GUID Endian Converter

What is a GUID

First lets check what Microsoft says about the GUID:

“GUIDs are the Microsoft implementation of the distributed computing environment (DCE) universally unique identifier (UUID)”

Well what is a UUID then? Lets check RFC4122:

This specification defines a Uniform Resource Name namespace for
UUIDs (Universally Unique IDentifier), also known as GUIDs (Globally
Unique IDentifier). A UUID is 128 bits long, and can guarantee
uniqueness across space and time. UUIDs were originally used in the
Apollo Network Computing System and later in the Open Software
Foundation’s (OSF) Distributed Computing Environment (DCE), and then
in Microsoft Windows platforms.

So now we know that the GUID is a value which should be unique (there is not such thing as a guaranteed unique since there is no central authority). So lets check how the GUID is built and why this entry is needed.

Structure of a GUID

Lets look at a sample GUID ED7BA470-8E54-465E-825C-99712043E01C. Here there is a small difference between the UUID and the GUID specification, but it does not change anything. Both start using one 32bit Unsigned Integer followed by two 16bit Unsigned Integers. Then the UUID is specified as two 8bit Unsigned Integers followed by 6 bytes. Where as the GUID is specified as 8 bytes. But it does nothing to change the problem or the solution so lets leave it as 8 bytes.

The problem

RFC4122 specifies that the GUID must be precented as big endian but Intel processors are little endian. This is where the problem comes from. There are some applications that read the GUID in little endian format and store it as a string which does not do the little to big endian conversion by magic. In these cases you need to use a cmdlet as mine to convert between the endian formats. [Read more…]

Get the SID of all domains in a forest

I got a request from a system owner what was the SID of the domain since their license was bound to the domain SID. The Domain SID is not really that is going to change and its really unlikely that anyone will collide with yours, so not really a bad choice.

Anyways if you have the Active Directory Powershell module its really easy to do this. Without the AD Powershell module its not really that hard either, but Im lazy when the three latest published versions of Windows has the modules available I feel that I can skip doing it the long way.

Lets continue with the show:

And there we go, easy as 1-2-3

Managing tombstone lifetime with AD cmdlets

So the first question might be why should I even care about this. I have heard things like “I am running Windows version xxx, so I have a tombstone life of 180 days.”. This might not be the case, the tombstone lifetime is set at the time of the promotion of the first domain controller in the forest. So okey if you have have an old forest running on a new Windows version you cant be sure that the tombstone life what you want. To make things a bit more silly, Microsoft decided during Windows 2003 to increase the value from the default of 60 days to 180 days. Jane Lewis wrote a Technet blog about this in 2006, but this is still an area where you can find forests which still run with a 60 day tombstone lifetime. Microsoft has a nice article about this, but I like powershell instead of dsquery.

How to read the current Tombstone lifetime

If no value..Note the value in the Value column. If the value is <not set>, the value is 60 days. [Read more…]

Powershell and newlines

So I was doing some scripting and and after a while the code got a bit bigger than just one line. So I decided it is time to bring out the big guns enter PowerShell Integrated Scripting Environment (ISE). So I copied the oneliner that was working perfectly into the ISE and noticed that it wasn’t working anymore. So what black magic was changing what I just had copied and pasting into the ISE.

So after a bit of research I found out the following logic.

powershell_splits_from_shell

When running by just inserting the text into a Powershell window everything is great. When I tried both just executing a ps1 file or from the ISE I got the following results:

powershell_splits_from_file

powershell_ise_splits

[Read more…]

Trust my site

A colleague of mine Ola Johansson write a blog entry about getting free SSL certificates from StartSSL. So I thought this is a good time to make sure my site was TLS enabled. Lets stop calling it SSL. Since all SSL versions are called insecure, due from different vulnerabilities.

So I have implemented TLS both on my main host and my CDN. So now you can browse my site and trust that you have received a secure copy. Also that Google said that it consider https availability as a ranking signal might have helped too.

virot.eu via HTTPS showing certificate information

virot.eu via HTTPS showing certificate information

 

Cleaning downloaded filenames of invalid characters

A friend is doing a project where he is downloading files from the internet using powershell. Well files in a Unix system can have lots of characters you cant use in a Window systems. So what kind of characters could that be? Backslashes \, slashes / and many more, in all a lot of characters. So lets try to do a list of all invalid characters, well I think we will miss some. Lets get Windows to tell us.

[System.IO.Path]::GetInvalidFileNameChars()

Powershell .NET function call to list invalid filename characters

Powershell .NET function call to list invalid filename characters

[Read more…]

Migrate vlan on all adapters on a Hyper-V

Unneeded banter

So I was a bit lazy when I setup my home network the from the begining, I used the default vlan (1). So now this has haunted me for so long that I thought: It’s time to fix it.. So first this is still my private network. So I decided to use vlan 5 instead. So how do I make the transition easy for me and my networking equipment? Lets just loop vlan 1 and vlan 5. So a short ethernet cable later all machines on both vlan 1 and 5 can talk to each other.

Moving my virtual machines

So first of do I even have any virtual machines in my Hyper-V that is running on the default vlan? With the help of a simple Powershell query we shall soon find out.

Lets break it down. First we get all virtual machines on the current host. Then we get all adapters on those virtual machines. And last a where AccessVlanID is 1. Simple as 1-2-3. [Read more…]

Getting all possible classes / attributes for a AD Object

So in the World of the AD everything is build by classes. Classes are stored in the Schema part of the AD.

So what does this mean?

The fast basics

  • Each AD object has a objectClass which matches to a class in the schema.
  • Each class has a parent (subClassof)
  • One class has itself as its parent (top)
  • Each class has available attributes which might or must be set on an AD object.
  • An AD object can use all attributes of its class and all above it.

There are 4 attributes defined for each class which says which attributes it carries:

  • MayContain
  • MustContain
  • systemMayContain
  • systemMustContain

Lets get all classes that is assigned to a AD Object

[Read more…]

Possible source fields for Azure Active Directory Sync Services transformations

So Microsoft has released the latest version of the directory sync tools between your on-premise directory and the Microsoft Azure AD. So there is a load of information about it written on MSDN, but the information I was looking for I couldn’t find. With the new AAD Sync you can apply transformations, if a field is in the wrong place in your Active Directory you can let the sync tool take the data from another attribute in the AD. This is done by storing the data in the AAD Sync meteverse. The In rules populate the metaverse and the out rules polulate services. Edit Outbould syncronization rule And there is a big list of attributes to select from. Give the illusion that you can select just about any attribute. But no. There are some attributes missing. So I have completed a list of all attributes that are available under the source selection box. Source Attributes Default attributes in the DirSync Metaverse. [Read more…]

Upgrading DFS 2000 to DFS 2008 mode

So you have just been asked to enable ABE on the DFS. But you cant enable it because your namespace is in 2000 mode. So how do we upgrade it? The boring answer is that you don’t, Microsoft doesn’t have an upgrade. But it is quite simple anyway.

Backup your current DFS-Namespace

First lets make sure that we have a copy of your current namespace. This is so we don’t have to rebuild it by hand. This a simple XML file that is the entire configuration both root servers and all links. Just replace the \\<domain.fqdn>\<Namespace> with your DFS namespace information, the file doesn’t really matter. When it is complete just look into the file and see what you got.

Remove the old namespace

This part is quite simple usually, just start with one DFS namespace server and remove them one after another. If you get stuck because the server is no longer alive, don’t worry. Just remove it by force. Once all you delete the last namespace server, the namespace is no more.

Setting up the new environment

Well this is a good time to think about doing it right. For instance were you using FQDN for your namespace servers? I say enable fqdn and lets go.

Now just create a new namespace with the same name as before. Since we are talking about a Namespace which is a bunch of NTFS junctions points I see no point moving the DFS share from the default of %Systemroot%\DFSRoots\NamespaceName. Just remember that everyone should have only Read Only access.

Then add the other namespace servers one after another.

Restore the namespace

So where are my hundreds of links, I cant remember them all. Well importing is as easy as the export we did earlier.. You didn’t skip that step right?

Now for the boring part. You should really test it to make sure it works. Remember that domain based DFS is carried in the AD with all replication delays that could incur..

 

This entry has been on my waiting list for a long time, but since it was a good match for my solution for a question on social I completed it.