Keith Smith - My Blog

Keith Smith - My Blog


Active Directory Topology Diagrammer

Thursday, May 17, 2018 - Posted by Keith A. Smith, in Automation, Microsoft

Overview

Have you ever wondered…what does our Active Directory structure really look like? Do you want to automate the process of creating a diagram of Active Directory OU? As described on Microsoft’s download page for Active Directory Topology Diagrammer:
The Microsoft Active Directory Topology Diagrammer reads an Active Directory configuration using LDAP, and then automatically generates a Visio diagram of your Active Directory and /or your Exchange Server topology. The diagrams may include domains, sites, servers, organizational units, DFS-R, administrative groups, routing groups and connectors and can be changed manually in Visio if needed.

If you need to create Active Directory drawings for Visio, then this is the utility that is going to do it for you in really detailed fashion.

You Don’t Create the Drawings From Inside Visio

Previous versions of Visio made connections into different data sources. For instance, you could ping networks and connect up to Active Directory. Visio 2016 does not connect up to Active Directory directly, and the Active Directory Topology Diagrammer does not operate from inside Visio.

After downloading the AD Diagrammer, you run it independently. You actually don’t even need Visio on your machine unless you want to edit the diagrams. If you just want to view them, you can just use the Visio Viewer, or upload them to a SharePoint site with Visio Services enabled.

Running the Active Directory Topology Diagrammer



To create your Active Directory diagrams, start the AD Topology Diagrammer and provide it with the domain name in the Global Catalog Server / DNS Domain Name section of the main window. The tabs let you specify which parts of the directory information you want to diagram. You can also choose to update the drawings that are already there or to create new drawings. You can also choose whether or not to diagram the trusted domains, or just provide the details for the trusts. Choose whether you want your diagram to include user counts for each domain diagrammed.




For OU options, you can limit the number of levels to search in an OU and you can also include the names of any GPOs that are applied to an OU.



Options that you can set in the Sites tab let you decide if you want site connections listed, including empty sites, and whether or not to include subnet information in the AD diagrams being created. You can also specify whether or not to include all possible site connections for cases where the sites have more than 2 connections.




The Exchange tab allows the utility to connect into your Exchange Server to diagram the message connectors, as well as options like counting the number of mailboxes per server and overwriting the Routing Group information with AD Sites instead.




There’s only one options for diagramming the application partition, and that’s whether or not to diagram it! Make your choice and you’re done with this tab.



Likewise, you only need to set whether or not to include the DFS Replication settings for the DFS-R tab. There are no other options available for this section.
Finally, you can choose to diagram the servers in the AD Structure:



Options for the Server diagramming include whether to include the OS version that the server is running and whether to include the fully qualified domain name. If you’re mapping multiple domains, it may be helpful to color code them based on what domain they’re in.





Set the File Output Options and You’re Ready To Diagram


In the Options menu, you can modify the location of the diagrams. You can specify different locations for each file that’s going to be created for you.




There are also log files that are created for the AD Export data and any debug info for the Application.



This is a really awesome tool and I hope you find it useful. Happy AD Topo Diagramming Big smile



-End

View Comments 0 Comments
Share Post   


An error occurred while consolidating disks: One or more disks busy

Thursday, March 29, 2018 - Posted by Keith A. Smith, in VMware

We've all encountered the dreaded error "An error occurred while consolidating disks: One or more disks are busy" when trying to consolidate virtual machines in vmware.

To resolve this vmware has published articles like http://https://kb.vmware.com/s/article/2150414 but for me I found that simply shutting down the VM and the vCenter server seems to allow the consolidation process to complete when connecting to the hosts box directly via the vcenter client. I figured I take a few minutes to write this up since it may help someone else.


-End

View Comments 0 Comments
Share Post   


event id 5807

Tuesday, March 27, 2018 - Posted by Keith A. Smith, in Microsoft

I recently encountered a rare event log entry event id 5807

During the past 4.22 hours there have been 24 connections to this Domain Controller from client machines whose IP addresses don't map to any of the existing sites in the enterprise. Those clients, therefore, have undefined sites and may connect to any Domain Controller including those that are in far distant locations from the clients. A client's site is determined by the mapping of its subnet to one of the existing sites. To move the above clients to one of the sites, please consider creating subnet object(s) covering the above IP addresses with mapping to one of the existing sites.

The names and IP addresses of the clients in question have been logged on this computer in the following log file '%SystemRoot%\debug\netlogon.log' and, potentially, in the log file '%SystemRoot%\debug\netlogon.bak' created if the former log becomes full. The log(s) may contain additional unrelated debugging information. To filter out the needed information, please search for lines which contain text 'NO_CLIENT_SITE:'. The first word after this string is the client name and the second word is the client IP address. The maximum size of the log(s) is controlled by the following registry DWORD value 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\LogFileMaxSize'; the default is 20000000 bytes.  The current maximum size is 20000000 bytes.  To set a different maximum size, create the above registry value and set the desired maximum size in bytes.

After doing a search for netlogon.log and taking a closer look at the netlogon.log file, I noticed that it doesn’t record the year of each entry, just the day and month.  I scrolling down to the bottom and all the most recent entries, I noticed that the ip address range had not been defined in AD Sites and Services.  The IP’s were from laptops connecting through the VPN which was assigning a completely different subnet,  so I just added the VPN subnet and everything was fine after that.


-End
View Comments 0 Comments
Share Post   


Why you should review your ISP Advertising and Marketing Preferences

Sunday, March 11, 2018 - Posted by Keith A. Smith, in Security

I was recently asked by a colleague of my mine if it was possible that Comcast could be targeting ads based content that was viewed while using the services. I said “it’s possible if you haven’t opted out of anything preferences” typically service providers automatically opt-in customers into data collection practices now. My colleague logged into the account —> went into settings then clicked on communications & ad preferences to find 4 very interesting area’s under “Advertising Preferences” and “Marketing Preferences”

My colleague clicked on the edit for the cable targeted advertising and was shocked to see that the opt in box was checked and immediately switched to Opt out for advanced advertising preferences: activity data and ad groups. On the same page we saw links to the privacy notice and the FAQ for advanced advertising preferences, the privacy policy clearly stated that

We also collect information about your account and your use of the Services, which may include:
    •    your account number;
    •    billing, payment, and deposit history;
    •    maintenance information;
    •    the types of Services to which you subscribe;
    •    the device identifiers and network addresses of equipment used with your account;
    •    voice commands;
    •    video and audio recordings;
    •    records indicating the number and types of devices connected to our network;
    •    technical information about your Service-related devices, including customization settings and preferences;
    •    network traffic data;
    •    information about your use of the Services and their features, including video activity data, as well as Internet or online information such as web addresses and other activity data in order to render Internet service; and
    •    additional information about the Service options you have chosen.

"When you use the Services, our cable system automatically generates, transmits, and collects much of this information as part of providing the Services to you. For example, we receive information about the use of set-top boxes, remote controls, program guides, video players, applications, and other devices and software connected to our cable system (“video activity data”). The video activity data includes, for example, which channels, programs, and advertisements are viewed and for how long. It may also include information about navigation through program guides and applications, and use of devices like remote controls and tablets. If you select various features of our equipment, such as voice commands or search, we also will collect and process the data needed to fulfill your requests."

As we continued to review the notices and policies we saw more of information which led to me suggest the use of a VPN service, there are many providers of this service now and most of in the IT field have started suggesting this more frequently.


-End

View Comments 0 Comments
Share Post   


Kanboard

Friday, January 19, 2018 - Posted by Keith A. Smith, in Linux

What is kanboard?

Kanboard is an opensource web hosted project management software. So far I think it’s pretty damn cool. It has all the features of the top paid project management solutions out there with the little added bonus of it being free.

The “cost” for anyone working with FOSS will be the setup time. This was my first time trying to setup Kanboard so I figured I would post how it went, I did encounter some stumbling blocks  so I noted the solutions I used to get the installation up and running. Hopefully this will reduce the “cost” for you.

I tested this on Ubuntu Xenial 16.04 LTS

Installation

  1. sudo apt-get update and upgrade
  2. sudo apt-get install -y apache2 libapache2-mod-php7.0 php7.0-cli php7.0-mbstring php7.0-sqlite3 \  php7.0-opcache php7.0-json php7.0-mysql php7.0-pgsql php7.0-ldap php7.0-gd
  3. cd /var/www/html
  4. sudo apt-get install php-xml
  5. sudo apt-get update && apt-get install git
  6. sudo git clone https://github.com/kanboard/kanboard.git
  7. chown -R www-data:www-data kanboard/data
  8. Reboot
  9. Try the url http://hostname/kanboard








I commented out the two bottom lines to make it work.

// Credentials for authentication on the SMTP server (not mandatory)
define('MAIL_SMTP_USERNAME', 'username');
define('MAIL_SMTP_PASSWORD', 'super password');




Errors I encountered

Internal Error: PHP extension required: “pdo_sqlite”

Solution: Run the following in the terminal window

sudo apt-get install php7.0-sqlite



Internal Error: This PHP extension is required: "dom".

sudo apt-get install php-xml



-End

View Comments 0 Comments
Share Post   


Page  <1...34567...18>