Use PowerShell to Find and Remove Inactive Accounts from AD

Keeping Active Directory (AD) tidy can help reduce replication bandwidth if you have domain controllers in different sites, and make troubleshooting and management easier. In this Ask the Admin, I’ll show you how to easily remove a computer account from AD, and how to query the directory for accounts that haven’t been used in a long time.

Remove Computer Accounts Using PowerShell

To remove one or more computer accounts using PowerShell, log on to Windows Server 2012 R2, or a Windows 8 management workstation that’s a member of your Active Directory domain, using an account that has permission to delete AD objects. If you decide to run the commands on a machine that isn’t a domain controller, the AD module for PowerShell must be installed.

• Open a PowerShell prompt, using either the icon on the desktop taskbar (Windows Server), or by switching to the Start screen, typing powershell and selecting Windows PowerShell from the search results (Windows 8).
• In the PowerShell prompt, type remove-adcomputer -identity workstation01 and press ENTER, replacing workstation01 with the name of the computer account you want to remove.

Search AD for Inactive Computer Accounts

Now that we know how to remove computer accounts using the command line, let’s query AD for computer accounts that haven’t been used for a long time. Computer account passwords are automatically reset by AD every 30 days, so you can determine yourself what length of time you should let pass before deleting the accounts from AD. A year or more would likely be a safe option.

In this example, I’m going to use the get-adcomputer cmdlet, and the select and sort object cmdlets to format the results:

get-adcomputer -filter * -properties passwordlastset | select name, passwordlastset | sort passwordlastset

We need to add in the –properties parameter because the passwordlastset attribute is not displayed in the results by default. Select name and sort are then used to ‘pull out’ and order only the required information.

Now let’s add a more complex filter. We can use the get-date cmdlet to create a variable that sets the filter to show accounts that have had their accounts reset more than one year ago. To create the variable, type $date = (get-date).addyears(-1) and press Enter.

Now we can modify the command to include a less than (-lt) argument in the filter:

get-adcomputer -filter {passwordlastset -lt $date} -properties passwordlastset | select name, passwordlastset | sort passwordlastset

Finally, once we are sure the filter is right, we need to add the remove-adobject cmdlet as follows, without the select and sort cmdlets. Notice that I’m using the remove-adobject cmdlet and not remove-adcomputer, because remove-adcomputer is not able to delete accounts that have embedded ‘leaf’ objects, such as computer accounts for virtual machines.

 

get-adcomputer -filter {passwordlastset -lt $date} -properties passwordlastset | remove-adobject -recursive -verbose -confirm:$false

Via Use PowerShell to Find and Remove Inactive Accounts from AD.

Run PowerShell Scripts with Local Administrator Rights

Sooner or later, as you begin to hone your PowerShell skills, you’ll start writing scripts to automate repetitive tasks. If you run your workstation with standard user privileges, you’ll soon discover that it’s not possible to launch PowerShell scripts with administrative privileges by right-clicking the script and selecting Run as administrator from the context menu (which is available for most over types of executable). Today I’ll show you two ways that you can launch PowerShell scripts with admin privileges.

Modify a Script to Force Elevation

Add this snippet of code to the beginning of your PowerShell script, and a UAC prompt will appear, asking for administrative credentials or consent before any subsequent code is executed.

param([switch]$Elevated)

function Check-Admin {

$currentUser = New-Object Security.Principal.WindowsPrincipal $([Security.Principal.WindowsIdentity]::GetCurrent())

$currentUser.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)

}

if ((Check-Admin) -eq $false)  {

if ($elevated)

{

# could not elevate, quit

}

 

else {

 

Start-Process powershell.exe -Verb RunAs -ArgumentList (‘-noprofile -noexit -file “{0}” -elevated’ -f ($myinvocation.MyCommand.Definition))

}

exit

}

Run a Code from an Elevated Instance of the Windows PowerShell Integrated Scripting Environment (ISE)

Alternatively, you can run scripts directly from inside the Windows PowerShell ISE. To start the ISE with administrative privileges:

• Switch to the Start menu in Windows 8, type powershell ise, and make sure that PowerShell ISEis selected in the search results. Press CTRL+SHIFT+ENTER to start the ISE with elevated privileges and enter administrative credentials or give sent if prompted.
• In the PowerShell ISE window, select Open from the File menu to load your script.
• Once the script is loaded into the ISE, press F5 to run the script.

 

The Windows PowerShell ISE is a useful environment for creating and editing your scripts. You have access to all the installed PowerShell modules and their related commands, plus troubleshooting tools.

Via Run PowerShell Scripts with Local Administrator Rights.

Installing GoDaddy SSL Certificate in F5 BIG-IP

Installing an SSL Certificate in F5 BIG-IP Load balancer

After your certificate request is approved, you can download your SSL and intermediate certificate from within the SSL application. For more information see Downloading Your SSL Certificate. Both of these files must be installed on your Web server.

You may also download the intermediate certificate from the repository.

NOTE: When downloading your certificate, select Apache as your server type.

To Install SSL Certificates

1. Launch the F5 BIG-IP Web GUI.
2. Under Local Traffic, select SSL certificates.
3. Select the name you assigned to the certificate under General Properties.
4. Browse to the your_domain_name.crt file that you received from us.
5. Click Open and then Import.

Enabling Your Intermediate Certificate Using BIG-IP Loadbalancer v.9

1. In the Web GUI, select Local Traffic, then SSL certificates, and then Import.
2. Under Import Type, select Certificate, and then Create New.
3. Enter “GoDaddy” as your certificate name.
4. Browse to the gd _bundle.crt file that you received from us, click Open, and then click Import.

To Enable Your SSL

1. Create or open the SSL Profile for the certificate.
2. Under Configuration, select Advanced.
3. Select the SSL certificate (public/private key pair) that you installed at the beginning of these instructions.
4. Under the Chain, browse to the “GoDaddy” (gd_bundle.crt) file that you imported in the previous step, then Save and Exit the configuration.

Using Your SSL Using an Earlier Version of BIG-IP Loadbalancer

1. Inside of your SSL account, download the primary (your_domain_name.crt) and intermediates bundle ( gd_bundle.crt ) certificate files.
2. Move your primary and intermediate certificates to the BIG-IP device. This can be done via FTP.
3. Rename your primary certificate from your_domain_name.crt to your.domain.name.crt and copy it to the /config/bigconfig/ssl.crt/ folder.
4. Copy the intermediates bundle (gd_bundle.crt ) to the /config/bigconfig/ssl.crt/ folder.
5. Restart the proxy using these commands:

 

# bigpipe proxy <IP Address>:443 disable
# bigpipe proxy <IP Address>:443 enable

Via Installing an SSL Certificate in F5 BIG-IP Loadbalancer | GoDaddy Help | GoDaddy Support.

How to Ping all addresses in network – CMD batch file.

FOR /L %i IN (1,1,254) DO ping -n 1 192.168.10.%i | FIND /i “Reply”>>c:\ipaddresses.txt

Change 192.168.10 to match you own network.

By using -n 1 you are asking for only 1 packet to be sent to each computer instead of the usual 4 packets.

The above command will ping all IP Addresses on the 192.168.10.0 network and create a text document in the C:\ drive called ipaddresses.txt. This text document should only contain IP Addresses that replied to the ping request.

Although it will take quite a bit longer to complete, you can also resolve the IP Addresses to HOST names by simply adding -a to the ping command.

 

FOR /L %i IN (1,1,254) DO ping -a -n 1 192.168.10.%i | FIND /i “Reply”>>c:\ipaddresses.txt

via batch file – Ping all addresses in network, windows – Stack Overflow.

VMware Location of ESXi 5.0 log files

ESXi 5.0 Host Log Files

Logs for an ESXi 5.0 host are grouped according to the source component:

• /var/log/auth.log: ESXi Shell authentication success and failure.
• /var/log/dhclient.log: DHCP client service, including discovery, address lease requests and renewals.
• /var/log/esxupdate.log: ESXi patch and update installation logs.
• /var/log/hostd.log: Host management service logs, including virtual machine and host Task and Events, communication with the vSphere Client and vCenter Server vpxa agent, and SDK connections.
• /var/log/shell.log: ESXi Shell usage logs, including enable/disable and every command entered..
• /var/log/sysboot.log: Early VMkernel startup and module loading.
• /var/log/boot.gz : A compressed file that contains boot log information and can be read using zcat /var/log/boot.gz|more .
• /var/log/syslog.log: Management service initialization, watchdogs, scheduled tasks and DCUI use.
• /var/log/usb.log: USB device arbitration events, such as discovery and pass-through to virtual machines.
• /var/log/vobd.log: VMkernel Observation events, similar to vob.component.event.

Note: For clarification VOB and the corresponding service VOBD propagates kernel level errors to third-party applications. VOBD is a daemon that VMware and third-party applications use for monitoring and troubleshooting.

 

• /var/log/vmkernel.log: Core VMkernel logs, including device discovery, storage and networking device and driver events, and virtual machine startup.
• /var/log/vmkwarning.log: A summary of Warning and Alert log messages excerpted from the VMkernel logs.
• /var/log/vmksummary.log: A summary of ESXi host startup and shutdown, and an hourly heartbeat with uptime, number of virtual machines running, and service resource consumption.
• Note: For information on sending logs to another location such as a datastore or remote syslog server, see   Configuring syslog on ESXi 5.0 (2003322).

ESXi 5.1 Host Log Files

Logs for an ESXi 5.1 host are grouped according to the source component:

• /var/log/auth.log: ESXi Shell authentication success and failure.
• /var/log/dhclient.log: DHCP client service, including discovery, address lease requests and renewals.
• /var/log/esxupdate.log: ESXi patch and update installation logs.
• /var/log/lacp.log: Link Aggregation Control Protocol logs.
• /var/log/hostd.log: Host management service logs, including virtual machine and host Task and Events, communication with the vSphere Client and vCenter Server vpxa agent, and SDK connections.
• /var/log/hostd-probe.log: Host management service responsiveness checker.
• /var/log/rhttpproxy.log: HTTP connections proxied on behalf of other ESXi host webservices.
• /var/log/shell.log: ESXi Shell usage logs, including enable/disable and every command entered.
• /var/log/sysboot.log: Early VMkernel startup and module loading.
• /var/log/boot.gz: A compressed file that contains boot log information and can be read using zcat /var/log/boot.gz|more.
• /var/log/syslog.log: Management service initialization, watchdogs, scheduled tasks and DCUI use.
• /var/log/usb.log: USB device arbitration events, such as discovery and pass-through to virtual machines.
• /var/log/vobd.log: VMkernel Observation events, similar to vob.component.event.
• /var/log/vmkernel.log: Core VMkernel logs, including device discovery, storage and networking device and driver events, and virtual machine startup.
• /var/log/vmkwarning.log: A summary of Warning and Alert log messages excerpted from the VMkernel logs.
• /var/log/vmksummary.log: A summary of ESXi host startup and shutdown, and an hourly heartbeat with uptime, number of virtual machines running, and service resource consumption.
• /var/log/Xorg.log: Video acceleration.

 

Note: For information on sending logs to another location (such as a datastore or remote syslog server), see Configuring syslog on ESXi 5.0 (2003322).

Via: VMware KB: Location of ESXi 5.0 log files.

Via: VMware KB: Location of ESXi 5.1 and 5.5 log files.

 

How To View Logs Files on Linux

Almost all log files are located under /var/log directory and its sub-directories on Linux. You can change to this directory using the cd command. You need be the root user to view or access log files on Linux or UNIX like operating systems. You can use the following commands to see the log files:

1.    less command

2.    more command

3.    cat command

4.    grep command

5.    tail command

6.    zcat command

7.    zgrep command

8.    zmore command

 

How do I view log files on Linux?

Open the Terminal or login as root user using ssh command. Go to /var/logs directory using the following cd command:
# cd /var/logs

To list files use the following ls command:
# ls

To view a common log file called /var/log/messages use any one of the following command:
# less /var/log/messages
# more -f /var/log/messages
# cat /var/log/messages
# tail -f /var/log/messages
# grep -i error /var/log/messages

Common Linux log files names and usage

§  /var/log/messages : General message and system related stuff

§  /var/log/auth.log : Authenication logs

§  /var/log/kern.log : Kernel logs

§  /var/log/cron.log : Crond logs (cron job)

§  /var/log/maillog : Mail server logs

§  /var/log/qmail/ : Qmail log directory (more files inside this directory)

§  /var/log/httpd/ : Apache access and error logs directory

§  /var/log/lighttpd/ : Lighttpd access and error logs directory

§  /var/log/boot.log : System boot log

§  /var/log/mysqld.log : MySQL database server log file

§  /var/log/secure or /var/log/auth.log : Authentication log

§  /var/log/utmp or /var/log/wtmp : Login records file

§  /var/log/yum.log : Yum command log file.

GUI tool to view log files on Linux

System Log Viewer is a graphical, menu-driven viewer that you can use to view and monitor your system logs. This tool is only useful on your Linux powered laptop or desktop system. Most server do not have X Window system installed. You can start System Log Viewer in the following ways:

Click on System menu > Choose Administration > System Log:

A note about rsyslogd

 

All of the above logs are generated using rsyslogd service. It is a system utility providing support for message logging. Support of both internet and unix domain sockets enables this utility to support both local and remote logging. You can view its config file by tying the following command:
# vi /etc/rsyslog.conf
# ls /etc/rsyslog.d/
In short /var/log is the location where you should find all Linux logs file. However, some applications such as httpd have a directory within /var/log/ for their own log files. You can rotate log file using logrotate software and monitor logs files using logwatch software.

Via: Linux Log Files Location And How Do I View Logs Files on Linux?.

How-to Start / Stop / Restart Network Service in Linux

How-to Start / Stop / Restart Network Service in Linux

You can use the following commands as per your UNIX operating systems.

HP-UX Unix start / stop / restart networking service

# /sbin/init.d/net stop
# /sbin/init.d/net start
# /sbin/init.d/hostname start

IBM AIX Unix start / stop / restart networking service

Simply type the following command to make changes to tcp/ip
# smitty mktcpip
Start network service
# startsrc
Stop network service
# startsrc

OpenBSD start / stop / restart networking service

Start network service
# sh /etc/netstart pnc0

FreeBSD start / stop / restart networking service

Restart network service
# /etc/rc.d/netif restart

Sun/Oracle Solaris Unix start / stop / restart networking service

Restart network service

# svcadm restart physical

Linux: CentOS / RHEL / Red Hat / Fedora start / stop / restart networking service

# service network stop
# service network start
# service network restart

Linux: Debian / Ubuntu server start / stop / restart networking service

 

# service networking stop
# service networking start
# service networking restart

Via Unix HowTo: Start / Stop / Restart Network Service Command.

How To Disable Firewall on Linux

How To Disable Firewall on RHEL / CentOS / RedHat Linux

iptables is administration tool / command for IPv4 packet filtering and NAT. You need to use the following tools:

service is a command to run a System V init script. It is use to save / stop / start firewall service.

chkconfig command is used to update and queries runlevel information for system service. It is a system tool for maintaining the /etc/rc*.d hierarchy. Use this tool to disable firewall service at boot time.

How Do I Disable Firewall?

First login as the root user.

Next enter the following three commands to disable firewall.
# service iptables save
# service iptables stop
# chkconfig iptables off

 

If you are using IPv6 firewall, enter.
# service ip6tables save
# service ip6tables stop
# chkconfig ip6tables off

Via How To: Disable Firewall on RHEL / CentOS / RedHat Linux.

Show all installed packages or software in Linux

Red Hat/Fedora Core/CentOS Linux

Type the following command to get list of all installed software
# rpm -qa | less

Debian Linux

Type the following command to get list of all installed software:
# dpkg –get-selections

Ubuntu Linux

Type the following command to get list of all installed software:
# sudo dpkg –get-selections

FreeBSD

Type the following command to get list of all installed software:
# pkg_info | less
# pkg_info apache

Use pkg_version command to summarizes the versions of all installed packages:
# pkg_version | less
# pkg_version | grep ‘lsof’

OpenBSD

 

OpenBSD also use pkg_info command to display list of all installed packages or software:
# pkg_info | less
# pkg_info apache

Via Show all installed packages or software in Linux, FreeBSD, OpenBSD.