will try to re-brand everything that I have related to the company on my blog, linkedin, twitter etc.

Remember who you are in a powershell window

So sometimes you run the same command so many times that you want it run at every time you start a powershell windows.

There are several profiles that can be loaded depending on how powershell is started. And there are also global policies for all users of a computer.

Variable
$PROFILE.AllUsersAllHosts
$PROFILE.AllUsersCurrentHost
$PROFILE.CurrentUserAllHosts
$PROFILE.CurrentUserCurrentHost

AllHosts are run for all types of Powershell, both regular console and ISE sessions. CurrentHost runs just for that specific so you can have different settings for ISE and console sessions.

The basic structure for the profiles are:

  • Locations:
    • Current user:  “$([environment]::getfolderpath(“mydocuments”))\WindowsPowerShell”
    • All users: “$($env:systemroot)\System32\WindowsPowerShell\v1.0\”
  • Filenames:
    • All types: profile.ps1
    • Console: PowerShell_profile.ps1
    • ISE:  PowerShellISE_profile.ps1

Since I am usually have more than one powershell at a time running with alternative credentials I had a hard time remember which windows was which. Of course I could have just run “whoami”, but that is also more work than needed. So I decided that placing the Username in the title was the way to go. This is also a good place to place other functions that you have written and you call all the time.

powershell with domain-username  [Read more…]

Using certreq to create selfsigned certificates

So sometimes you need to create self-signed certificates in windows. Sometimes I have done it using Openssl software, Windows 2012 and later does include Powershell support using New-SelfSignedCertificate. But all versions of Windows does include all the binaries required to do it natively. It is a two part thing, first create the INF file and then run certreq using that file.

It will create and sign the certificate. Im not really sure why it is also asking where to store the CSR (Certificate Signing Request) so I just close that dialog.

A super simple self-signed certificate

It does not get any simpler than this. It will not limit the intended purposes of the certificate and not really good key size. Sure we can make it better by adding some intended purposes and cryptology

A better self-signed certificate

But now and then we need that the certificate need answer for multiple names a so called SAN certificate.

A SAN certificate

Sources

Technet – Certreq

Filter by installdate

I was once asked if you could apply a GPO to computers before a certain date. My first answer was the simple solution, create a group add all computers that exist at that time into the group and then filter on that group.

If possible always do it the simple way, but they asked what would happen if a computer was reinstalled. Since the computer account will be reused it will still be in the group, this was a problem. So at this time we have to decide where to complicate things.

Do we want to complicate the tasksequence and let it remove the computer from the group or do we want to use a WMI filter on the GPO.

WMI filter has limitation they require a working WMI on the client, they also require that the client is running Windows XP or Windows 2003 Server (who has that running anyway right?). Using WMI we can create a simple WMI filter that will allow us to only target computers that are installed or reinstalled after a certain date.

wmifilter - only olders installs

It is a simple as that.

An SQL deadlock while editing a AAD Connect Syncronization rule

I ran into this issue when I was editing a AAD Connect syncronization rule. If you edit a AAD syncronization rule and set the same precedence as an already existing syncronization rule you will get a SQL deadlock warning.

A deadlock occurred in SQL Server while trying to acquire an application lock.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

When I did it I did a copy of the original rule and then disable the original and set the new duplicate to the same precedence as the original, that was a bad idea. So check with another precedence. And let this be a lesson.

Remove old domain from Exchange objects

Most companies have domains in their exchange that they aren’t actively using but keep for legacy reasons. One of my customers wanted to clear out an old domain from all objects since they started to get spam on those addresses. So there are to simple solutions:

  1. Remove the domain from AcceptedDomains
  2. Remove the domain from EmailAddressPolicy / All objects

They choose to go down road 2. They have very few EmailAddressPolicies we opted that they clean out the policies them self and I wrote a script to clean out the objects.

[Read more…]

Replace characters in Exchange [Nordic]

I have in a few smaller companies that the turn of the Automatically update e-mail addresses based on e-mail address policy. Most reasons are really bad reasons. I have heard that we want all email addresses in lowercase or that they think Microsoft shouldn’t translate the Swedish character Ö to OE. So there is a perfectly good solution to do this using the email address policy too.

Enter replacements

you can in the beginning of the row write what characters you want to be replaced. That you want all uppercase A should be lowercase. That you want a Ö to become a regular O. So how do we do this. Using the magic of %r<In><Out>. I have my default one I use, but I needed to update that one since I got a customer request that I thought was good for the future too. My default is now as follows: [Read more…]

Using Windows builtin “PortProxy” to forward ports

I found a question on the Microsoft Technet Forums, how can I forward connections to for instance Telnet (tcp/23) to a virtual machine.
So Brian Komar already did a correct answer but since I am not really sure that the original poster did really understand the subtle difference between a proxy and a forwarding of IP ports.

But I think it is important to also explain that you can use the PortProxy function built into Windows. It allows you to terminate the TCP session and open a new session to the endpoint. This allows an enduser to telnet to your machine and end up somewhere else.

Adding a portproxy to google

Required commands

[Read more…]

Avoid setting up a domain trust for a single users needs

I found a question on the Microsoft Technet Forums, how can I allow a users to use a ERP software in another domain without using his credentials.

So this solution does not really give a solution that allows the local user account any rights, but stores the remote domain username/password for the user so the user doesn’t get bugged for those all the time.

Using CMDKEY to add username-password for alternative domain

 

Find Netbios targets in a serverbased DFS

So a while ago I posted how to find NetBIOS in domain based DFS’s. So I wrote how to find NetBIOS targets on standalone DFS machines.

DFS-Standalone-Target-NetBIOS

Script

[Read more…]