Skip to main content

Posts

// FEATURED

using netsh to capture packets

Outages. Aside from the massive pressure of having to restore service, they can be pretty useful to learn new things. One recent discovery that was news to me is that you can use netsh to capture network traces. WHAT?! Yeah1.It appears on modern-ish operating systems (Windows 7/Windows 2008 R2 and above) you no longer need to install your favorite packet tracing application to capture packets. Who doesn’t like to cuddle up with a nice packet trace, eh? Obviously if you’re on a desktop OS, you should just load packet capturing utility of choice (and it had better be Network Monitor if you intend to open the .ETL trace) -- unless you like to read it in some other way. That would mean your skillz are simply amazing and are wasting your time here!RUNNING A TRACEThe most basic way to start and stop a trace is by performing the following commands:As you can see, netsh displays the trace configuration as well. It’s not the full configuration of defaults though.netsh trace start capture=yes …
Recent posts

How to Identify Applications Using Your Domain Controller

Problem Everyone has been through it. We've all had to retire or replace a domain controller at some point in our checkered collective experiences. While AD provides very intelligent high availability, some applications are just plain dumb.

They do not observe site awareness or participate in locating a domain controller. All they want is the name or IP of one domain controller which gets hardcoded in a configuration file somewhere, deeply embedded in some file folder or setting that you are never going to find.

How do you look at a DC and decide which applications might be doing it? Packet trace? Logs? Shut it down and wait for screaming? It seems very tedious and nearly impossible.
Potential Solution Obviously I wouldn't even bother posting this if I hadn't run across something interesting. :) I ran across something in draftcalled Domain Controller Isolation. Since it's in draft, I don't know that it's published yet. HOWEVER, the concept is based off these t…

How to Check for Expiring Certificates in PowerShell

This one I’m saving for later. Don’t confuse this with actually managing certificates via the PKI module. This is really about finding information on certificates already deployed.First of all, remember that Cert:\ is a PS drive. Try something like this when you open a PS prompt:cd cert:\
cd currentuser\my
dirPS C:\> cd cert:\
PS Cert:\> cd currentuser\my
PS Cert:\currentuser\my> dir

    Directory: Microsoft.PowerShell.Security\Certificate::currentuser\my

Thumbprint                               Subject                     
----------                               -------So with that in mind, you can do the typical kind of listing/sorting/displaying. One of the interesting switches that shows up when you’re in the certificates drive is the –ExpiringInDays. This is extremely useful if you’re trying to get a return of certificates that are about to expire (think alerting.)get-childitem -path Cert:\CurrentUser\My -ExpiringInDays 180By doing this, you can treat this as a boolean return…

Max Group Membership Limits for Active Directory

While exploring the concept of maximum membership limits for groups, I ran into a number of posts which offered contradicting information. To set the record straight, we will start with with ancient history.When Windows 2000 was released, the recommended number of members in a group was 5000. This corresponds with the number of changes that could be written in a single replication cycle (if I have my facts straight.) Remember, back in those days, every time you changed the membership of a group, you caused the entire group and all its membership information to replicate.With the release of Windows 2003 came the concept of Linked Value Replication. This enabled you to make membership changes to a group and only replicate the changes in membership – adds, deletes, etc. Because of this, Microsoft hasn’t issued a new recommended limit. Here’s a snippet from a document titled Windows Server 2003 R2 and Windows Server 2003:Recommended Maximum Number of Users in a Group For Windows 2000 Acti…

ATLSMUG Meeting 07/22/2016

http://www.atlsmug.org/events/register-now-july-22Hi everyone.If you’re familiar with Atlanta TechStravaganza, you’re probably used to having seen an announcement by now. Well, we had some logistical challenges this year so it looks like we have to push back until later this summer.This is typically where we hold our 2nd quarter meetings for ATLSMUG. In the absence of that event, we are moving forward with our own meeting to keep things going. I hope you will find yourself available to join us.We’ll be back at the Microsoft Alpharetta campus (thank you Microsoft – Jim & crew are great!) looking to start our first presentation at 10 AM and ending around 3 PM. Hopefully this will solve the traffic challenges that I know many of you face getting to the event.We’ve got some good stuff cooking up – Orchestrator, ConfigMgr, etc. However, if you have any urgent topics, we might still have time to work them in. Just drop us a note at leaders@atlsmug.org. Any other comments, suggestions, t…

Excel and the Mysterious Hang

Sometimes, it’s hard just to figure out which needle you’re looking for in haystack. Once you got it figured out though, that needle will look like a big stick.My wife came home tonight asking me to look at her laptop. In the last week, her Excel program would hang trying to open Hyperion but would eventually find its way back home. She might have mentioned that Outlook was also opening slowly but having mistook the rest of her sentence as something related to finance, I promptly ignored it – my eyes fixed on the real prize: a chance to tinker.When you don’t know where the problem is, sometimes it’s best to get all the information and start sifting it for signals. When I started off, I was SURE it was some kind of timeout problem so I immediately started with a packet trace.1 #NOPE There was nothing evident of a long or delayed response.Well, I knew Excel was problematic (you know, since I forgot about Outlook) and decided to hone in on the processes involved with it. I fired up the h…

03.11.2016 User Group Survey

Hello everyone. I hope that you were able to make the Q1 Atlanta Systems Management User Group (ATLSMUG) meetup! For those that weren’t able to make it, it was a pretty fun event. We had some good stuff on Windows 10 from Bruce and Stephen, had a great selection of fantastic beer, had these amazingly large slices of pizza from Big Pie in the Sky, and had a turn out of over 30 people from three different user groups!It was great to see so many familiar faces and to meet with new people from ATLPUG and WINVUG.Now, we need some help from you. If you made the event, would you mind filling out our little survey? It’ll take you less than 2 minutes but will be immensely powerful in helping us understand what you like and want to get out of these events in the future.Here’s the link: https://www.surveymonkey.com/r/HRLWFCTTHANKS AGAIN!Oh, by the way, if you’re looking for the content from the event, here are the slides: Bruce Lyon’s Presentation
Stephen Owen’s Presentation 1/2
Stephen Owen’s Pre…

Accessing a Protected Domain Administrator Account

As a good practice measure, the default domain administrator account which comes pre-installed with every Active Directory should be guarded from misuse. We all know this. To follow in this good practice, the account should be renamed from the default name and disabled.So what happens if this account is the one you have to use to recover from a problem? Let’s say, for example, that all of your usual domain administrative accounts are somehow not accessible for use and requires you to get to this account. If it’s disabled, what do you do?Should you find yourself in the scenario that you have a disabled administrator account AND know the password --Boot up the domain controller to Safe Mode (make sure it is not Safe Mode w/ Networking.) This quasi-enables the account. You can at least log on with it. Using the account and password, log in. Open a command prompt and issue the following: net user administrator /active:yesNow you have an enabled default domain admin account. You can rebo…