Backup all Active Directory authorised DHCP Servers

Posted on Fri 13th January, 2012 by Lewis

Use the following VBScript code to interrogate Active Directory for a list of all authorised DHCP Servers which are then piped to a Net Shell (NETSH) backup command.

The backups are (usually) created in C:\DHCP_BACKUPS and this folder must exist prior to executing the script.


'==========================================================
' Author: Lewis Roberts
'
' Date: 13/01/2012
'
' Description: Automates the backup of all "authorised"
' DHCP Servers listed in the Active Directory using ADO
' (to obtain the list of authorised servers)
' and NETSH (to perform the actual backup)
'
'===========================================================

'On Error Resume Next

Set oSh = CreateObject("WScript.Shell")						' Instantiate a Shell Object
Set oFS = CreateObject("Scripting.FileSystemObject")		' Instantiate a File System Object

Set oSystem = oSh.Environment("PROCESS")
oSystemDrive = oSystem("SYSTEMDRIVE")

sBackupLocation = oSystemDrive & "\DHCP_BACKUPS"

If Not oFs.FolderExists(sBackupLocation) Then
	oSh.Popup "The backup folder : " & sBackupLocation & " does not exist!" & vbLf & vbLf &_
			  "Please create this folder before running this script again.", 0, "DHCP Server Backup", 0 + 16 + 2048
	WScript.Quit
End If

ADSRoot = "CN=Configuration,DC=domain,DC=com"

Const ADS_SCOPE_SUBTREE = 2

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection

objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

objCommand.CommandText = "SELECT * FROM 'LDAP://" & ADSRoot & "' WHERE objectClass='dHCPClass' ORDER BY DisplayName"

Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst

	Do Until objRecordSet.EOF
		strADPath = LCase(objRecordSet.Fields("adsPath").Value)

		Set oDHCPServer = GetObject(objRecordSet.Fields("adsPath").Value)

		oServer = oDHCPServer.cn
		If Not oServer = "DhcpRoot" Then
			oSh.Popup  "Processing DHCP Server: " & oServer, 1, "DHCP Backup", 0 + 2048 + 4096
			StrCommand = "CMD /C NETSH DHCP SERVER \\" & oServer & " DUMP > """ & sBackupLocation & "\" & oServer & "_DHCP_CONFIG.TXT"""
			oSh.Run strCommand
		End If

		Set oDHCPServer = Nothing

		objRecordSet.MoveNext
	Loop

WScript.Quit

Let me know if you have any issues!

- Lewis

Posted in Scripting | Leave a comment

TIP: List members of a group

Posted on Wed 7th December, 2011 by Lewis

To list all members of a known group in human readable form (without the DN) from Active Directory:

dsget group "CN=MyGroup,OU=MyGroupOU,DC=domain,DC=com" -members | dsget user -fn -ln > MyGroup.txt

OR to just get their display name:

dsget group "CN=MyGroup,OU=MyGroupOU,DC=domain,DC=com" -members | dsget user -display > MyGroup.txt

-Lewis

Posted in General | Leave a comment

Convert GET to POST with jQuery

Posted on Fri 30th September, 2011 by Lewis

A bit of code to convert GET values obtained from a clicked link in to a POST and send it as a post using jQuery.

<p style="padding-left: 30px;">$('.cssclass').click(function() {

var postvar = $(this).attr("href").split('?');

$.post(postvar[0], postvar[1], function(i) {
// Look after (i) or do magic.
});

return false;
});</p>

If you generate href values in your code for dynamic effects with jQuery, you need to convert the href attribute in the 

<a>

tag to a post. I use the above code to do just that.

Say you have the following bit of html in your page:

<p style="padding-left: 30px;"><a class="delete_item" href="dopoststuff.php?action=add&amp;item=21" title="Delete item 21">Delete</a></p>

If a user clicks that link, the browser performs a GET request for the page with those vars. If you would like to do something a bit more sexy than a GET, say, some animation, you need jQuery to step in.

With the code at the top of this post, we can alter this GET to a POST using jQuery thus:

<p style="padding-left: 30px;">$('.delete_item').click(function() {

var postvar = $(this).attr("href").split('?');

$.post(postvar[0], postvar[1], function(i) {
// Look after (i) or do magic.
});

return false;
});</p>

Here we bind a click event to the “delete_item” class which overrides the browser default action of doing a GET. We then use jQuery’s $(this), that is the 

<a>

tag, to pull the href attribute from the link and split it where the question mark is.

The split() method creates an array and assigns it to the “postvar” variable at the start of that line.

Given the above html example, this would give us the following array within postvar:

<p style="padding-left: 30px;">{ "dopoststuff.php", "action=add&amp;item=21" }</p>

Now we can use jQuery’s $.post() method to send the original request as a POST instead of a GET.

<p style="padding-left: 30px;">$.post(postvar[0], postvar[1], function(i) {
// Look after (i) or do magic.
});</p>

There, simple.

The only thing I can think of that would trip this code up is the use of a second ? within the href attribute, though why anyone would do that is a mystery since they should probably encode the question mark instead.

- Lewis

Posted in General, Scripting, Web Development | Tagged , , | Leave a comment

Upgrading a single ESXi 4.1 host to ESXi 5

Posted on Mon 26th September, 2011 by Lewis

Rather than spend 45 minutes digging through the documentation to find the KB article which deals with your rather modest private cloud solution, here’s the link to the VMWare documentation for those of us with private clouds (servers with a hypervisor and a number of guest OSs) that want to upgrade interactively (with a CD)

VMWare vSPhere 5 Documentation: Upgrade or Migrate Hosts Interactively

-Lewis

Posted in General | Leave a comment

Batch scripting is not dead

Posted on Fri 23rd September, 2011 by Lewis

There’s still a little place in my heart for a decent batch script. This morsel prompts the user to enter a new computer name and then, using NETDOM, it renames the computer on the domain securely prompting for the password of an account with the required privileges. Use it in a deployment if you aren’t able or willing to use WDS’ built-in Client Naming Policy and prefer not to end up with PC-RT4T5FGR8HY or something equally ridiculous.

@ECHO OFF
ECHO.
ECHO This computer is currently named: %COMPUTERNAME%
ECHO.
SET /P TARGETNAME=Enter a new computer name:
ECHO.
ECHO The computer will be renamed to: %TARGETNAME%
NETDOM RENAMECOMPUTER %COMPUTERNAME% /NewName:%TARGETNAME% /UserD:[Administrator] /PasswordD:* /SecurePasswordPrompt /Reboot:15
PAUSE

I’d love to see a PowerShell example that queries a bespoke database for a unique computer name, applies it to the computer and marks it as used in the database – a little project perhaps…?

-Lewis

Posted in General | Leave a comment

Use netsh to set a static IP

Posted on Fri 23rd September, 2011 by Lewis

Since I often seem to forget the correct syntax for setting a static IP address using netsh, I’ve decided to blog it then I know where to come to remind myself!

netsh interface ipv4 set address "Local Area Connection" static 192.168.0.10 255.255.255.0 192.168.0.1
netsh interface ipv4 set dns "Local Area Connection" static 192.168.0.1

And when setting back to DHCP

netsh interface ipv4 set address "Local Area Connection" dhcp
netsh interface ipv4 set dns "Local Area Connection" dhcp

Posted in General | Leave a comment

Configuring FTP Firewall Support for dynamic IP in IIS 7.5

Posted on Wed 21st September, 2011 by Lewis

If like me you’re stuck with a dynamic IP address on your Internet connection but still wish to provide FTP services from IIS7.5 on Windows Server 20008R2, you may have noticed that when connecting to the FTPS server with an FTP client, you receive the internal IP address of your FTP server in the control commands which leaves some FTP clients flustered and unable to communicate with your FTP server.

If you’re hosting your server beyond a NAT device, the correct solution is to complete the external IP address under the FTP Firewall Support section within IIS 7.5, but if like me you have a dynamic IP address you’re going to be kept busy doing just that!

Using a three line PowerShell script, you can keep your FTP site’s FTP Firewall Support IP address up to date automatically. Just combine it with Task Scheduler to update at your desired frequency.

Import-Module WebAdministration
$ip=[System.Net.Dns]::GetHostAddresses("host.domain.com")| Select-Object -ExpandProperty IPAddressToString
Set-WebConfigurationProperty -filter "/system.applicationHost/sites/site[@name='nameofsite' and @id='1']/ftpServer/firewallSupport" -name externalIp4Address -value $ip

FileZilla FTP Client is one of the FTP clients which is intelligent enough to detect when it has been sent an internal IP address in the command response and automatically changes it to the external IP address of the server but relying on this as a long term solution is not feasible.

-Lewis

Posted in General, Scripting | Leave a comment

WDS Client Naming Policy ignored when deploying Windows 7

Posted on Mon 19th September, 2011 by Lewis

If you find that your client naming policy as set on your Windows Deployment Services server is being ignored when you deploy a Windows 7 image, you may find that there’s a little known setting which has not been enabled in the ImageUnattend.xml file associated with the image you are deploying.

This post on Microsoft’s answers website discusses the issue at length with many people falling foul of the problem. An answer is given at the very end but the reasons for the answer are not clearly explained.

The setting and the reasons why you might choose either option is explained more clearly in the Technet documentation for Windows Deployment Services.

To summarise, if you are performing automated domain join operations for a Windows 7 image and find that your Client Naming Policy is being ignored, you should enable the UnsecureJoin option for the specialize phase of the x86_Microsoft-Windows-UnattendedJoin_neutral component as in the following screenshot:

Some of you may be concerned that the UnsecureJoin feature would actually reduce security on your domain and for those of you with pure Windows Server 2008R2 domains, you may need to dial down security and alter the Default Domain Controllers Policy to Allow cryptography algorithms compatible with Windows NT 4.0 before you are able to add computers to the domain using the UnsecureJoin feature. If you are still deploying Windows XP clients on to your network, you’ll find you must do this when you specify DoOldStyleDomainJoin in the sysprep.inf file.

The biggest disadvantage of doing a secured domain join is that the credentials are stored unsecured in the ImageUnattend.xml file which any nosey parker on your network could discover if they poke around any shares on your WDS server so my recommendation is to use UnsecureJoin wherever possible to avoid this security issue.

-Lewis

Posted in General | Leave a comment