Create FTP with Local User Isolation (in Powershell Script)

FTP with user isolation is a magic feature that microsoft introduced since IIS 7.5. It's similar to chroot in linux that each user is jailed in each his own directory ;P. Each user's directory is isolated from other users' directories, so that other users' cannot see each other's directory which is a good security option.
If you are looking for Graphical Method to setup FTP with user isolation in IIS console, there is my another blog post for that.
In this blog post, I will show you how you can script to automate this setup. It is quite a large script & I do not use IIS cmdlets that is available only in server Windows 8, Windows 10, Server 2012, Server2012R2 because IIS 7.5 which is available in Server 2008R2 do not have cmdlets to configure IIS specifically.. So, editing the IIS xml configuration is the way to go. If you are running the script on Server 2008R2, you need to install powershell 3.0 first (To install Powershell 3.0 on Server2008R2, you will need Server2008R2 SP1 with .Net framework 4.0 installed). I commented in the script before each sections so that powershell users can easily understand the code/logic. You can also create ftp administrator with -AdminIncluded option to browse the uploaded files in all directories. Also, don't forget to run the script from elevated powershell command. Script is also provided in this post.

Example usages are:
1) To setup FTP user isolation with FTP Administrator account. FTP Site name is "My-First-FTP" and Port is 21. User name list is created under c:\userlist.csv
Create_FTP_Local_User_Isolation.ps1 -FtpSiteName My-First-FTP -Port 21 -AdminIncluded -UserListCsv c:\userlist.csv

2) To setup FTP user isolation without FTP Administrator account with the default site name,port and SSL.
Create_FTP_Local_User_Isolation.ps1 -RequireSSL -UserListCsv c:\userlist.csv
I put some pictures for reference. I first run the script to create 4 ftp users. Then, I included Admin on the next run. See Fig-1.

Fig-1: Create FTP with user isolation

Create FTP with Local User Isolation (in GUI Method)

The magic of ftp with user isolation is that every users has his own directory and this user cannot see or browse other users' directories. In linux, it is similar to "chroot" option after the user has logged in. This feature came from since IIS 7.5 (server2008R2).
In this tutorial, we are going to create FTP with user isolation in Graphical Mode. If you are looking for automatic setup, then I wrote a powershell script for this work here.

Powershell: Monitor ICMP Ping with Timestamps for Logging

Ping is the most basic and the most oldest built-in tool, that every system/network administrator cannot live without when troubleshooting network connection at TCP/IP Layer-3. I sometimes had to make long time ping test for network latency issues. Test-Connection is introduced since powershell 2.0. But, I found some issues while doing test-connection to some remote hosts, that is unable to display output instantly on console for some servers. Morever, it's unable to display the timestamp when the server is pinging its destination. So, using the built-in ping.exe, I re-write some wrap-up to suite for logging purpose with the display of timestamp & write to file in the background, using .net call & Tee-Object.

List ALL VMware SRM Protected VMs with their Protection Group Names

In your VMware Site-Recovery-Manager Environment, you may need to fetch the list of protected VMs and their associated protection group for documentation purpose. For this purpose, I created this one-liner command to fetch the necessary information with Name, Protection Group Name, Description, Replication Type & Datastore.

The WS-Management service cannot process the request. Cannot find the Microsoft.PowerShell session configuration in the WSMan: drive on the...

After updating to Ps 4.0, I found some windows hosts are encountering the following errors when I run Invoke-Command to check the powershell version. See Fig-1.

Connecting to remote server X.X.X.X failed with the following error message : The WS-Management service cannot process the request. Cannot find the Microsoft.PowerShell session configuration in the WSMan: drive on the X.X.X.X computer.

Figure-1: Failed to connect to remote host

After a few googling, I found that the problem is Default Powershell Configuration Session, Microsoft.powershell has been unregistered and there is only Microsoft.powershell.workflow registered.

WSUS Console Crashed after running some time

Aftering running WSUS Server some time. You may encounter the WSUS console crashed like Fig-1.

Figure-1: WSUS mmc console crashed

Let me explain 2 possible reasons & how to fix it.

Powershell Recursive Functions: How to List Folder/File Sizes to multiple levels

Being away from my blogging a while, for the scripting of the migration of 400 ftp users to new server, Today, I finalized a script that will list folders/file sizes recursively that I started writing a few days ago. We can also use TreeSize Free to graphically list folder sizes. Here in powershell, I'm going to show you the use of recursive functions to list folders sizes as being added from child directories sizes. Combined with Powershell remoting, you can use this script to remotely query users' profile sizes on remote computers.

Find which users stay with the oldest passwords in Workgroup/Domain Computers

Sometimes, you need to know which users are in local admin group or specific group on remote computers. Net User give us a good way to get password information for local or domain users. In domain environment, it is easy with Get-Aduser, but for local computers you can use like .net type accelerator  [ADSI]"WinNT://$env:COMPUTERNAME". But for now, I'll use 'net user' output plus WMI to handle this. Finally, it gives me a script to find user account & password info with the use of 'net user' + WMI in either local or domain environment. Though my example is only on unencrypted winrm connection which listen on port 5985, I suggest to use ssl encrypted for remote winrm connection.

Script to Join Active Directory Domain with Local user Profile migration

Writing a long good script is a tire-some job as well as interesting on the look & feel. It's been a quite a long time I didn't write good script whilst spending time with tiny utility scripts in my work. Today, I finalized a very good script which will join local users to domain users with automatic profile migration(current user) so that it will keep current local user's settings (such as wallpaper, Internet Explorer settings, Power Option Settings and their items on the desktop) in their new domain environment. And optionally you can choose not to migrate. For bulk deployment, you can compile the script to .exe with PowerGUI to bypass Powershell Execution Policy. Comments or feedbacks are welcome :D

Email Mailbox Migration Service available now !

Our myanmar local professionals are now giving services for different email mailbox migration scenarios in Myanmar at reasonable prices. We use softwares + various scripting techniques for a successful mailbox migration. Suggelbox to another so that user can keep history emails from old mailbox to new mailbox for emergency recall.

Where & how we transfer emails.

Restart Server at specific time without creating schedule Task !

Sometimes you need to schedule restart for your server maintenance. Restart-Computer does not have parameter for timing shutdown and you will have to use it with New-ScheduleTask which is available only in Ps 3.0 to create the schedule shutdown. Let's think it simple. We can use the build-in shutdown.exe in combination with powershell command.

The Microsoft FTP with user isolation and how to automate the setup with Powershell (with Domain Users)

The magic of FTP with user isolation, unlike a normal FTP server, is that every user
has his own directory and that user cannot touch other users' directories or change to root directory. In linux, it is similar to "chroot" option after the user has logged into his home directory, but it further needs configuring directory permissions.
Today, I will show you how to make ftp with user isolation in IIS 8.5 (also tested on server 2008R2 with IIS 7.5) with Domain user accounts in graphical Mode. Also, I have made a good powershell script to automate this ftp setup process for thousand of users ;P.

IIS Worker Process (w3wp.exe) memory usage too high in Exchange Server

w3wp.exe process is an IIS web application process to handle the client request for the application pool. Exchange server services heavily utilized w3wp process not only to handle users request from external but themselves make web service requests among Exchange server members using virtual directories (Owa, OAB & Powershell etc) and respective App pools. Unless you have not configured periodic recycling for Application Pool, you may need to do manual recycle to avoid memory leaks. Microsoft Technet states that:
Internet Information Services (IIS) application pools can be periodically recycled to avoid unstable states that can lead to application crashes, hangs, or memory leaks. By default, application pool recycling is overlapped, which means that the worker process that is to be shut down is kept running until after a new worker process is started. After a new worker process starts, new requests are passed to it. The old worker process shuts down after it finishes processing its existing requests, or after a configured time-out, whichever comes first. This way of recycling ensures uninterrupted service to clients. However, if an application in the application pool cannot run more than one instance of itself at a time, overlapping rotation can be disabled [source:Technet]

As shown in Fig-1, you can see the MsExchangePowershellFrontEndAppPool is consuming much memory which visually hits in the task manager. This  may be due memory leaks or we may need further analysis on App Pool. Anyway, we need to recycle that pool without restarting the IIS.

Figure-1: IIS Application Pool memory usage too high

Powershell: Find AD Users' Logon History with their Logged on Computers

Finding the user's logon event is the matter of event log in the user's computer. In domain environment, it's more with the domain controllers. What makes a system admins a tough task is searching through thousands of event logs to find the right information regarding users logon events from every domain controllers. Though we filter only the Kerberos Authentication Events for TGT (Ticket-Granting-Ticket) Requests, there are so many information in each event regarding to specific users.

How to Digitally Sign the Powershell Scripts with Microsoft CA in Domain – A step-by-step Guide - Part 4

4) Run the test scripts
Go to >> Part-1:Install ADCS service and configure Code Signing Certificate Template
Go to >> Part-2: Request the certificate to sign the script by user1
Go to >> Part-3: Configure GPO to allow only signed scripts and add user1’s certificate to trusted publisher group on domain computers

Now, it's time for user2(new user who recently joined the company ;) to run some scripts on Node-2 computer which is a newly domain joined computer. Also, don't forget to "gpupdate" on client computers after your GPO is changed.
We will do the following test cases:

Test case-1: user2 run unsigned script on computer Node-2.
Result: user2 cannot run the unsigned script because Node-2 computer is enforced by GPO not to run any unsigned scripts.


Test case-2: user2 gets the script written and signed by user1 and tries to run on Node-2 computer.
Result: user2 can run the script successfully since the script is digitally signed and unmodified.


Test case-3: user2 changes some code of user1's script and tries to run on Node-2 computer.
Result: user2 cannot run the script because the digital signature of certificate does not match the hash value of the file, which content has been changed.
You can see the output in Figure-1.

                                  Figure-1: Results of user2 tried to run various scripts

How to Digitally Sign the Powershell Scripts with Microsoft CA in Domain – A step-by-step Guide - Part 3

3) Configure GPO to allow only signed scripts and add user1’s certificate to trusted publisher group on domain computers
Go to >> Part-1:Install ADCS service and configure Code Signing Certificate Template
Go to >> Part-2: Request the certificate to sign the script by user1
Go to >> Part-4: Run the test scripts



In Part-2, we have signed the script with user1's certificate. There are some manual works such as adding user1 certificate to trusted publisher group. Let us see how can we automate this process by using GPO.


First of all, we need to export user1 certificate from Node1 computer's personal store to DC1 computer where we can distribute this certificate via Group Policy.
i) From MMC console on Node1 computer, right-click the user1's certificate and export.
ii) In the "Export File Format" page, we can either DER encoded or Base-64 encoded option. See Figure-1.
iii) Select the location to save the certificate. Click Next, Next and OK.

                                      Figure-1: Select certificate type

How to Digitally Sign the Powershell Scripts with Microsoft CA in Domain – A step-by-step Guide - Part 2

2) Request the certificate the sign the script by user1
Go to >> Part-1:Install ADCS service and configure Code Signing Certificate Template
Go to >> Part-3: Configure GPO to allow only signed scripts and add user1’s certificate to trusted publisher group on domain computers
Go to >> Part-4: Run the test scripts


In the Part-1, we have configured AD CS role and configure certificate template. Now, it's time that user1 request his certificate and sign his script.

On the Node-1 computer with user1 logged on as domain user:
i) In the Run box, type mmc and select "Certificates" from Add or Remove Snap-ins. See Figure-1.
ii) In the certificate tab, right-click Personal >> All Tasks >> Request New Certificate. See Figure-2.
iii) Click Next and go until you find different types of certificates available on "Request Certificates" tab. Choose "Powershell Code Signing" and click "Enroll". See Figure-3.
iv) If everything is working fine, you will see the certificate is enrolled and installed.
v) Check user1's enrolled certificate in certificate personal store. See Figure-5.


Note: If you turn-on "Certificate Manager" Approval in your certificate Template(see fig-4), then the certificate request will be shown as pending in "Certification Authority" console, rather then automatically enrolled to user1 computer. Certificate Manager Needs to approve the pending certificate to issue.

How to Digitally Sign the Powershell Scripts with Microsoft CA in Domain – A step-by-step Guide - Part 1

Go to >> Part-2: Request the certificate the sign the script by user1
Go to >> Part-3: Configure GPO to allow only signed scripts and add user1’s certificate to trusted publisher group on domain computers
Go to >> Part-4: Run the test scripts




Every drivers and built-in softwares in windows environment are pre-packaged with digital signatures. With an increasing number of malicious attacks on windows, every executable, dll or script file should be signed with certificate in domain environment. Moreover, Active Directory & GPO made life easier because it has a very good integration with ADCS services especially with certificate auto enrollment via group policy. This becomes very useful when you want to limit the execution of scripts on servers in your domain environment, preventing malicious scripts from running and unauthorized changes. Today, I will show you how to sign your powershell scripts from Microsoft CA and use GPO to control the execution of unsigned scripts in domain environment.


Scenario:
Let’s say user1 usually write powershell scripts in Contoso organization. Administrator needs to allow only the execution of scripts written by user1 on certain computers, while other scripts are blocked. Moreover, if one of the user1’s script is modified by a malicious user and run on client computers or servers, how can we stop these things? Let’s see how it works.

Recover Crashed Exchange 2013 Mailbox Server in DAG

Recovering a crashed mailbox server is a straight-forward process if they are in DAG. You can do it by setup.exe /m:RecoverServer. However, there are certain steps to do for smooth recovery process. The following steps will do to recover the crashed mailbox servers in DAG. I will explain the each steps in more details.

1. Reset the crashed computer accounts in AD.
2. Install new server OS to replace the old crashed servers.  Install windows features, pre-requisites and updates.
3. Remove the database passive copies on crashed servers. If the servers are accessible you can manually delete DB file and logs file residues from crashed servers.
4. Remove the crash servers from DAG. This can be done by EMC or EMS.
5. Evict(remove) the crash servers from failover cluster manager.
6. Start the recovery process by running setup file in command prompt with necessary switches. More details later in this section.

Search Multiple Words in Multiple Excel files using Powershell !

Inventory documentation with excel a thing that most Infra admins has to deal with on a daily basis. Sometimes, I have to look for bulk of IP Addresses on multiple excel files but I have do it by opening the excel files one-by-one. So, after checking how it can be achieved in powershell, I found comObject is the way to go, which can be used to automate most windows applications.  Make sure Microsoft Excel is already installed before you run the script.

How to use the script:

You need to create search values.txt file and insert the contents line-by-line that you want to search. (Also the script will automatically create the search values.txt on the first run if not exists). The output files will have the same names as original files appended with _RESULT.xlsx

Then, open powershell console and run with following necessary parameters. You will need to specify -Folder or -File parameter at least.

Example:

.\Excel_search.ps1 C:\MyExcelFiles -Recurse -Color -OpenFile -Grid

Parameters:

-Folder : The folder name in which multiple Microsoft Excel files should already exist (Use it if the -File  is not specified)

-File : The file name of the Microsoft Excel file (Use it if the -Folder is not specified)

-Recurse : Use this with -Folder option to search excel files recursively

-Color : Use this to colorize the values found in the excel files (in darkblue color)

-Grid : Use this to display the summary of search results in grid output windows (See Fig-1) 

-OpenFile : Use this to automatically open the output files when the search operation is completed.

               Figure-1: Search Results with Grid View

View SSL/TLS Certificate Info with OpenSSL Command

You can simply check the SSL/TLS certificate information which is listening at non-http port (like STMP) by using the OpenSSL tool. All you need to know is to the port that uses encrypted connection. For example, I view the certificate info at CentOS website & TLS certificate used for smtp connection. With WSL, OpenSSL already installed and you're ready to go.

For example here, I check the CentOS website & TLS certificate which is used for smtp connection.

For SSL connection:
openssl s_client -showcerts -connect www.centos.org:443

For TLS connection:
openssl s_client -connect mail.centos.org:25 -starttls smtp

                                              Figure-1: Checking SSL certificate info

                                               Figure-2: Checking TLS certificate info

Creating Active Directory Users in the Nested OUs

It is the powershell script that will automatically create AD users. What makes it unique is that all the necessary OUs (even nested OUs) are created in advance before users creation. So, you won’t need a separate script for both tasks. Here, I give the screenshot of my testing domain, with example users defined in my csv file.

You must include these properties as the csv file headers (See Fig-2). But leave the values blank if some users do not have these properties.

EmployeeID, DisplayName, OU, Description, Name, GivenName, SurName, SamAccountName, Title, Departement, Domain, Office, OfficePhone, Company, EmailAddress, Password

It takes only 3 min to create 1500 users for me, Cheers!

                         Figure-1: Creating users in my testing domain

Powershell: Find When Active Directory Users' Memership, OU and Creation Date

It's a one-liner command that I use to find the most common AD attributes including the Creation date, Member Of and OU location. I attached the screenshot as example.

Command:

Get-ADUser -filter * -property name,displayname,MemberOf,description,Title,TelephoneNumber,CanonicalName,whencreated,emailaddress| select Name,
Displayname, @{Name="MemberOf";Exp={ ((-join (($_.memberof.split(',')) -like "*cn=*") ) -replace 'CN=',",").TrimStart(",")  }}, Description, Title, TelephoneNumber, @{Name="OU";Exp={ $_.CanonicalName.Remove($_.CanonicalName.LastIndexOf($_.Name)-1)  }}, Whencreated, Emailaddress

You can export to CSV file with the following commands.

Get-ADUser -filter * -property name,displayname,MemberOf,description,Title,TelephoneNumber,CanonicalName,whencreated,emailaddress| select Name,
Displayname, @{Name="MemberOf";Exp={ ((-join (($_.memberof.split(',')) -like "*cn=*") ) -replace 'CN=',",").TrimStart(",")  }}, Description, Title, TelephoneNumber, @{Name="OU";Exp={ $_.CanonicalName.Remove($_.CanonicalName.LastIndexOf($_.Name)-1)  }}, Whencreated, Emailaddress| export-csv -NoTypeInformation ADuser_Properties.csv

Powershell: Find Which Running Processes are Connecting to the Internet

These days, I have been looking for a way to find which running processes on my machines are accessing the internet without my consent. And fortunately, I found a script from TechNet Gallery written by Cookie.Monster. The script extract the connection info from netstat command and create Custom Object for further processing. So, I just changed the by adding some regx to find the public IP addresses. For testing purpose, I use the TeamViewer on my machine. Note: You need to enable Remote Powershell to execute on multiple computers. If you are new to powershell, check here how to make powershell remoting.

PowerCLI: Automatically Power on VMs from the Saved CSV file

It's the Powershell script using PowerCLI to power on a bunch of VMs when multiple servers go offline or during disaster recovery. Not using any third-party tools, I got the idea to do it in PowerCLI to backup the current Powerstate of the VMs to csv file and compare it when powering on VMs, so that you do not mistakenly turn on VMs that are initially powered off. I added the progress bar to get the progress state of powering on VMs.

What this script will do:
1) It will backup the current Power State of VMs to csv file. It will create the new csv file if not already created.
2) If the file is already created, it will check the current power state of VMs by comparing with the csv file.
3) If the Powered On server in the list is found as powered off in vCenter or esxi, it will power on all VMs.

Please note that you will need to connect the vCenter/Esxi before running the script. Also, you will need to disconnect the vCenter/Esxi connection once the job is finished.

Use the the following command to connect to the host.
Connect-VIServer -Server yourserver -Credential (get-credential)

Use the following command to disconnect from host.
Disconnect-VIServer -Server yourserver -confirm:$false

PowerCLI: Get the Vmnic CDP Information of Esxi Hosts

In these days, I do have to backup the CDP info of our current esxi hosts and fortunately I found script this blog and official VMware site to discover information. Only I made little changes to the script to suite my environment. You need Powercli (PowerCLI 5.5 is here) already installed, and must be connected to vCenter of specific Esxi host before running the script.

If you’re not connected to vCenter, you can use the command:
Connect-VIServer -Server yourServerNameOrIP -Credential (Get-Credential)

After you have finished running the script, you can disconnect the vCenter Server by using the following command.
Disconnect-VIServer -Server yourServerNameOrIP

Note: You can also add the esxi hostnames in the hostlist.txt to get the CDP info for specific hosts only. If the hostlist.txt file doesn’t exit, then it will gather information for all Esxi hosts.

Powershell Debugging Made Easy: A good start tutorial

Scripting is a gift or a painful thing for system admins, it sometimes becomes frustrating when your script encounter errors. There are times when you spot an error yet can’t find where it is located or the lines when it occurred, only then you've to go for line-by-line debugging. Powershell has built-in debugging tools for this. Thanks Powershell !

There I found 2 methods for debugging. You can use anything based on your preference.

1. Write-Debug, where you need to manually suspend/continue the running script to inspect.
2. Set-BreakPoint, which automatically enters into the pre-defined breakpoints, based on Variables or Line number, you defined in the current powershell session.

Since I want to show you how to deals with simple debugging methods, I’m not going with the complex script and conditional debugging. So, let’s start with the simple script. Here, we will add two values 2 and 5. Needlessly to say, the output is 7.  But, it gives out 25 in the result which is unexpected. This is where we should give a try on powershell debugging mode.

Powershell: Automatically Check and Correct multiple NTP Clients

These days I have been digging in with Powershell to write utility scripts that helps admins to save time. And just recently, I finished up the script that give me serveral days of huge brainwork, messy about 400 lines of codes. The script will automatically check the multiple NTP clients(can be the server also, that use the time from NTP. For this to work, you need to enable Remote Powershell on client computers. If remote powershell is not enabled on each of the servers to be checked, you can find my post here to enable it.

What this script will do:
This scipt will,

1) check the necessary ports (5985 or 5986), if winRM is enabled for Remote Powershell.
2) Check the current NTP values.in registry with the pre-defined values in script. If not matched, you can correct instantly.
3) Select the standard TimeZone of servers by the occurrence of mostly used values.

Powershell: Check the Internet Accessibility for Multiple Computers

Sometimes, you need to make sure all your servers have internet access or not, especially after network change or for monthly auditing purpose. With powershell, you can achieve this by using .Net call to sockets. And, I found the script on this site to work as a baseline and use Mr. stevethethread's code to colorize the output.  You will need to save the list of servers in Server.txt in the same directory as script, and change the port number in the script as needed.

Note: Powershell Remoting must already be enabled on those servers and if not, I have written a blog post here on how to enable it.

Fig-1: Checking Internet Connection on multiple servers

The Secret of WMI Monitoring with Non-Administrator account: How to add the missing windows services to monitoring !

Update: The purpose in this blogpost is about giving permission of specific windows service to specific monitoring user. So, you can replace step-6 (setting DNS service permission to specific account that will monitor service) with easier methods in my new blog post.

 

There are three methods for monitoring windows servers:

1. By installing Agents (such as Zabbix,SCOM Agents).
2. SNMP v1,v2, v3 regardless of platforms.
3. WMI Monitor for windows servers.

And today, I’m going to make the WMI monitoring in a couple of steps, plus how to monitor the missing windows services that is unavailable in the default monitor method. Here, I’ll use the Microsoft DNS Server as a monitoring client for DNS Service + basic resource monitoring.

Things that I used in this tutorial:

•       Server 2012R2x64bit, named as “DNS-test.contoso.com”
•          Solarwind Server and Application Monitor(in a Trial version), on the server named as “monitor.contoso.com”
•         Some windows Built-in Tools

·      Wmimgmt (windows management instrumentation management)

·      Dcomcnfg (DCOM configuration)

·      Sc (Service Controller) and scmanager

PowerShell: Join Domain Users to Any Specific OU

I have been looking for ways for automatic domain join so that the end-users can do by themselves without special  knowledge. There are serveral scripts I found on google that make it work, but none of them seems to be an all-in-one solution.Moreover, I don't want to do usernames/password put in text files that are delivered to each user. So, I decided to make a complete script for automatic-domain-join  of users.

What this script will do:
1) Test the DNS Server is reacheable and if OK, change the users' DNS setting to point to Domain Controller.
2) Prompt for username/password to join to domain, no need to put username/pass with the script file.
3) Users can choose their own OU for their domain-join-process, so Admin doesn't need to move thier computer objects to specific OU after domain join. ( the one I liked most & the reason why I wrote this script xP ).

Powershell: Find the Windows Service of a Running Process

Today, I need to find the registered services of some running processes & its installed path. Here we can use some third-party tools, such as Process Explorer, Process Hacker and find each process's associated service. But, I want to use the built-in options, so WMI with Powershell is the way to go. I also checked the windows task manager and it only listed the service & it's associated service name, not the process name. So, I need to do some scripting to get it through.

PowerShell Remoting Made Easy !

With Powershell Remoting, you can do administrative tasks on bunch of servers remotely or in the background while the client users are currently logged in or not.
PowerShell remoting is supported since PowerShell version 2 and above, which is from windows7, 2008R2 and above. If you want to use the PowerShell remoting in server 2003 and windows XP environment, you first need to install the Server2003 Service Part 2 and Windows Management Framework. You can go and download these packages from Microsoft Website.

Check Multiple Forward and Reverse DNS records by Powershell

A few days ago, I had to query over 100 DNS records whether forward & reverse records are working fine. nslookup over 100 records is time-consuming and daunting task for a system admin. So, I decided to write the powershell script to automatic this task. Hope it useful to others.

For beginners new to powershell,
1) Copy the below code & put into file that has .ps1 extension, (i.e,  Find_DNS_Forward_Reverse.ps1)

2) Put the host names in the hostnames.txt  in the same directory as powershell script.

3) Run the script, it will ask for input parameters.
Code as below:

How to convert virtualbox VDI to VMDK or VHD using built-in tools, virtualbox manager

There are so many third-party tools to convert from the virtualbox virtual harddisk to .vmdk(in Vmware) or VHD (in Hyper-V), such as Vmware Standalone Converter, Starwind V-2-V tools. But, you can easily use the built-in virtualbox manager to convert from one disk type to another.
Moreover, I found it is much faster than using Vmware standalone converter.
I show the steps are as below: Note that the same procedure should work in linux environment.

Kill windows service that is not responding/hungs

1) Query the service PID via NT service controller.

sc queryex <servicename>
eg.
sc queryex w32time
Note: you can find the service name from services.msc in Run box. Here w32time for Windows Time Service.

 



2) Note the PID of the service

3) kill the process by PID.
tskill <PID>

Change Windows Service Startup Option that are gray out

Sometimes, we find some services are gray-out, such as antivirus service that prevents disabling with malicious purpose. In this cases, you have 2 options to change the startup type of these services.

Option 1#
1)type "msconfig" in Run box
2) in the service tab, uncheck the service
3) reboot the computer



Option 2# (via registry method)
1) Go to HKLM\SYSTEM\CurrentControlSet\Services\
2) Double-Click the Start SubKey
3) Change the DWORD value to 0 to 4 according to your startup option. 2 for Automatic & 4 for Disabled.
Below are values according to technet article.

Value	Meaning
0	Boot (loaded by kernel loader). Components of the driver stack for the boot (startup) volume must be loaded by the kernel loader.
1	System (loaded by I/O subsystem). Specifies that the driver is loaded at kernel initialization.
2	Automatic (loaded by Service Control Manager). Specifies that the service is loaded or started automatically.
3	Manual. Specifies that the service does not start until the user starts it manually, such as by using Device Manager.
4	Disabled. Specifies that the service should not be started.