Kaseya Agent Procedure -> Alert if Privileged Account are changed in Active Directory

Out of the skunkworks here at Squidworks comes a new Kaseya Agent Procedure. This procedure (Script) pulls all members of privileged accounts groups like Domain Admins, Enterprise Admins and Schema Admins and stores it to the GETFILE location on your K-Server. Also viewable using LiveConnect -> Agent Data -> GetFile Tab.  You can add and remove groups from the VBScript to match your needs. The nice thing about this script is it finds out what your Forest is and queries the domains inside. You do not need to edit script for every domain in your customer base. This 1 script will query any domain it is pointed at, with out knowing what the domain name is! (Sweet) This makes it a great tool to deploy across all customers as it requires no edits to run on any domain.

The script should be scheduled to run every day, each time it is run it copies a new file up to the GETFILE area and does a compare of the 2 files. If they are not exactly the same it will send an alert that a change has happened.

You then need to watch for this alert to happen and alarm on it. To do this you will goto your Monitor tab in Kaseya. In the main menu under Agent Monitoring select Alerts. In the main window under alerts you will find a drop down selection box called “Select Alert Function“. In this drop down list locate and select “Get Files” then select the AD server you are running the script on and set it to Alarm and email you upon change.

That’s It. It will check your accounts and if a change takes place it then alerts you that a change has happened to which you can investigate. This works great if you need to keep people out of these privileged accounts groups. 

AD Admin Audit Kaseya Script Zip

Enjoy

Cubert

Event 10009 (Error) DCOM was unable to communicate with the computer computer name using any of the configured protocols.

If DNS resolves a users system and that system is no longer at that IP then you may see a Event ID 10009 in the systems event logs. Check DNS for duplicate entries first…  If you have the same computer name in DNS twice with 1 IP being correct and IP not, remove the wrong IP address.

This was a recurring error regarding a particular laptop on our network. This computer had not actually been on the network in months, but the error was showing up every thirty minutes in ten-error bursts.

What I eventually realized was that a laptop was not on the network but a Iphone had taken the IP address that was last associated with the laptop. However, nothing in DHCP showed anything out of order.

Finally I took a look in DNS, and sure enough there was an entry for that laptop associated with the IP address of the Iphone.

Seemingly, DCOM saw something at that IP address and was trying to communicate with it as if it were the laptop. Once I had deleted the laptop from the DNS the error was no longer appearing.

If you are seeing DCOM related to a computer that is NOT currently on the network, this might offer a fix.

I hope this helps someone out there

Cubert

Weird Network Issues, Can’t surf the web or web applications are failing but ping and DNS works?

There are many symptoms that may arise when you are installing a new firewall on a network that is using a DSL circuit and the MTU is not set correctly. That’s right the MTU, Max transmission Unit as it is know is a happy 1500 bytes on any Ethernet,  that medium makes up most endpoint networks on the Internet. Most admins never think about what the MTU is set at the gateway device, when they forget to realize that the circuit to the Internet is a DSL circuit they may see things on the network that can’t seem to explain.

MTU is the maximum packet size (in bytes) that can be transported reliably across any particular network; IP Ethernet in this case. The maximum size of an IP Ethernet packet is 1500, but overhead like IP, TCP, and PPPoE must also be taken into account. The wrong MTU will actually prevent you from accessing some web sites or FTP sites. It may even cause you to not authenticate properly on mail servers or secure web sites. There are too many variables to be able to estimate what your optimum MTU should be but my rule of thumb is -32bytes which makes the MTU 1468.

If your running a VPN to a remote domain and you are having domain failures that don’t seem to make since? Some people have no issues and others fail with different errors when the should work?

Only some websites working correctly?

DNS and ping work but other services  may fail like mail or ftp?

What maybe taking place is a conflict in the MTU available on a DSL circuit. The Ethernet is placing packets on the wire at up to 1500 bytes each but the DSL has only 14XX bytes available to it so a fragment has to take place that ends up breaking the request being made.

It is simple to overcome such a issue by setting the MTU of your firewalls DSL facing Ethernet device. This will then cause the firewall to regulate the MTU and control the MTU going out to the DSL circuit.

You can also change the MTU in a Windows workstation so it will not send out a packet bigger than what the DSL circuit can handle.

To do this edit the registry with REGEDIT and change the following key.

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\
Interfaces\[Adapter ID]]

Value Name: MTU
Data Type: REG_DWORD (DWORD Value)
Value Data: Default = 0xffffffff (1500)

This will fix the Windows system but I prefer to do it at the firewall so one edit changes all systems. Do what you need to do.

Hope this helps someone out there

 

Cubert

How-to Setup Windows 2008 R2 Server Core As An Active Directory Server

Setup Active Directory on a Windows Server 2008 core

 

This is pretty simple actually; Install Windows as normal but selecting a Server Core as your installation medium. It will install just like a normal Windows 2008 install until the reboot process when it loads Windows for the first time. At the point it will ask for you to set your admin password and then boot to a Window’ish

Setup Active Directory on a Windows Server 2008 core

 

This is pretty simple actually; Install Windows as normal but selecting a Server Core as your installation medium. It will install just like a normal Windows 2008 install until the reboot process when it loads Windows for the first time. At the point it will ask for you to set your admin password and then boot to a Window’ish desktop where only a Command shell is available.

At first log in there are several things we need to do to prepare the system.

 

We need to assign the server a hostname

netdom renamecomputer %computername% /newname:YourServerName

Then we add our network information

netsh interface ipv4 set address name="Local Area Connection" source=static address=192.168.1.10 mask=255.255.255.0 gateway=192.168.1.1

Then we add our DNS servers

This should be the DNS address of your Active Directory DNS Server so replace 4.2.2.2 with that IP address.
netsh interface ipv4 set dns name="Local Area Connection" source=static address=4.2.2.2 primary

Confirm your new IP setup information

ipconfig /all

Now lets restart the system

shutdown -r -t 0

After we log back in from our reboot we join the existing domain

netdom join %computername% /domain:YourDomainName.

You notice I have a “.” at the end of the line! the denotes the end of the domain name and should be used.

Lets restart the server and bring it up as a member of the domain

shutdown -r -t 0

We should go ahead and activate Windows 2008 R2 now.

 cscript C:\windows\system32\slmgr.vbs -ato

Now we need to add the DNS-Server-Core-Role

ocsetup DNS-Server-Core-Role
 

To check if it was really installed we can run.

oclist |more

Now we dcpromo the server in the unattended mode

dcpromo /unattend /replicaOrNewDomain:replica /replicaDomainDNSNAME:YourDomainName  /ConfirmGC:Yes /UserName:YourDomainName\Administrator /Password:* /safeModeAdminPassword:YourPasswordHere

The (/Password:*) tells the Server to ask you it during the request to add after you run the command. The (/safeModeAdminPassword) sets what you want the local admin password to be if you need to log in “off” the domain.

The AD DS role will be installed and afterwords the server will reboot as a domain controller.

 

Now to make your job easier lets turn on Remote Desktop so you can RDP to the Windows 2008 Server Core and operate the command shell from remote.

cscript c:\windows\system32\scregedit.wsf /AR 0

I hope this helps someone out there get a Windows 2008 Server Core up and running as a Active Directory Server quickly.

Cubert

😎

LDIFDE and CSVDE in Windows 2003

CSVDE Imports user accounts into Active Directory

  

CSVDE is the type of program that you learn for a specific task and then forget about.  Therefore, what you need are a few tried and tested examples to get started.  The classic job for CSVDE is to import user accounts into a Windows domain.  We often use CSVDE to create users on a test network, our main use for CSVDE is to research

CSVDE Imports user accounts into Active Directory

  

CSVDE is the type of program that you learn for a specific task and then forget about.  Therefore, what you need are a few tried and tested examples to get started.  The classic job for CSVDE is to import user accounts into a Windows domain.  We often use CSVDE to create users on a test network, our main use for CSVDE is to research LDAP names.  What we do is a quick export of Active Directory into a .csv file.  Then open that .csv export file with Excel and study the LDAP fields in the first row of the spreadsheet. 

Comma – Delimit data with a comma, not tab. 
Separated – Split a string of data.
Value -Values, rather than properties.
Data – Deal with data, and don’t worry about the objects.
Exchange – Move data from the spreadsheet into Active Directory (or vica versa). 

Think of CSVDE as the engine that drives data into or out of Active Directory. This CSVDE engine has two directions, export and import. The data consists of Active Directory accounts in CSV format. Excel, or a similar spreadsheet, is marvelous at dropping the comma-separated data into columns. 

 To actually export from Active Directory, all you need is CSVDE -f filename.csv. As export is the default mode, there is no -e switch, so just issue CSVDE, the -f switch and a suitable name. 

Whenever you transfer data in the other direction, from the file into Active Directory, you must actively switch CSVDE into import mode. This is why you need the extra the -i parameter. 

For example CSVDE -i -f filename.csv. 

 

LDIFDE

 

So you want to use LDIFDE to import users into Active Directory, I suggest that you start with LDIFDE export.  My reasoning is this, LDIFDE is a difficult command to master, however, the export switch is far easier to learn than the import.  In addition there is less scope for damaging Active Directory when you are exporting. 

The key switch is (-i) without this tiny -i switch (Lower case I), LDIFDE will just export information or raise an error message.  To master importing user accounts, you must understand the LDAP attributes.  Also you need ‘Active Directory Users and Computer’ available for inspecting the users’ properties.  Once you have written all the data in your ” .ldf”  file then just import the data with a command like this: 

ldifde -i -f accounts.ldf -s MyServer 

   

In this example, you use LDIFDE to add a new user named Bill Gates to the Developers organizational unit. 

  1. Start Notepad, and create a new file called Newuser.ldf. (Save the file as with an .ldf extension.)
    (Note you will need to substitute the information for your domain!) 
  2. Edit the LDIF file Newuser.ldf, and add the following text :
    dn: CN=BillGates, OU=Developers, DC=squidworks, DC=net
    changetype: add
    cn: Bill Gates 
    objectClass: user
    samAccountName: Bill
    givenName: Bill
    sn: Gates 
  3. Save the LDIF file. 
  4. Run LDIFDE to import the new user into Active Directory.  Open a ‘dos box’, start run, CMD, then type the following command, and then press Enter.
    ldifde –i -f newuser.ldf -s MyServer  
  5. To confirm that the new user has been created, check your Active Directory users and computers snap-in. 

  

When you need to delete objects, firsly you need their dn: attributes.  Secondly, on the next line, write a statement for changetype: delete. 

Example: If you saved these entries into a file called leavers.ldf 

dn: CN=BillGates,CN=Users,DC=cp
changetype: delete
 

You may needed to add a null value when you have to clear the login script field and have it controlled by a GPO. The following worked for us.

dn: CN=Example User,OU=Example OU,DC=example,DC=network,DC=com

changetype: modify delete: scriptPath-The absence of scriptpath: on the subsequent line after replace: causes an empty/null field to be inserted.