LiquidObject

O365 Automated License Migration Hang

Recently I ran across a deprecated license migration scenario within O365. To simplify the environment, group-based licensing was used on all users with automated assignment (required AzureAD Basic or higher).

O365 License Migration

The above looks good, except the migration never finished. The main O365 portal page would be stuck at this screen and never complete the migration. The solution was to manually go out to the Azure AD portal (https://portal.azure.com) and manually create/delete the required license changes. Once the license assignment changes were complete, the main O365 Dashboard was available once again.

, , ,
April 28, 2018 at 1:25 pm Comments (0)

Roaming Profile Cookie cleaning

While I’ve made a push to remove Roaming Profiles anywhere I still see them, some organizations are still not ready to move on to newer technologies. One of the problems is stale data as profiles are not regularly refreshed, below is a sample script for cleaning up old cookie data folders.

$Old_Date = (Get-Date).AddDays(-90)

$myprofiles = Get-ChildItem D:\Profiles
foreach($i in $myprofiles)
{
	$myuser = $i.FullName
	$CookiePath = $myuser + "\AppData\Roaming\Microsoft\Windows\Cookies\Low"
	$LowCookiePath = $myuser + "\AppData\Roaming\Microsoft\Windows\Cookies"

	if(Test-Path $CookiePath){
       	     Get-ChildItem $CookiePath | where {($_.LastAccessTime -lt $Old_Date) -and ($_.CreationTime -lt $Old_Date) -and ($_.Extension -eq ".TXT")} | Remove-Item
	     if(Test-Path $LowCookiePath)
		{
          	    Get-ChildItem $LowCookiePath | where {($_.LastAccessTime -lt $Old_Date) -and ($_.CreationTime -lt $Old_Date) -and ($_.Extension -eq ".TXT")} | Remove-Item
		}
	}
}
,
November 3, 2017 at 9:26 pm Comments (0)

Exchange 2016 Holiday Calendar Loading

As time goes by scripts get updated. Here is an updated version of my old () which was originally written for Exchange 2010 under Server 2008.


$inputfile = "C:\Input\<mycalendarfile.csv"
$Webservices = "C:\Program Files\Microsoft\Exchange\Web Services\2.2\Microsoft.Exchange.WebServices.dll"
$baseOU = "OU=Domain Users,DC=liquidobject,DC=com"
#Need to update each year, in the event we need to pull entries we can search of it potentially
$myyears = "2017-2018"
#If we need to run the once per year everyone run, set this to true
$YearlyRun = $false

#Testing mode options
$testmode = $false
$testuser = "mytestaccount"

####################### End Options ########################

if(!(Get-Module | where {$_.Name -eq "ActiveDirectory"})){Import-Module ActiveDirectory}
if(!(Get-PSSnapin -Name "Microsoft.Exchange.Management.PowerShell.E2010" -ErrorAction SilentlyContinue)){Add-pssnapin Microsoft.Exchange.Management.PowerShell.E2010}
if(!(Get-PSSnapin -Name "Microsoft.Exchange.Management.PowerShell.support" -ErrorAction SilentlyContinue)){Add-pssnapin Microsoft.Exchange.Management.PowerShell.support}

if(!(Test-Path $Webservices))
{
    Write-Host "`n`nExchange Web Services API is required and is not installed`nhttp://www.microsoft.com/en-us/download/details.aspx?id=28952`n"
    Exit
}
if(!(Test-Path $inputfile))
{
    Write-Host "`n`nInput file of: $inputfile is missing, cannot proceed without this file.`n`n"
    Exit
}
Write-Host "`nEWS Web Services - Loading"
Add-Type -Path $Webservices
Write-Host "EWS Web Services API - Loaded`n"

function New-CalendarItem {
    [CmdletBinding()]
    param(
        [Parameter(Position=1, Mandatory=$true)]$CalendarUser,
        [Parameter(Position=2, Mandatory=$true)]$Subject,
        [Parameter(Position=3, Mandatory=$true)]$Date
        )
    
    $sid = (Get-ADUser -Identity $CalendarUser).SID
    $user = [ADSI]"LDAP://<SID=$sid>"
    $service = New-Object Microsoft.Exchange.WebServices.Data.ExchangeService -ArgumentList ([Microsoft.Exchange.WebServices.Data.ExchangeVersion]::Exchange2010_SP1)
    $service.AutodiscoverUrl($user.Properties.mail)
    
    $Impersonate = (Get-Mailbox -Identity $calendaruser).PrimarySMTPAddress
    $ImpersonatedUserId = New-Object Microsoft.Exchange.WebServices.Data.ImpersonatedUserId -ArgumentList ([Microsoft.Exchange.WebServices.Data.ConnectingIdType]::SmtpAddress),$Impersonate
    $service.ImpersonatedUserId = $ImpersonatedUserId
    
    $appointment = New-Object Microsoft.Exchange.WebServices.Data.Appointment -ArgumentList $service
    $appointment.Subject = $Subject
    $startdate = Get-Date($Date)
    $appointment.Start = $startdate
    $enddate = (Get-Date($Date)).adddays(1)
    $appointment.End = $enddate
    $appointment.body = "Calendar Automation " + $myyears
    $appointment.LegacyFreeBusyStatus = "Free"
    $appointment.IsAllDayEvent = $true
    $appointment.IsReminderSet = $False
    $appointment.Save([Microsoft.Exchange.WebServices.Data.SendInvitationsMode]::SendToNone)
    $appointment = $null
    sleep 0.2
}

$mydata = Import-Csv $inputfile
Write-Host "Preparing to process" $mydata.count "calendar entries`n"

if($YearlyRun)
{
    $myusers = Get-ADuser -Filter {(mail -like "*") -and (ObjectClass -eq "user") -and (Enabled -eq $true)} -SearchBase $baseOU -Properties created | Select-Object samaccountname, created
}
else
{
    $mydays = (Get-Date).Adddays(-7)
    $myusers = Get-ADuser -Filter {(mail -like "*") -and (ObjectClass -eq "user") -and (Created -gt $mydays) -and (Enabled -eq $true)} -SearchBase $baseOU -Properties created | Select-Object samaccountname, created
}

$myusers = $myusers | Sort-Object samaccountname
if($testmode)
{
    $myusers = @{"samAccountName"=$testuser}
}

$today = Get-Date
$mycount = $myusers.count
$currentpos = 1
foreach($i in $myusers)
{
    Write-Host "Loading $currentpos of $mycount for:" $i.samaccountname
    foreach($entry in $mydata)
    {
        if($today -lt $entry.date)
        {
            #Write-Host $entry.date " - " $entry.Subject
            New-CalendarItem -CalendarUser $i.samaccountname -Subject $entry.Subject -date $entry.date
            sleep 0.2
        }
        else
        {
            if($YearlyRun) #only load past dates on the yearly run
            {
                New-CalendarItem -CalendarUser $i.samaccountname -Subject $entry.Subject -date $entry.date
                sleep 0.2
            }
        }
        sleep 0.1
    }
    $currentpos++
    sleep 1.2
}
,
July 31, 2017 at 8:35 am Comments (0)

Microsoft Network Access Protection Reporting

One of the weak components of Microsoft’s NAP implementation is at it’s core the base functionality is there but reporting capabilities were lacking. Even more so in the event you had to deal with multiple NAP servers running. Beginning with the 2008R2 implementation and going forward there is the ability to optionally use SQL server as the back-end for logging instead of flat text files. However, that’s as far as Microsoft went with it.

With running multiple NAP servers you can aggregate the logging into a single SQL database which gives you the ability to some of your own custom reporting as the data is there but just needs to be queried. Below are some sample PowerShell scripts for getting at least some minimal reporting out of your installs.

Find-User.ps1 locate user based upon a partial username match.

$SqlServer = "SQL-1.liquidobject.com"
$SqlCatalog = "NPS"

function SQLSelect
{
    param($SqlQuery)
    $SqlConnection = New-Object System.Data.SqlClient.SqlConnection
    $SqlConnection.ConnectionString = "Server = $SqlServer; Database = $SqlCatalog; Integrated Security = True"
    $SqlCmd = New-Object System.Data.SqlClient.SqlCommand
    $SqlCmd.CommandText = $SqlQuery
    $SqlCmd.Connection = $SqlConnection
    $SqlAdapter = New-Object System.Data.SqlClient.SqlDataAdapter
    $SqlAdapter.SelectCommand = $SqlCmd
    $DataSet = New-Object System.Data.DataSet
    $SqlAdapter.Fill($DataSet)
    $SqlConnection.Close()
    return $DataSet.Tables[0]
}


if($args[0] -ne $NULL)
{
    $myuser = $args[0]
    SQLSelect("select id,timestamp,computer_name as Server,packet_type,User_name,Client_IP_Address as Server_IP,NP_Policy_Name,Called_Station_ID,Quarantine_Update_Non_Compliant as Compliant from accounting_data where user_name like '$myuser%' order by id desc") | FT -AutoSize
}
else
{
    Write-host The script needs to be called in the format: .\Find-User.ps1 username
    $error = 1
}

Get-GeneralStatistics.ps1 shows per NPS server how the load has been balanced across a pair of NPS servers and total usage by authentication method.

$SqlServer = "SQL-1.liquidobject.com"
$SqlCatalog = "NPS"


function SQLSelect
{
    param($SqlQuery)
    $SqlConnection = New-Object System.Data.SqlClient.SqlConnection
    $SqlConnection.ConnectionString = "Server = $SqlServer; Database = $SqlCatalog; Integrated Security = True"
    $SqlCmd = New-Object System.Data.SqlClient.SqlCommand
    $SqlCmd.CommandText = $SqlQuery
    $SqlCmd.Connection = $SqlConnection
    $SqlAdapter = New-Object System.Data.SqlClient.SqlDataAdapter
    $SqlAdapter.SelectCommand = $SqlCmd
    $DataSet = New-Object System.Data.DataSet
    $SqlAdapter.Fill($DataSet)
    $SqlConnection.Close()
    return $DataSet.Tables[0]
}
Clear

$NPS1_Count = (SQLSelect("select count(*) from dbo.accounting_data where computer_name = 'NPS-1'")).column1
$NPS2_Count = (SQLSelect("select count(*) from dbo.accounting_data where computer_name = 'NPS-2'")).column1
if($NPS1_Count -gt $NPS2_Count)
{
    $NPS1_Load = [Math]::Round((1-($NPS2_Count / $NPS1_Count))*100,2)
    $NPS2_Load = [Math]::Round(100-$NPS1_Load,2)
}
else
{
    $NPS2_Load = [Math]::Round((1-($NPS1_Count / $NPS2_Count))*100,2)
    $NPS1_Load = [Math]::Round(100-$NPS2_Load,2)

}
Write-Host "`n`n                    Radius Statistics`n"
Write-Host(" ------------------------------------------------------------------------------`n")
Write-Host " NPS-1 has $NPS1_Count status updates`n NPS-1 has $NPS1_Load% of the historical load.`n`n"
Write-Host " NPS-2 has $NPS2_Count status updates`n NPS-2 has $NPS2_Load% of the historical load.`n`n"


$Secure_Count = (SQLSelect("select count(*) from accounting_data where NP_Policy_Name = 'Secure Wireless Connections'")).column1
$EDURoam_Count = (SQLSelect("select count(*) from accounting_data where NP_Policy_Name = 'eduroam'")).column1

Write-Host(" ------------------------------------------------------------------------------`n")
Write-Host(" We have had $Secure_Count Secure Wireless authentication status updates.`n")
Write-Host(" We have had $EDURoam_Count eduroam authentication status updates.`n`n")

Write-Host(" ------------------------------------------------------------------------------`n")

Get-Last50Rows.ps1 returns the last 50 entries in the database.

$SqlServer = "SQL-1.liquidobject.com"
$SqlCatalog = "NPS"

function SQLSelect
{
    param($SqlQuery)
    $SqlConnection = New-Object System.Data.SqlClient.SqlConnection
    $SqlConnection.ConnectionString = "Server = $SqlServer; Database = $SqlCatalog; Integrated Security = True"
    $SqlCmd = New-Object System.Data.SqlClient.SqlCommand
    $SqlCmd.CommandText = $SqlQuery
    $SqlCmd.Connection = $SqlConnection
    $SqlAdapter = New-Object System.Data.SqlClient.SqlDataAdapter
    $SqlAdapter.SelectCommand = $SqlCmd
    $DataSet = New-Object System.Data.DataSet
    $SqlAdapter.Fill($DataSet)
    $SqlConnection.Close()
    return $DataSet.Tables[0]
}
Clear


SQLSelect("select TOP 50 id,timestamp,computer_name as Server,packet_type,User_name,Client_IP_Address as Aruba_IP,NP_Policy_Name,Called_Station_ID,Quarantine_Update_Non_Compliant as Compliant from accounting_data order by id desc") | FT -AutoSize

Get-Table.ps1 in the event you need to do some diagnostics, this shows the raw output from the last 1,000 rows.

$SqlServer = "SQL-1.liquidobject.com"
$SqlCatalog = "NPS"

function SQLSelect
{
    param($SqlQuery)
    $SqlConnection = New-Object System.Data.SqlClient.SqlConnection
    $SqlConnection.ConnectionString = "Server = $SqlServer; Database = $SqlCatalog; Integrated Security = True"
    $SqlCmd = New-Object System.Data.SqlClient.SqlCommand
    $SqlCmd.CommandText = $SqlQuery
    $SqlCmd.Connection = $SqlConnection
    $SqlAdapter = New-Object System.Data.SqlClient.SqlDataAdapter
    $SqlAdapter.SelectCommand = $SqlCmd
    $DataSet = New-Object System.Data.DataSet
    $SqlAdapter.Fill($DataSet)
    $SqlConnection.Close()
    return $DataSet.Tables[0]
}
Clear


SQLSelect("select Top 1000 * from accounting_data order by id desc") | FT -AutoSize

Pause
, , ,
February 18, 2015 at 8:20 am Comments (0)

Bulk disabling modules in LibreNMS

So I was in the process of adding in a large quantity of devices into LibreNMS but noticed a few days later the discovery and polling times were getting longer. Not really to be unexpected as there was more devices but some devices took an abnormally amount of time to finish the SNMP scans. Below is an example how to bulk disable attributes under LibreNMS (likely to work on Observium as well).

Outside of globally disabling different modules we will need to talk directly to the MySQL database in order to accomplish what we are looking for.

In the below example I’m looking at disabling the discover_arp-table on all Windows hosts.

select device_id,hostname from devices where OS = 'windows';

Then copy and paste the results into your favorite editor (I generally use excel for data like this).

="insert into devices_attribs (device_id,attrib_type,attrib_value) values ("""&A2&""",""discover_arp-table"",""0"");"

In the above the “A” column contains all the device_id’s I wish to adjust.

This will generate MySQL insert statements like the below

insert into devices_attribs (device_id,attrib_type,attrib_value) values ("4","discover_arp-table","0");

At this point all you need to do is run the generated MySQL statements against the LibreNMS database to disable the given module in bulk.

, ,
October 27, 2014 at 12:06 pm Comments (0)

Filtering out extra Windows interfaces when monitoring with LibreNMS/Observium

By default when monitoring a Windows-based host with LibreNMS (also for Observium), you’ll see a lot of extra unwanted interfaces present. However, to filter them out globally you need to edit the config.php file. Here’s a basic config that should take of most of the extra network adapters present for Windows Server 2008 through 2012R2. Notice, if you have special teaming configurations they will create their own unique names which this will not remove.

$config['bad_if'][] = "wan miniport (sstp)";
$config['bad_if'][] = "wan miniport (l2tp)";
$config['bad_if'][] = "wan miniport (pptp)";
$config['bad_if'][] = "wan miniport (pppoe)";
$config['bad_if'][] = "wan miniport (ipv6)";
$config['bad_if'][] = "wan miniport (network monitor)";
$config['bad_if'][] = "wan miniport (ip)";
$config['bad_if'][] = "wan miniport (ikev2)";
$config['bad_if'][] = "tap-windows adapter v9";
$config['bad_if'][] = "broadcom netlink (tm) gigabit ethernet-wfp lightweight filter-0000";
$config['bad_if'][] = "software loopback interface 1";
$config['bad_if'][] = "lo";
$config['bad_if'][] = "vmxnet3 ethernet adapter-wfp lightweight filter-0000";
$config["bad_if"][] = "vmxnet3 ethernet adapter #2-wfp lightweight filter-0000";
$config['bad_if'][] = "ras async adapter";
$config["bad_if"][] = "teredo tunneling pseudo-interface";
$config["bad_if"][] = "microsoft kernel debug network adapter";
$config["bad_if"][] = "vmxnet3 ethernet adapter-wfp native mac layer lightweight filter-0000";
$config["bad_if"][] = "vmxnet3 ethernet adapter-wfp 802.3 mac layer lightweight filter-0000";
$config["bad_if"][] = "wan miniport(ip)-wfp native mac layer lightweight filter-0000";

I’ve also included a few specifically if you are running on VMware with the VMXNet3 network adapter.

,
October 20, 2014 at 10:05 am Comments (0)

« Older Posts