My company was moving from our in house email system to a completely new infrastructure with a new email domain name and a new Active Directory domain. The plan was to have users configure a new Outlook profile to connect to the new system at a particular time on the migration day. Because we have little control over when the users will actually make the transition, I want to make sure any new emaill that arrived at the old mailbox would get forwarded to the new mailbox. This would help cover the straggler users who keep sending email to users who had already migrated.
So this script does exactly that…. it takes a list of distinguished names in an input file, connects to active directory and sets the Active Directory attribute for “targetAddress”. This will essentially forward the mail to the targetAddress SMTP location.
The input file can be easily generated with a CSVDE command:
C:\csvde -f input.csv -d "dc=domain,dc=com" -r "(ObjectCategory=Person)" -l "DN"
Connecting to "(null)"
Logging in as current user using SSPI
Exporting directory to file input.csv
Searching for entries...
Writing out entries
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
................................................................................
...........................................
Export Completed. Post-processing in progress...
763 entries exported
The command has completed successfully
Then you can run this script to read it in and make the changes the the mail enabled active directory objects. (more…)
Cisco’s Overview of DHCP Snooping
DHCP snooping is a DHCP security feature that provides security by filtering untrusted DHCP messages and by building and maintaining a DHCP snooping binding table. An untrusted message is a message that is received from outside the network or firewall and that can cause traffic attacks within your network.
The DHCP snooping binding table contains the MAC address, IP address, lease time, binding type, VLAN number, and interface information that corresponds to the local untrusted interfaces of a switch; it does not contain information regarding hosts interconnected with a trusted interface. An untrusted interface is an interface that is configured to receive messages from outside the network or firewall. A trusted interface is an interface that is configured to receive only messages from within the network.
DHCP snooping acts like a firewall between untrusted hosts and DHCP servers. It also gives you a way to differentiate between untrusted interfaces connected to the end-user and trusted interfaces connected to the DHCP server or another switch.
Well thanks for that extremely clear overview…….. what actually is going on? Lets say you have a switch. You hook a DHCP server up to port #1 and designate this as a “trusted” interface and all of the rest of the ports that will have devices connected to them are setup as “untrusted”. You would set this up using the commands:
*** Enable DHCP Snooping & ARP Inspection ***
ip dhcp snooping vlan 100
no ip dhcp snooping information option
ip dhcp snooping database flash:/dhcpdb.dat
ip dhcp snooping
ip arp inspection vlan 100
*** Untrusted Access Interfaces for DHCP ****
Int Range Fa1/0/2 - 48
description Workstation
switchport access vlan 100
switchport mode access
no mdix auto
Int Range Fa2/0/1 - 48
description Workstation
switchport access vlan 100
switchport mode access
no mdix auto
*** Trusted Access Interface for DHCP ***
Int Fa1/0/1
description DHCP Server
switchport access vlan 100
switchport mode access
no mdix auto
ip dhcp snooping trust
DHCP Client requests are forwarded regardless of the trust state of the port, but DHCP server responses are dropped if the port is untrusted.
So lets say on port #2 the switch sees a DHCP discovery packet float by from a DHCP client. Because it is a broadcast message this gets flooded to all ports on the VLAN. The DHCP server connected to port #1 sees the discovery packet and sends an uninicast DHCPOFFER packet to the client. Because this originated from a “trusted” port the offer is allowed to go through. The client recieves the DHCPOFFER chooses an offer from all that it receives and responds with a DHCPREQUEST back to the DHCP server. The server then responds with a DHCPACK and includes the configuration parameters and committed network address. The switch records the client binding port, vlan, mac address, and ip, etc into its local snooping database.
(more…)
As an Exchange administrator we have probably all had that panic call from an administrative assistant want to recall a message that was inadvertently sent to the wrong group. Every end-user knows that Outlooks “Re-Call” capability stinks. Microsoft’s Exchange Mailbox Merge tool can be used to perform this function (Available as a download from Microsoft Here). You’ve probably used this tool before to extract a single user’s mailbox from the Exchange Recovery Storage group to a PST.
We can use a similar technique to extract and delete all of the messages that match a criteria like “SUBJECT” to a PST and then simply throw away the PST.
Before we begin make sure the account you are using is NOT a Domain Admin and has read access to the mailstore and all of the mailboxes. I like setting this permission on the SERVER level and letting it propagte down to the individual mailboxes. You can’t use a Domain Admin account because Exchange explicitly denies Domain Admins read access at the mailbox level.
Startup exmerge, and choose the “Extract or Import (Two Step Procedure).
This allows us to extract the messages that meet our criteria first before trying to import or restore the messages.
Select "Extract or Import (Two Step Procedure)
So first we perform step 1 to extract the messages. (more…)
For audit purposes I needed to list all active directory users and prove that ex-employees were either deleted of disabled. There are a couple of techniques to produce the required output. I think the easiest was to make use of the csvde.exe.
Arguements for csvde.exe
CSV Directory Exchange
General Parameters
==================
-i Turn on Import Mode (The default is Export)
-f filename Input or Output filename
-s servername The server to bind to (Default to DC of computer's domain)
-v Turn on Verbose Mode
-c FromDN ToDN Replace occurences of FromDN to ToDN
-j path Log File Location
-t port Port Number (default = 389)
-u Use Unicode format
-? Help
Export Specific
===============
-d RootDN The root of the LDAP search (Default to Naming Context)
-r Filter LDAP search filter (Default to "(objectClass=*)")
-p SearchScope Search Scope (Base/OneLevel/Subtree)
-l list List of attributes (comma separated) to look for in an
LDAP search
-o list List of attributes (comma separated) to omit from input.
-g Disable Paged Search.
-m Enable the SAM logic on export.
-n Do not export binary values
Import
======
-k The import will go on ignoring 'Constraint Violation' and
'Object Already Exists' errors
Credentials Establishment
=========================
Note that if no credentials is specified, CSVDE will bind as the currently
logged on user, using SSPI.
-a UserDN [Password | *] Simple authentication
-b UserName Domain [Password | *] SSPI bind method
Example: Simple import of current domain
csvde -i -f INPUT.CSV
Example: Simple export of current domain
csvde -f OUTPUT.CSV
Example: Export of specific domain with credentials
csvde -m -f OUTPUT.CSV
-b USERNAME DOMAINNAME *
-s SERVERNAME
-d "cn=users,DC=DOMAINNAME,DC=Microsoft,DC=Com"
-r "(objectClass=user)"
No log files were written. In order to generate a log file, please
specify the log file path via the -j option.So to display whether a user is disabled or not we need to extract the “userAccountControl” property.
(more…)
When trying to open a sample workbook using SharePoint Excel Services I got a nasty error:
You do not have permissions to open this file on Excel Services.
Make sure that the file is in an Excel Services trusted location and that you have access to the file.
Access Denied Message
In my case I had an Excel workbook in a ReportLibrary on my site. And yes I had added the library to the SSP Trusted File locations using Central Administration. Took me a bit of tinkering to figure out what was going on….
The URL to my ReportLibrary that contained the Excel spreadsheet was: “http://sharepoint/Reports/ReportLibrary/Forms/current.aspx”
So I used this as the Trusted File Location. Turns out that SharePoint doesn’t want the “/Forms/current.aspx” part of the URL identifying the Windows SharePoint Services Location….. AND the other trick is that the “Windows SharePoint Services” location has to end with a “/“. So the URL I needed to use for the Trusted File Location is: “http://sharepoint/Reports/ReportLibrary/”
Windows SharePoint Service Location ends with a "/"
Hope this helps to keep others out there from pulling there hair out and cursing SharePoint!!
On Solaris 10 there are a number of resource limits that can be imposed on a Solaris 10 project.
The “prjstat -J” command gives you a nice basic summary of overall project resources being used. ”
PROJID NPROC SWAP RSS MEMORY TIME CPU PROJECT
3 350 6106M 2677M 16% 22:41:16 2.2% default
1 4 2704K 4096K 0.0% 0:08:10 0.8% user.root
0 45 198M 225M 1.4% 0:17:25 0.1% system
100 13 121M 67M 0.4% 0:24:27 0.0% group.mqmSo from the output above you can see that I have 4 projects defined. On my system, of particular note is the fact that other than for members of group mqm everyone uses the “default” project to define limits system wide. So how do we find out what limits are currently defined?
The “prctl” command will give you the limits currently imposed for a particular process. Once again because everyone uses the “default” project simply sign-in as a normal user and execute the “prctl” command with “$$” as arguments to use the current shell’s process to determine resource limits. (more…)
So how do you delete a Team Foundation Server (TFS) Team Project that is no longer needed. It is not immediately obvious, certainly there is no obvious way using the Team Explorer GUI.
The answer is to use the “tfsdeleteproject” command.
Usage: TfsDeleteProject [/q] [/force] </server:<server name>> <team project name>
Deletes the Team Project from Team Foundation. To use this command, you must be
a member of either the Team Foundation Server Administrators group or a member
of the Project Administrators group for the project you are deleting. Use this
command with caution because after deleting the team project it cannot be recovered.
[/q] - Do not prompt for confirmation.
</server:<server name>> - The name of the Team Foundation server.
[/force] - Continue even if some data cannot be deleted.
<team project name> - The name of the project. Use quotes if there are spaces in the name.
So to delete a project called “Tim2″ you would open up a visual studio command prompt on a machine with Team Explorer installed and type the following:
c:\Program Files\Microsoft Visual Studio 9.0\VC>tfsdeleteproject /server:tfsserver Tim2
Warning: Deleting a team project is an irrecoverable operation. All version cont
rol, work item tracking and Team Foundation build data will be destroyed from th
e system. The only way to recover this data is by restoring a stored backup of t
he databases. Are you sure you want to delete the team project and all of its da
ta (Y/N)?y
Deleting from Build ...
Done
Deleting from Work Item Tracking ...
Done
Deleting from Version Control ...
Done
Deleting Report Server files ...
Done
Deleting SharePoint site ...
Done
Deleting from Team Foundation Core ...
Done
I had to recently change the name of the SharePoint site that Team Foundation Server (TFS) pointed to for creation of the collaboration site.
On your new moss server you will still need the WSS Ext for SharePoint Installed and you will need to run the “tsconfigwss.exe to make shure SharEPoint is familiar with the location of the TFS report server.
To make TFS point to the new SharePoint site…..
TFS has a handy utility called “tfsadminutil” that allows you to change the URIs associated witht he TFS installation.
TFSAdminUtil ConfigureConnections [/View] [/proxy] [/ClientCertificate: (user|computer)] [/ATUri:<uri>] [/PublicATUri:<uri>]
[/SharepointUri:<uri>] [/SharepointSitesUri:<uri>] [/SharepointAdminUri:<uri>] [/SharepointUnc:<unc>] [/TswaUri:<uri>]
| Argument |
Description |
| user |
Use with /clientcertificate option to specify to use the user certificate store. |
| computer |
Use with /clientcertificate option to specify it to use the computer certificate store. |
| URI |
Use to set the uniform resource indicator (URI) with the appropriate option. |
(more…)
Team Foundation Server (TFS) is a collection of services including version control, work item tracking, and an EventService service. The EventService exposes a set of events that, when fired, can perform actions such as sending e-mail or making a SOAP-based Web service call.
Email alerts can easily be configured on a per project basis using Team Explorer. Once connected to the Team Server, you’ll be able to access the Team menu on the main menu bar. If you select the menu item “Project Alerts” Visual Studio will open the Project Alerts dialog, which allows you to create e-mail subscriptions for the major events associated with a particular project.
TFS will format the body of the message HTML or plain. Multiple Email addresses can be configured by separating them with a semi-colon. Email formating is controlled XSLT transforms located on the TFS server in the “C:\Program Files\Microsoft Visual Studio 2008 Team Foundation Server\Web Services\Services\v1.0\Transforms” directory. It transforms the Event XML in to HTML or TEXT. (more…)
Wanted to build a Visual Studio Web Project that would allow me to select a Team Project from a drop-down box and then list all of the folders associated with the Project. This will be used as a stepping stone to later add some check in notifications to Team Foundation Server to perform some specific action based on what folder the source member was checked into….
But for now it just lists the folders associated with the project.
So here is HTML associated with my example project:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
| < %@ Page Language="vb" AutoEventWireup="false" CodeBehind="Default.aspx.vb" Inherits="TFSListFolders._Default" %>
< !DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server">
<div>
Select Team Project to Configure:
<asp :DropDownList ID="drpProjects" runat="server" AutoPostBack="True">
</asp>
</div>
<asp :ListBox ID="lstFolders" runat="server" Height="193px" Width="805px">
</asp>
</form>
</body>
</html> |
(more…)