Allgemein

Exporting password properties from Active Directory to file with PowerShell

This command exports password information of users from Active Directory and writes them to a csv file: Get-ADUser -Filter * -Properties SamAccountName, PasswordLastSet, PasswordNeverExpires | Select SamAccountName, PasswordLastSet, PasswordNeverExpires | Sort SamAccountName | Export-CSV -Path ("{0}\Desktop\AD.User.Password.csv" -f $env:USERPROFILE) -NoClobber -Encoding UTF8 -NoTypeInformation -Force  
Allgemein

Get Exchange mailboxes of disabled Active Directory accounts with PowerShell

Today a one liner: I needed a list of Exchange mailboxes with disabled Active Directory accounts. Here is the command to display them in the PowerShell window: Get-Mailbox | where {$_.ExchangeUserAccountControl -Match "AccountDisabled"} | fl DisplayName, Database, ExchangeUserAccountControl If you want to create a csv file that lists all OWA enabled users but excludes all disabled accounts use the following command line (using Get-CASMailbox together with Get-Mailbox): Get-Mailbox | where {$_.ExchangeUserAccountControl -ne "AccountDisabled"} | Get-CASMailbox | where {$_.OwaEnabled -eq "True"} | Select DisplayName, OwaEnabled | Export-Csv -Path ("{0}\Desktop\OWA.Users.csv" -f $env:USERPROFILE) -NoClobber -Encoding UTF8 -NoTypeInformation This will create the list and...
Allgemein

Change the Windows updates install time on Hyper-V Server

I needed to change the install time of Windows updates on a Hyper-V Server 2016 from the default of 03:00 to 01:00. There is an Option in sconfig (the blue menu box) to change the Windows update install behavior from manual to automatic but there is no option to change the time when the installation of the updates should happen so it defaults to 3:00 AM. It is also not possible to install the Windows update Cmdlets that would allow us to change the configuration of the Windows updates because that feature does not exist in Hyper-V Server. So the...
Allgemein

Another Kerberos error in Cache.log on Squid server

During my configuration of an Squid Proxy Server on Ubuntu in conjunction with Kerberos and Active Directory I encountered another error in the cache.log of the Squid Server: ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: gss_accept_sec_context() failed: An unsupported mechanism was requested. Unknown error; }} The reason for this error was the loopback address (127.0.0.1) for the current host in the hosts file in /etc/hosts. The entry in the hosts file was like this: 127.0.0.1 squid.contoso.com I changed the entry to the real IP address of the Ubuntu Server: 192.168.1.250 squid.contoso.com After the chang I restarted the Server and...
Allgemein

Kerberos authentication error in cache.log on Squid server

I configured Kerberos authentication for a Squid proxy server on Ubuntu in an Active Directory domain. During my tests I got the following error in the cache.log: ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: gss_acquire_cred() failed: Unspecified GSS failure.  Minor code may provide more information. No key table entry found matching HTTP/squid@; }} The reason for this error was a wrong entry in the hosts (/etc/hosts) file on the Ubuntu server. The entry for the server was missing the domain part. So the file contained 192.168.1.40 squid instead of 192.168.1.250 squid.contoso.com I added the domain part to the entry and restarted...
Allgemein

Kinit error on Ubuntu server

I configured Squid Proxy in conjunction with Kerberos authentication in an  Active Directory Domain. During my Tests I used kinit to check my Kerberos ticket on the Ubuntu Server and got the following error message: kinit: Client not found in Kerberos database while getting initial credentials The reason was two identical SPNs (Service Principal Names) in the Active Directory. To find them I checked the Active Directory for double SPNs with the setspn command and the -x parameter: setspn -x This command checks the Active Directory for identical SPNs and list them. The command showed me two entries for my...
Allgemein

NTLM authentication error in Squid cache.log

Recently I configured Squid as Proxy Server with NTLM authentication in an Active Directory Domain. As I started to use the Proxy Server in conjunction with my browser an authentication pop up appeared all of the time and I was not able to Access the Internet. I checked the Cache.log of the Squid Server and found the following error message: GENSEC login failed: NT_STATUS_UNSUCCESSFUL ERROR: NTLM Authentication validating user. Result: {result=BH, notes={message: NT_STATUS_UNSUCCESSFUL NT_STATUS_UNSUCCESSFUL; }} The cause of this Problem was a bug in the Samba version described in this bug Report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754339 The pipe of the winbind daemon was created in the wrong Directory...