Configurer et Utiliser la poubelle AD

La poubelle AD est une fonctionnalite de DS depuis 2008R2 (peut etre 2012?). Ceci permet de restorer des objets sans perdre les attributs – comme avec adrestore de sysinternals.

Activer la poubelle AD

Enable-ADOptionalFeature –Identity ‘Recycle Bin Feature’ –Scope  ForestOrConfigurationSet –Target ‘domain.local’
WARNING: Enabling 'Recycle Bin Feature' on 'CN=Partitions,CN=Configuration,DC=domain,DC=local' is an irreversible action!
You will not be able to disable 'Recycle Bin Feature' on 'CN=Partitions,CN=Configuration,DC=domain,DC=local' if you proceed.

Confirm
Are you sure you want to perform this action?
Performing operation "Enable" on Target "Recycle Bin Feature".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"):

Configurer la poubelle

Trouver la valeur de retention courante:

dsquery * " cn=Directory Service,cn=Windows NT,cn=Services,cn=Configuration,dc=domain,dc=local" -scope base -attr tombstonelifetime
tombstonelifetime
180

Pour modifier cette valeur, il faut utiliser ADSIedit (dans le contexte Configuration aka LDAP://DC.domain.local/Configuration) et naviguer vers CN=Services,CN=Windows NT, CN=Directory Service tombstonelifetime.

Ces objets sont conservés dans un container de la base AD secret. Et comme l’idee est de pouvoir les restorer voyons comme on peut faire.

Le container des objets se trouve en ici:

 Get-ADDomain | select DeletedObjectsContainer DeletedObjectsContainer
-----------------------
CN=Deleted Objects,DC=domain,DC=local 

Lister les objets effacés
On doit utiliser la commande get-adobject avec le parametre -IncludeDeletedObjects

 get-adobject -filter 'objectclass -eq "user1" -AND IsDeleted -eq $True' -IncludeDeletedObjects -properties IsDeleted,LastKnownParent

Deleted           : True
DistinguishedName : CN=zzz_user1\0ADEL:1a354486-8aeb-4f5f-8d72-33aab18125bf,CN=Deleted Objects,DC=domain,DC=local
IsDeleted         : True
LastKnownParent   : OU=Désactivés,OU=cie,DC=domain,DC=local
Name              : zzz_user1
DEL:1a354486-8aeb-4f5f-8d72-33aab18125bf
ObjectClass       : user
ObjectGUID        : 1a354486-8aeb-4f5f-8d72-33aab18125bf

On peut aussi lister un utilisateur en particulier en utilisant les paramètres de filtrage

get-adobject -filter 'Name -like "*user2*" -AND IsDeleted -eq $True' -IncludeDeletedObjects -Properties samaccountname

Deleted           : True
DistinguishedName : CN=zzz_user2\0ADEL:3bea71e0-e5c0-41a
a-9b18-85abaaff4667,CN=Deleted Objects,DC=domain,DC=local
Name              : zzz_user2
DEL:3bea71e0-e5c0-41aa-9b18-85abaaff4667
ObjectClass       : user
ObjectGUID        : 3bea71e0-e5c0-41aa-9b18-85abaaff4667
samaccountname    : user2

Restorer un objet effacé

Une fois trouver en listant avec get-adobject, la commande restore-adobject peut faire un test ou restorer l’object directement.

Pour faire un test, on utilise -WhatIf

get-adobject -filter 'Name -like "*user2*"' -IncludeDeletedObjects | Restore-ADObject -WhatIf
WhatIf : Opération « Restore » en cours sur la cible « CN=zzz_user2\0ADEL:3bea71e0-e5c0-41aa-9b18-85abaaff4667,CN=Deleted Objects,DC=domain,DC=local ».

Pour restorer, on utilise -PassThru

get-adobject -filter 'Name -like "*user2*"' -IncludeDeletedObjects | Restore-ADObject -PassThru

DistinguishedName   Name                ObjectClass         ObjectGUID
-----------------   ----                -----------         ----------
cn=user2 ... zzz_user2 ... user                3bea71e0-e5c0-41...

On vérifie si le compte a ete restore

 get-aduser -filter 'Name -like "*user2*"'
DistinguishedName : CN=zzz_user2
Nicol,OU=Désactivés,OU=user,DC=domain,DC=local
Enabled           : False
GivenName         : zzz_user2
Name              : zzz_user2
ObjectClass       : user
ObjectGUID        : 3bea71e0-e5c0-41aa-9b18-85abaaff4667
SamAccountName    : user2
SID               : S-1-5-21-1069915444-1557172909-2421692447-1258
Surname           : user2
UserPrincipalName : user2@domain.local

Si on ne veut pas que les objets soient restores au même endroit, on peut utiliser l’option -TargetPath “DN path”

Advertisements

#ad, #ds, #microsoft, #poubelle, #recycle-bin, #restore

Installing .Net3.5 on Windows 2012 R2

I had encountered this in the past, because .net 3.5 became an on-demand addon it would not come installed on a fresh windows 2012 install.

To fix this, one add to play with the following commands to get the feature available on the system and install it.

Dism.exe /online /enable-feature /featurename:NetFX3 /All /Source:c:\dotnet35 /LimitAccess

Somehow, I could not get this to work and even if the source was here with .net 3.5 files, it just would not install saying dotnet35 could not be found.

I eventually found a magic key to actually let the server connect to msupdate instead of trying to get it from a source.

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Servicing] “RepairContentServerSource”=DWORD(2)

By enabling this, I was able to install dotnet35. Apparently there is a GPO for this, but all of the policy templates I found did not include “Specify settings for optional component installation and component repair”.

#net, #3-5, #dotnet35, #microsoft, #server, #servicing, #wsus

Add EMC Storage – PowerPath Driven – on Server 2012 R2 Core or Hyper-V 2012 R2 (well core as well)

For this recipe you will need:

  • 1 LUN (setup in a storage group that holds the server)
  • 1 PowerPath (here after PP) Key
  • 1 Diskpart

First, locate your latest PP bundle and install in CLI mode.

PS C:\windows\system32> etsn ptbtt-go-hv
[ptbtt-go-hv]: PS C:\> ls
Directory: C:\
Mode                LastWriteTime     Length Name
----                -------------     ------ ----
d----        11/21/2014   2:46 PM            logs
-a---         5/15/2014   4:45 PM   92347200 EMCPower.X64.signed.5.7.SP3.b509.exe

[ptbtt-go-hv]: PS C:\> EMCPower.X64.signed.5.7.SP3.b509.exe /s /v"/L*v C:\logs\PPsetup.log LICENSENUM=BUPJ-XB4E-LFC3-QYPY-MM92-QDWB NO_REBOOT=1"

Once finished you can log there to see if  all was successful.

[ptbtt-go-hv]: PS C:\logs> Get-Content .\PPsetup.log | Select-String "Installation completed successfully"

MSI (s) (E4:94) [14:48:24:606]: Product: EMC PowerPath 5.7 Service Pack 3 (64bit) -- Installation completed
successfully.

Hooray? well, go play with PowerMT.exe

[ptbtt-go-hv]: PS C:\> cd 'C:\Program Files\EMC\PowerPath'
[ptbtt-go-hv]: PS C:\Program Files\EMC\PowerPath> ls
Directory: C:\Program Files\EMC\PowerPath
Mode                LastWriteTime     Length Name
----                -------------     ------ ----
d----        11/21/2014   2:47 PM            Drivers
d----        11/21/2014   2:53 PM            Logs
d----        11/21/2014   2:47 PM            x86
-a---          2/7/2013   1:08 PM      17728 db_recover.exe
-a---         11/1/2010   4:13 AM        385 db_recover.exe.intermediate.manifest
-a---        11/24/2010   2:04 AM     531512 difxapi.dll
-a---          2/7/2013   1:10 PM      49472 EmcAdminProxy.dll
-a---         5/15/2014   5:20 PM    1125184 EmcAdminSvr.exe
-a---          2/7/2013   1:12 PM     516416 EmcLicTool.exe
-a---          2/7/2013   1:13 PM      27456 EmcLicTool_CHS.dll
-a---          2/7/2013   1:14 PM      27968 EmcLicTool_DEU.dll
-a---          2/7/2013   1:15 PM      27968 EmcLicTool_ESP.dll
-a---          2/7/2013   1:15 PM      27968 EmcLicTool_FRA.dll
-a---          2/7/2013   1:16 PM      27968 EmcLicTool_ITA.dll
-a---          2/7/2013   1:17 PM      27456 EmcLicTool_JPN.dll
-a---          2/7/2013   1:17 PM      27456 EmcLicTool_KOR.dll
-a---          2/7/2013   1:18 PM      27968 EmcLicTool_PTB.dll
-a---          2/7/2013   1:20 PM      29504 emcphostid.exe
-a---          2/7/2013   1:20 PM      27968 EmcpLogMsgs.dll
-a---         5/15/2014   5:20 PM    1117504 EmcpMgmtComp.exe
-a---         5/15/2014   5:20 PM     494400 EmcPowerPathAdmin.dll
-a---         5/15/2014   5:20 PM      39232 EmcPowMon.exe
-a---          2/7/2013   1:24 PM      31552 EmcPowPN22.dll
-a---          2/7/2013   1:25 PM      21312 EmcPowRes.dll
-a---         5/15/2014   5:20 PM     869696 EmcPowSrv.exe
-a---          2/7/2013   1:26 PM      39232 EmcpPerfmonPmiPrvdr.dll
-a---          2/7/2013   1:27 PM      36160 emcpreg.exe
-a---          2/7/2013   1:28 PM      10048 EmcpSvcErr.dll
-a---          2/7/2013   1:28 PM      26432 emcp_lic_rtl.dll
-a---         5/15/2014   5:20 PM    1137472 Emcp_mpapi_rtl.dll
-a---          2/7/2013   1:31 PM      91968 emcp_mp_rtl.dll
-a---         6/10/2003  10:00 PM      43430 Emc_PowerPath_Console.msc
-a---          2/7/2013   1:33 PM    1404224 libdb51.dll
-a---         11/1/2010   4:14 AM        385 libdb51.dll.intermediate.manifest
-a---         5/15/2014   5:20 PM    1748480 Libeay32.dll
-a---         5/15/2014   5:20 PM     303424 ManagementComp_Config.exe
-ar--        11/21/2014   3:38 PM         22 mpaa.excluded
-ar--        11/21/2014   3:38 PM        244 mpaa.lams
-a---         5/15/2014   5:20 PM     332608 powermig.exe
-a---         5/15/2014   5:20 PM     270144 powermigcl.exe
-a---         5/15/2014   5:20 PM    1181504 powermt.exe
-a---        12/18/2012   6:12 PM      23639 powerpath.man
-a---         5/15/2014   5:20 PM     304448 PowMigSrvc.exe
-a---         5/15/2014   5:20 PM     222016 ppinstall.exe
-a---         5/15/2014   5:20 PM     490304 ppRemoveAll.exe
-a---          2/7/2013   1:49 PM      55104 pthreadVC2.dll
-a---         5/15/2014   5:20 PM       5279 server.pem
-a---         5/15/2014   5:20 PM     360448 Ssleay32.dll

Found powermt, let’s use it.

[ptbtt-go-hv]: PS C:\Program Files\EMC\PowerPath> .\powermt.exe display dev=all
Pseudo name=harddisk1
VNX ID=APM00141276882 [TTBTT-GO-HV_SG]
Logical device ID=6006016009B03800F71D7ED4B571E411 [FSP_LUN31_SPB_6882_PTBTT-GO-HV_X_200G]
state=alive; policy=CLAROpt; queued-IOs=0
Owner: default=SP B, current=SP B       Array failover mode: 4
==============================================================================
--------------- Host ---------------   - Stor -  -- I/O Path --   -- Stats ---
###  HW Path               I/O Paths    Interf.  Mode     State   Q-IOs Errors
==============================================================================
2 port2\path0\tgt1\lun0  c2t1d0      SP A3    active   alive      0      0
2 port2\path0\tgt0\lun0  c2t0d0      SP A2    active   alive      0      0
1 port1\path0\tgt1\lun0  c1t1d0      SP B3    active   alive      0      0
1 port1\path0\tgt0\lun0  c1t0d0      SP B2    active   alive      0      0

Looks like you see your disk? Expose it to windows for storing let’s VMs – this is pretty useful for hyper-v hypervisor!

[ptbtt-go-hv]: PS C:\Program Files\EMC\PowerPath> diskpart
Microsoft DiskPart version 6.3.9600
Copyright (C) 1999-2013 Microsoft Corporation.
On computer: PTBTT-GO-HV
DISKPART>
[ptbtt-go-hv]: PS C:\Program Files\EMC\PowerPath> exit

Sometimes powershell session don’t play nice with output redirection and things like diskpart from let you in the interactive mode. Fear not, use psexec instead and use diskpart to create that disk.

PS H:\> cd .\Tools\sysinternals
PS H:\Tools\sysinternals> .\psexec.exe \\ptbtt-go-hv cmd
PsExec v2.11 - Execute processes remotely
Copyright (C) 2001-2014 Mark Russinovich
Sysinternals - www.sysinternals.com
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.
C:\Windows\system32>diskpart
Microsoft DiskPart version 6.3.9600
Copyright (C) 1999-2013 Microsoft Corporation.
On computer: PTBTT-GO-HV
DISKPART> list disk
Disk ###  Status         Size     Free     Dyn  Gpt
--------  -------------  -------  -------  ---  ---
Disk 0    Online          135 GB      0 B
Disk 1    Offline         200 GB   200 GB
DISKPART> select disk 1
Disk 1 is now the selected disk.
DISKPART> online disk
DiskPart successfully onlined the selected disk.
DISKPART> list disk
Disk ###  Status         Size     Free     Dyn  Gpt
--------  -------------  -------  -------  ---  ---
Disk 0    Online          135 GB      0 B
* Disk 1    Online          200 GB   200 GB
DISKPART> select disk 1
Disk 1 is now the selected disk.
DISKPART> list volume
Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
----------  ---  -----------  -----  ----------  -------  ---------  --------
Volume 0     E   IRM_SHV_X64  UDF    CD-ROM      1917 MB  Healthy
Volume 1     D   RECOVERY     NTFS   Partition   3072 MB  Healthy
Volume 2         System Rese  NTFS   Partition    350 MB  Healthy    System
Volume 3     C                NTFS   Partition    132 GB  Healthy    Boot
DISKPART> create partition primary

DiskPart has encountered an error: The media is write protected.
See the System Event Log for more information. 

Oops, I am not sure what a a disk is defaulted to read-only. Let’s change it manually.

DISKPART> attributes disk
Current Read-only State : Yes
Read-only  : Yes
Boot Disk  : No
Pagefile Disk  : No
Hibernation File Disk  : No
Crashdump Disk  : No
Clustered Disk  : No

DISKPART> attributes disk clear readonly

Disk attributes cleared successfully.

DISKPART> list disk

Disk ###  Status         Size     Free     Dyn  Gpt
--------  -------------  -------  -------  ---  ---
Disk 0    Online          135 GB      0 B
* Disk 1    Online          200 GB   200 GB

DISKPART> create partition primary

DiskPart succeeded in creating the specified partition.

DISKPART> list volume

Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
----------  ---  -----------  -----  ----------  -------  ---------  --------
Volume 0     E   IRM_SHV_X64  UDF    CD-ROM      1917 MB  Healthy
Volume 1     D   RECOVERY     NTFS   Partition   3072 MB  Healthy
Volume 2         System Rese  NTFS   Partition    350 MB  Healthy    System
Volume 3     C                NTFS   Partition    132 GB  Healthy    Boot
* Volume 4                      RAW    Partition    199 GB  Healthy

DISKPART> select volume 4

Volume 4 is the selected volume.

DISKPART> format fs=ntfs quick

100 percent completed

DiskPart successfully formatted the volume.

DISKPART> list volume

Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
----------  ---  -----------  -----  ----------  -------  ---------  --------
Volume 0     E   IRM_SHV_X64  UDF    CD-ROM      1917 MB  Healthy
Volume 1     D   RECOVERY     NTFS   Partition   3072 MB  Healthy
Volume 2         System Rese  NTFS   Partition    350 MB  Healthy    System
Volume 3     C                NTFS   Partition    132 GB  Healthy    Boot
* Volume 4                      NTFS   Partition    199 GB  Healthy

DISKPART> assign letter=f

DiskPart successfully assigned the drive letter or mount point.

DISKPART> list volume

Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
----------  ---  -----------  -----  ----------  -------  ---------  --------
Volume 0     E   IRM_SHV_X64  UDF    CD-ROM      1917 MB  Healthy
Volume 1     D   RECOVERY     NTFS   Partition   3072 MB  Healthy
Volume 2         System Rese  NTFS   Partition    350 MB  Healthy    System
Volume 3     C                NTFS   Partition    132 GB  Healthy    Boot
* Volume 4     F                NTFS   Partition    199 GB  Healthy

DISKPART> exit

Leaving DiskPart...

C:\Windows\system32>f:
f:


F:\>mkdir "Virtual Machines"
mkdir "Virtual Machines"

F:\>dir
dir
Volume in drive F has no label.
Volume Serial Number is 6C59-E0A3

Directory of F:\

11/21/2014  03:49 PM    <DIR>          Virtual Machines
0 File(s)              0 bytes
1 Dir(s)  214,617,317,376 bytes free


cmd exited on ptbtt-go-hv with error code 0.
PS H:\Tools\sysinternals>

#core, #diskpart, #emc, #microsoft, #partition, #powerpath, #powershell, #sysinternal, #windows-2

Working VMs without the GUI

Here I went on a mission I though would never happened to me. You set up fail-safe and prepare and make sure all is properly set and then when time comes it is all improvisation again!

After a file level migration of some VMs to a new set of hosts, a license check mechanism made me realized that the mac addresses of a particular VM had changed – in fact all mac addresses had changed thanks to the dynamic mac setting and Hyper-V mac addresses pool. The mission was to change the mac address of the “new” VMs by “new” addresses from the old VMs

So “I” decided that my Hyper-V hosts would well be hypervisor only aka Microsoft Hyper 2012 R2 Core (or something like this).

I had tested connectivity with Hyper-V Management.

I had even built up some powershell scripts to copy the mac addresses from the old VMs (on another host) to the new host.

$OLD get-vm -computername old -name LoadBalancer | select -expandproperty networkadapters
get-vm -computername new -name LoadBalancer | stop-vm
get-vm -computername new -name LoadBalancer | set-vmnetworkadapter -staticMacAddress $OLD.MacAddress
get-vm -computername new -name LoadBalancer | start-vm

And when came time to change the mac addresses or my VMs I had lost access to using Hyper-V Manager, to the host hosting the “better” mac addresses. So no quick easy 3 click change, and the script I wrote was now useless.

So I can up with this code to actually change them afterall

get-vm -Name "LoadMaster VLM" | start-vm

Get-VMNetworkAdapter -VMName "LoadMaster VLM" | Select

Name IsManagementOs VMName SwitchName MacAddress Status IP Addresses
---- -------------- ------ ---------- ---------- ------ --
Network Adapter False LoadMaster VLM Trusted 00155D01820C {}
Network Adapter False LoadMaster VLM Trusted 00155D01820D {}

Get-VMNetworkAdapter -VMName "LoadMaster VLM" | where {$_.MacAddress -eq "00155D01820C"} | Set-VMNetworkAdapter -StaticMacAddress "00155D030208"
Get-VMNetworkAdapter -VMName "LoadMaster VLM" | where {$_.MacAddress -eq "00155D01820D"} | Set-VMNetworkAdapter -StaticMacAddress "00155D030208"

Get-VMNetworkAdapter -VMName "LoadMaster VLM" | Select

Name IsManagementOs VMName SwitchName MacAddress Status IPAddresses
---- -------------- ------ ---------- ---------- ------ --
Network Adapter False LoadMaster VLM Trusted 00155D030208 {}
Network Adapter False LoadMaster VLM Trusted 00155D030208 {}

get-vm -Name "LoadMaster VLM" | start-vm
get-vm -Name "LoadMaster VLM"

Name State CPUUsage(%) MemoryAssigned(M) Uptime Status
---- ----- ----------- ----------------- ------ ------
LoadMaster VLM Running 1 1024 00:00:08 Operating norm...

Do you even use the GUI to manipulate your VMs?

#hyper-v, #mac-address, #microsoft, #powershell