Microsoft – Page 3 – IT Wiz Technology Blog

Configuring AWS CLI using Python and pip on Windows

July 9, 2019July 9, 2019 by Samuel Mitchell, posted in AWS, Uncategorized, windows

This article was created to document the steps to configure and utilize the AWS CLI on a Windows machine.

There are multiple ways of installing the AWS CLI but I choose the method of using the Python with pip3 since I already have the tool install on my Windows 10 machine.

After you install the python on your windows system from python.org

2. You will run the following command to ensure it is working from the command prompt

python –version

3. You will then use the python utility pip3 and check if it is installed using the following command:

pip3 –version

4. Once the version is displayed without any errors, you can proceed to installing the AWS CLI using pip3. You will do this by using the command below:

pip3 install awscli

5. After the installation is complete. proceed to test that the AWS CLI is working:

where aws

Once the folder path of the AWS CLI is shown, then you have successfully installed the CLI.

Now the next step is to configure it for use with your AWS service. This can be done by running the following aws command:

aws configure

It will prompt you for the AWS Access key ID, Secret Access Key, default Region and default output format. This allows you to connect to the AWS without authenticating each time. I would recommend that you setup an IAM user account to authenticate with the AWS CLI and limit the access to only the features that will be accessed using this method.

For further details, please consult the AWS CLI documentation here.

Microsoft: Enabling Recycle Bin feature in Windows Server 2016 Active Directory Domain Services

April 3, 2019April 3, 2019 by Samuel Mitchell, posted in Microsoft, windows, Windows server

There is a new feature available in Active Directory Administrative Center (ADAC) in the Windows Server 2016 that allows you restore deleted AD objects from the Recycle Bin (although it could be activated from Windows server 2008 R2 using Powershell). It allows you to enable it at the Domain or Forest level. The only caveat is once it is enabled, it cannot be disabled. The default lifetime for a deleted object to remain in the AD Recycle Bin is 180 days.

To enable the feature using Powershell:

Enable-ADOptionalFeature –Identity ‘Recycle Bin Feature’ –Scope ForestOrConfigurationSet –Target ‘domain.com’ –Server DC1

To enable the feature in Active Directory Administrative Center:

Go to Server Manager –> Tools –> Active Directory Administrative Center

servermgr_Adac

Highlight the domain or forest on the left pane and then under the Task pane on the right under the domain, select Enable Recycle Bin.

Enable_recycleBin_ADAC

You will get the warning that once it is enabled it cannot be disabled, select Ok.

rc_warn

Microsoft Powershell – Install and Configure AD Certificate Services (Windows Server 2016)

April 3, 2019 by Samuel Mitchell, posted in Microsoft, Security, windows, Windows server

This article will demonstrate how to install and configure the Active Directory Certificate Services (AD CS) and the Certification Authority (CA) using both the Server Manager and corresponding Powershell cmdlet.

Using Powershell method

Check if the Active Directory Certificate Service is installed

Get-WindowsFeature AD-Certificate

To install the Certification Authority features, run the following cmdlet:

Install-WindowsFeature ADCS-Cert-Authority -IncludeManagementTools

Configuring the Active Directory Certificate Services with a Standalone Root CA on Host1.

Install-ADcsCertificationAuthority –Credential (Get-Credential) -CAType [StandaloneRootCA] –CACommonName“domain-Host1-CA-1” –CADistinguishedNameSuffix “DC=domain,DC=com” –CryptoProviderName“RSA#Microsoft Software Key Storage Provider” -KeyLength 2048 –HashAlgorithmName SHA1 –ValidityPeriod Years –ValidityPeriodUnits3 –DatabaseDirectory “C:\windows\system32\certLog” –LogDirectory “c:\windows\system32\CertLog” –Force

You can select the CA Type by setting the parameter for –CA Type to either StandaloneRootCA, StandaloneSubordinateCA, EnterpriseRootCA or EnterpriseSubordinateCA. For the CA options like the Cryptographic Provider, Hash Algorithm and Key length will have to be known so that it is selected correctly.

Example for the key length, the values can be 512, 1024, 2048, 4096 which has to be typed out.

For Hash Algorithm, the options are: SHA256, SHA384, SHA512, SHA1, MD5, MD4, MD2.

For the Cryptographic Provider, the parameter -CryptoProviderName can be:

RSA#Microsoft Software Key Storage Provider
ECDSA_P521#Microsoft Software Key Storage Provider
ECDSA_P256#Microsoft Software Key Storage Provider
ECDSA_P384#Microsoft Software Key Storage Provider
DSA#Microsoft Software Key Storage Provider

and any other…

Removing the AD CS and CA feature from the server.

Remove-WindowsFeature ADCS-Cert-Authority

Using the Server Manager

Go to Server Manager–> Manage –> Add Role and Features

servermgr

Select Role-based or feature-based installation

role-based

Select the Server to install it on

server

Tick the Active Directory Certificate Services

adcs_server_role

Tick the Certification Authority

CA_role

The feature will be installed and then you can select Configure Active Directory Certificate Services to setup the CA.

configure_ADCS_CA

Enter the Credential that have permission to configure the CA. Note the following:

For Standalone CA: you need local administrator rights

For Enterprise CA: you need Enterprise Admin rights

ca_credential

Select role services: Certification Authority (CA)

configure_CA

select Standalone CA. Once you know how to configure Standalone CA then you can easily configure Enterprise CA.

select_StandaloneCA

Select Root CA (this is the first CA)

select_RootCA

Select Create a new private key.

create_key

Select your preferred cryptographic provider, key length and hash algorithm

crypto_options

The Common Name and distinguished name suffix will be generated but you can enter your own name.

CA_CommonName

Select the validity period for the Certificate generated.

CA_Period

You can change certificate database and log path or let it remain at the default path

CA_DB-log

Confirm configuration settings of CA.

CA_result_page

Once the CA installation is complete, you can go to Server Manager –> Tools –> Certification Authority to view CA server in the MMC.

PowerShell: Get a List of AD Groups a specific user is a member of

March 28, 2019March 28, 2019 by Samuel Mitchell, posted in Microsoft, windows, Windows server

Powershell is very versatile and with this wonderful tool, I will share how to get the subject result.

There are two ways of doing this:

Using the cmdlet

Get-ADPrincipalGroupMembership [username] | Format-Table Name -AutoSize

I used the cmdlet with Format-table to output property Name in a table format

2. Using the cmdlet

Get-ADUser [username] -Properties memberof | Select -ExpandProperty memberof | Get-ADGroup | Format-Table Name -AutoSize

I used the additional parameter -Properties to get the variable MemberOf then use the Select cmdlet to expand the array then pipe it to the Get-ADGroup to get the name of group to list it in a table format.

Microsoft Outlook 2016: Shared Mailbox Not showing emails

March 22, 2019March 22, 2019 by Samuel Mitchell, posted in Microsoft, windows

I came across an issue in Microsoft Outlook 2016 when a user is giving full access to another/shared mailbox it does not display the emails under the mail account.

The first impression is that the permissions were not applied properly but one of the beauty of Microsoft Exchange 2013/2016, the mailbox will be loaded automatically to the user’s outlook profile when the rights are granted.

To correct this problem you will go the following setting in the Outlook client:

outlook_file

Select File menu

option_account_settings

Select Info –> Account Settings –>Account Settings

change_Accountsettings

Select Email tab –> Change

more_settings

Select button More Settings

uncheck_downloadsharedfolder

uncheck option Download shared folders under Cached Exchange Mode Settings.

OK everything and then restart Outlook for the changes to take effect.

I hope this was helpful.

Manipulating VMware vSphere using PowerCLI

March 8, 2019August 9, 2019 by Samuel Mitchell, posted in VMware, windows, Windows server

I enjoying using powershell so I started to explore the possibility of using it for manipulating vSphere. Low and behold, welcome to PowerCLI with similar syntax as powershell or it can be called powershell in vSphere.

Firstly, before the vCenter server can be manage, a connection is required. To do so, this command can be executed. It can also be used to connect to a single ESXi Host.

Connect-VIServer [vCenterServer or ESXiHost] -Credential(Get-Credential)

I prefer to use the Get-Credential cmdlet because it will prompt me with a windows dialog box requesting the username and password (It is a very useful cmdlet).

Once connected, to get the List of Cluster , VM or Host the following respective commands can be used:

Get-Cluster

Get-VM

Get-VMHost

To get specific details the name of the object can be added to the cmdlet. The pipe (|) can also be used to get details from specific area.

Example to retrieve all the Virtual machines within Cluster A

Get-Cluster ClusterA | Get-VM

To Get all VMs on ESXi Host A

Get-VMHost ESXiA | Get-VM

Putting an ESXi Host A in Maintenance mode

Set-VMHost ESXiA -State Maintenance

Shutting down the ESXi Host A

Stop-VMHost ESXiA-Force

Startup Virtual machine VM1 and VM2

Start-VM VM1,VM2

Exit Maintenance Mode for ESXi Host A

Set-VMHost ESXiA -State Connected

To get more cmdlet from the VMware PowerCLI, use the get-command [*keyword*] to list all commands with the keyword.

I will update this list as time progress.

Microsoft: Manipulating Windows Network Adapter using PowerShell

February 21, 2019April 3, 2019 by Samuel Mitchell, posted in Microsoft, Routing & Switching, windows, Windows server, Wireless

This article is about configuring the network adapter using PowerShell cmdlet:

To get a list of the names of physical network adapter, the following command was used:

Get-NetAdapter -Physical

To get the IP address assigned to the network adapter:

Get-NetIPAddress | Format-Table

To enable/disable the network adapter:

Enable-NetAdapter [-Name] “NetAdapterName”

Disable-NetAdapter [-Name] “NetAdapterName”

Restart-NetAdapter [-Name] “NetAdapterName”

To set dynamic IP address assignment for network adapter:

Set-NetIPAddress -AddressFamily IPv4 -PrefixOrigin Dhcp

To set static IP address for network adapter:

New-NetIPAddress -InterfaceIndex [NetAdapterIndex] -IPAddress 192.168.0.1 -PrefixLength 24 -DefaultGateway 192.168.0.5

Set-NetIPAddress -InterfaceIndex [index] -IPAddress 10.0.0.9 -PrefixLength 24

To set DNS IP address for network adapter:

Set-DnsClientServerAddress -InterfaceIndex 12 -ServerAddresses(“10.0.0.1”,“10.0.0.2”)

Set-DnsClientServerAddress -InterfaceIndex 12 -ResetServerAddresses

For more commands and help on this topic, you can visit the Microsoft documentation site here.

Manipulating Windows Network Adapter using Network Shell

February 21, 2019 by Samuel Mitchell, posted in Microsoft, Routing & Switching, windows, Windows server, Wireless

This adventure of configuring the network adapter started when I required admin rights to modify the settings because UAC (User Access Control) was disabled which prevented the prompting of admin privilege. The challenge was that I did not want to log off or switch user account hence I had to resort to using elevated privilege for the command prompt and utilize the network shell.

To get a list of the names of network adapter, the following command was used:

netsh interface show interface

To get the IP address assigned to the network adapter:

netsh interface ipv4 show addresses

To enable/disable the network adapter:

netsh interface set interface name=”NameOfInterface” admin=[ENABLED/DISABLED]

To set dynamic IP address assignment for network adapter:

netsh interface ipv4 set address source=dhcp

To set static IP address for network adapter:

netsh interface ipv4 set address static 10.0.0.9 255.255.255.0 10.0.0.1

To set DNS IP address for network adapter:

netsh interface ipv4 set dnsservers source=dhcp

netsh interface ipv4 set dnsservers static 10.0.0.10 primary

For WLAN network adapter:

netsh wlan show interfaces

Show the Wireless networks broadcasting:

netsh wlan show networks

Show the WLAN profiles on computer:

netsh wlan show profiles

Connect to one of the WLAN profile configured on computer:

netsh wlan connect name=[ProfileName]

Disconnect from the currently connected WLAN SSID

network wlan disconnect name=[InterfaceName]

For more commands and help on this topic, you can visit the Microsoft documentation site here.

Manipulating the DHCP Server using Powershell

February 13, 2019February 13, 2019 by Samuel Mitchell, posted in Microsoft, windows, Windows server

This article will go through the cmdlet to successfully configure DHCP services on a Windows server using Powershell.

Firstly you can start a Powershell session on the DHCP server using the following command: It will prompt for the credential using the Get-Credential command.

Enter-PSSession -ComputerName [DHCPServerName] -Credential (Get-Credential)

Create an IPv4 DHCP Scope for 10.10.10.0 name Ground Floor with range 10-200 on server DC1.domain.com

Add-DhcpServerv4Scope -StartRange “10.10.10.10” -EndRange “10.10.10.200” -SubnetMask “255.255.255.0”-Name “Ground Floor” LeaseDuration [day.hrs:mins:secs]-ComputerName “DC1.domain.com” -Description “Subnet for Data VLAN on Ground Floor” -State [Active/InActive]

Configure the Scope 10.10.10.0 DHCP server DNS, Domain, Gateway, WINS and wpad settings

Add-DhcpServerv4OptionValue -ScopeId 10.10.10.0 -Router 10.10.10.1 -DnsDomain “domain.com” -DnsServer 10.10.10.250 WinsServer 10.10.10.251 -Wpad “http://proxy.domain.com/wpad.dat” -ComputerName “DC1.domain.com”

Note: To configure the options above at the reservation level replace the parameter ReservedIP and for setting it at the server level, exclude both ReservedIP and ScopeId parameters.

Show the DHCP server IPv4 Scope

Get-DhcpServerv4Scope [-ComputerName “DC1.domain.com”] [[-ScopeId] 10.10.10.0]

Change a DHCP Server Scope Settings

Set-DhcpServerv4Scope [-Type [DHCP|Bootp|Both]] [-ScopeId] 10.10.10.0 [-Description “Scope for data vlan for 10.10.10.0“] [-LeaseDuration day.hrs:mins:secs] [-Name “Ground Floor”] [-ComputerName “DC1.domain.com”] -StartRange 10.10.0.20 -EndRange 10.10.10.200

Remove a DHCP server IPv4 Scope

Remove-DhcpServerv4Scope [-ScopeId] 10.10.10.0 [-Force] [-ComputerName “DC1.domain.com”]

Create a reservation for IP address 10.10.10.100 on DHCP server DC1.domain.com

Add-DhcpServerv4Reservation -ScopeId 10.10.10.0 -IPAddress 10.10.10.100 -ClientId [usually-MAC-address] -ComputerName DC1.domain.com -Description “Reservation for Kiosk PC”

Listing the DHCP Server Scope

Get-DhcpServerv4Scope -ComputerName [DHCPServerName] -ScopeId [IPAddress]

Get the List of DHCP Server Options

Get-DhcpServerv4OptionValue -ScopeId [IPAddress][-All -Brief] -ReservedIP [SpecificIP]

Note: Exclude the ReservedIP parameter to list the values at the scope level and exclude ScopeId parameter to list the values at the server level.

Get the interface and IP address that the DHCP server service is bound

Get-DhcpServerv4Binding -ComputerName “DC1.domain.com”

Set the interface that the DHCP server service will be bound

Set-DhcpServerv4Binding -ComputerName “DC1.domain.com” -BindingState $true -InterfaceAlias “Wired Ethernet Connection”

Set the Boot server Host Name (option id ) for the DHCP server scope of 192.168.0.0

Set-DhcpServerv4OptionValue -OptionId 3 -Value 192.168.0.1 -ScopeId 192.168.0.0

List the DHCP server IPv4 address lease

Get-DhcpServerv4Lease -ScopeId 10.10.10.0 [-IPAddress 10.10.10.25] [–ClientId 00-00-fe-3e-b0-01] [-BadLeases] [-AllLeases] -ComputerName “DC1.domain.com”

Note: Using the IPAddress parameter return lease for specific IP address. Using the ClientId parameter returns only lease for client mac. Using the BadLeases returns only bad leases. Using the AllLeases parameter includes all leases including Offered, Declined and Expired.

Removing a DHCP server IPv4 address lease

Remove-DhcpServerv4Lease -ScopeId 10.10.10.0 [-IPAddress 10.10.10.25] -ClientId [00-54-fe-ed-00] [-BadLeases] [-ComputerName “DC1.domain.com”]

Note: same rule applies as the Get cmdlet for this command.

Get ten (10) Free IP Address from the DHCP server from the scope 10.10.10.0 in the range 10.10.10.50-100

Get-DhcpServerv4FreeIPAddress -ScopeId 10.10.10.0 -NumAddress 10 -StartAddress 10.10.10.50 -EndAddress 10.10.10.100

Add a DHCP Scope of IPv4 Excluded Range

Add-DhcpServerv4ExclusionRange [-ComputerName “DC1.domain.com“] [-ScopeId] 10.10.10.0 [-StartRange] 10.10.10.200 [-EndRange] 10.10.10.250

Show the DHCP Scope of IPv4 Address Excluded Range

Get-DhcpServerv4ExclusionRange [-ComputerName “DC1.domain.com“] [[-ScopeId] 10.10.10.0]

Remove an DHCP Scope of IPv4 Address Excluded Range

Remove-DhcpServerv4ExclusionRange [-ComputerName “DC1.domain.com”] [-ScopeId] 10.10.10.0 [[-StartRange] 10.10.10.200] [[-EndRange] 10.10.10.250]

Retrieves the DHCP server scope statistics which includes Free, In Use, Reserved, Pending and Percentage in use IP address

Get-DhcpServerv4ScopeStatistics [[-ScopeId] 10.10.10.0] [-ComputerName “DC1.domain.com”] [-Failover]

Using Powershell to manipulate File Server Resource Manager

February 6, 2019February 13, 2019 by Samuel Mitchell, posted in Microsoft, windows, Windows server

This article is to share information on how to use PowerShell to manipulate the File Server Resource Manager (FSRM) which is used to do quota management on a file server.

Setting the FSRM Quota for a shared path

Set-FsrmQuota -Path ‘U:\PathOFShare‘ -Description “Soft Limit set on to 10 GB” -Size 10GB [-SoftLimit] [-Threshold (New-FsrmQuotaThreshold -Percentage 85)] [-Disabled]

Set-FsrmQuota

View the File Server Resource Manager (FSRM) information for a shared path

Get-FsrmQuota -Path ‘U:\UserPAthName‘

Creating a new FSRM Quota Template

new-FsrmQuotaTemplate -Name “Test” -Threshold (New-FsrmQuotaThreshold -Percentage 85) -Description “Test” -Size 10Gb

New-FsrmFileScreen -Path ”U:\PathToShare” [-Active] -Description “Screen Files for videos and music” -IncludeGroup “Audio and Video Files”