Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

POWERSHELL ACTIVE DIRECTORY: ADD OR UPDATE PROXYADDRESSES IN USER PROPERTIES ATTRIBUTE EDITOR

June 25, 2017 04:20PM

This was second script I wrote for user migrating from domain change (exchange to office 365). (Although I have basic knowledge of Exchange server, but I was involved due to my PowerShell scripting knowledge), Requirement was adding new email address to ProxyAddresses under Attribute Editor (AD Users Properties - View advanced features) retaining existing values.

Check out my earlier script on using Active directory Powershell.
POWERSHELL ACTIVE DIRECTORY: ADD OR UPDATE (CHANGE) MANAGER NAME IN ORGANIZATION TAB OF USER

automate Powershell Active Directory User Properties Attribute Editor, ProxyAddresses Add value smtp, sip

Copy below script to ps1 file. Below is the formate of CSV file.

   ----------------------------------------------
   | user      | emailid                        |
   | --------------------------------------------
   | ku0f1999  | kunal@vcloud-lab.com           |
   | md0f2011  | mahesh@vcloud-lab.com          |
   ----------------------------------------------
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
<#  
  .Synopsis  
   Add smtp id to existing active directory user proxyaddress.
  .Description  
   Run this script on domain controller. It will add addition record to proxy addresses in user properties, and keep the existing as it is.
  .Example  
   Add-UserProxyAddress -CSVFile c:\tenp\users.csv
     
   It takes input from CSV file and add the smtp records in respective user proxy address attributes.
  .Example
   CSV file data format and example
   ----------------------------------------------
   | user      | emailid                        |
   | --------------------------------------------
   | ku0f1999  | kunal@vcloud-lab.com           |
   | md0f2011  | mahesh@vcloud-lab.com          |
   ----------------------------------------------
  .OutPuts  
   username ProxyAddresses
   -------- --------------
   {}       {sip:ku0f1999@vcloud-lab.com, SMTP:ku0e1123@testaccount.com, smtp:Kunal@vcloud-lab.com, }
   {}       {sip:md0f2011@vcloud-lab.com, SMTP:md0f2011@testaccount.com, smtp:mahesh@vcloud-lab.com}
   
  .Notes  
   NAME: Add-UserProxyAddress
   AUTHOR: Kunal Udapi
   CREATIONDATE: 01 DECEMBER 2016
   LASTEDIT: 3 February 2017  
   KEYWORDS: Add or update proxyaddress smtp on active directory user account  
  .Link  
   #Check Online version: http://kunaludapi.blogspot.com
   #Check Online version: http://vcloud-lab.com
   #Requires -Version 3.0  
  #>  
#requires -Version 3   
[CmdletBinding()]
param(  
    [Parameter(Mandatory=$true,ValueFromPipeline=$True,ValueFromPipelineByPropertyName=$true)]
    [alias('FilePath','File','CSV','CSVPath')]
    [String]$Path,
    [String]$Protocol='SMTP') #param
Begin {  
    Import-Module ActiveDirectory
} #Begin

Process {
    $users = Import-Csv -Path $Path
    #$users = Get-ADUser -Filter * -SearchBase "OU=TestOu,DC=Rageframeworks,DC=com" -Properties ProxyAddresses
    $temp = [System.IO.Path]::GetTempFileName()
    Foreach ($u in $users) {
        #$smtpid = "smtp: {0}.{1}@kumarthegreat.com" -f $u.givenName, $u.Surname
        Try {
            $user = Get-ADUser -Identity $u.user -ErrorAction Stop
            Write-Host "$($user.SamAccountName) exists, Processing it..." -BackgroundColor DarkGray -NoNewline 
            $emailid = "{0}:{1}" -f $u.emailid, $Protocol
            Set-ADUser -Identity $u.user -Add @{Proxyaddresses=$emailid} 
            Write-Host "...ProxyAddress added" -BackgroundColor DarkGreen
        } #Try
        catch {
            Write-Host "$($user.SamAccountName) does not exists" -BackgroundColor DarkRed
        }
    } 
    #Get-ADUser -Filter * -SearchBase "OU=TestOu,DC=Rageframeworks,DC=com" -Properties ProxyAddresses | select username, ProxyAddresses
    $users | foreach {
        $user = $_.user
        Try {
            Get-ADUser -Identity $_.user -Properties ProxyAddresses -ErrorAction Stop | select SamAccountName, Name, ProxyAddresses
        } #try
        catch {
            Write-Host "$user does not exists" -BackgroundColor DarkRed
        }
    } | Out-File $temp
} #Process
end {
    Notepad $temp
}

Once script is executed, it shows the user name successful message, also notepad is opened with result. I have written another script for adding information to Group ProxyAddresses as well. Same can be found on https://github.com/kunaludapi/Powershell-AD-Add-user-proxyaddresses.

Powershell Active Directory Module Add user proxyaddresses value, automation, view advanced feature

POWERSHELL ACTIVE DIRECTORY: ADD OR UPDATE (CHANGE) MANAGER NAME IN ORGANIZATION TAB OF USER

June 24, 2017 04:06PM

I am sharing few of the scripts I wrote long back to change/update Users information in Active directory,  It was required me while migrating Active directory to Office 365. One of the script was adding or change manager name in organization tab of User properties. (All user names used here are fiction and not related to real world).

Active directory users and computers ad user properties organization add change or update manager name

POWERSHELL ACTIVE DIRECTORY: ADD OR UPDATE PROXYADDRESSES IN USER PROPERTIES ATTRIBUTE EDITOR

Before I start, I have created CSV file with user and manger information. Sample of the content in file are as below. Make sure you don't have empty or null value in either Name or Manager column. CSV file can be edited in Excel file, While saving make sure extension of the file is .csv.

Name Manager                                                                  Active directory users and computers ad user properties organization add change or update manager name csv file format UserName and Mager change add
Adam.Baum X.Benedict
Adam.Zapel Athol
Art.Major Bud.Wieser
Athol C.Good
B.A.Ware Bud.Wieser
Barb.Dwyer Bud.Wieser

Download this code from Github. Before running make sure you have appropriate access to change ADUser properties, Copy this code and paste in notepad, extension should be .ps1. One of the requirement is Powershell ActiveDirectory module should be installed, By default it is installed on Domain Controller while AD installation, If you are running this script from your desktop download and install RSAT (Remote server administration tools https://www.microsoft.com/en-in/download/details.aspx?id=45520) from Microsoft site for your OS build and version, I am directly running scripts on Windows 2012 R2 domain controller. 

Another requirement is make sure you can execute script by running Set-ExecutionPolicy Unrestricted -Force (For production I use RemoteSigned policy, or change it to restricted back once I done with my work, This change will not happen without opening Powershell as an Administrator)

Powershell ps1 script set-executionpolicy unrestricted ad user update change

In my example my PS1 and CSV file is in temp file, Run command c:\temp\Update-AdUserManager.ps1 -File C:\temp\users.csv. Once it is executed successfully, it opens result in notepad, where I can review changes, same can be seen as below screenshot, also verify the same in user properties. If it is not able to find any user or manager from csv  in the AD it throws error on console.

Update-ADUserManager change manager active directory user properties csv, powershell

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
##############################
#.SYNOPSIS
#Add or update user's manager in Active Directory.
#
#.DESCRIPTION
#The Update-ADUserManager cmdlet add or update users properties (Manager Name under Orgnaization Tab) from CSV file, Once properties updated successfully
#
#.PARAMETER File
#This is a File path of CSV with name (samaccountname) of user and his manager name.Below is the CSV file format example, Make sure you don't have empty or null values in user's or manger's cell.
#Name	    Manager
#---------- ------------
#Adam.Baum	Bud.Wieser
#Adam.Zapel	Bud.Wieser
#Art.Major	Adam.Baum
#
#.EXAMPLE
#Update-ADUserManager -File C:\temp\users.csv
#
#.NOTES
#http://vcloud-lab.com
#Written using powershell version 5
#Script code version 1.0
###############################
[CmdletBinding(SupportsShouldProcess=$True,ConfirmImpact='Medium')]
param(
	[Parameter(
        Position=0, 
        Mandatory=$true,
        ValueFromPipeline=$true,
        HelpMessage='Type the full path of CSV file'
    )]
    [alias('Path', 'CSV')]
    [ValidateScript({
        If (Test-Path $_) {
            $true
        }
        else{
            "Invalid path given: $_"
        }
    })]
    [System.String]$File
)  
Begin {
    If (!(Get-Module ActiveDirectory)) {
        Import-Module ActiveDirectory
    }
    $username = Import-Csv -Path $File
    $Report = @()
}
Process {
    foreach ($user in $username) {
        $SamAccountName = $user.Name 
        Try {
            $GADuser = Get-ADUser -Filter {SamAccountName -eq $SamAccountName} -ErrorAction Stop
            $GADuser | Set-ADuser -Manager $user.Manager -ErrorAction Stop
            $Report += Get-ADUser -Filter {SamAccountName -eq $SamAccountName}  -Properties Manager | select Name, @{N='Manager';E={(Get-ADUser $_.Manager).Name}}
            Write-Verbose -Message "Record updated for $SamAccountName"
        }
        catch {
            Write-Error -Message "$SamAccountName or its manager does not exist please check in Active Directory"
        }
    }
}
End {
    $temp = [System.IO.Path]::GetTempFileName()
    $report | Out-file -FilePath $temp
    Write-Verbose -Message 'Opening report'
    Notepad $temp
    #c:\temp\users.csv
}

 

POWERSHELL: USE PARAMETERS AND CONFIGURATION FROM INI FILE, USE AS SPLATTING

June 22, 2017 09:14PM

I was working on one of my friends requirement for automating scripts, He wanted a safe way to use parameters and configuration values from external file instead of modifying actual script, I tried with CSV as well as cliXML file. but found INI file is simple format as external plain text file to parse information from. Its very easy for any non-technical person to edit and review it. Before starting I would like to show the content of the INI file (schema). Same configuration I will be using in next Powershell splatting examples.

Text starting with ; semicolon are the comments and only for information purpose (description) and will be skipped while processing (This line is not necessary to mentioned in the file but it is best practice to document everything), next block is the configuration Name, enclosed with square brackets [], this is a main part I will be using to find related block for Syntax and parameter joined with equal = sign. In below file I have 3 parameter blocks for Service, Process and Folder as shown.

INI file anotomy containing configuration data with closed brackets and configuration joined with equal sign and forward slash

Here is my code, parses this INI file and use Syntex parameters / value out of it. for example once I run the function Get-IniConfiguration -File C:\temp\Configuration.ini -Conf Service, It extract service block and convert it to hashtable in as same as variable name mentioned in -Conf parameter. for example my configuration.ini file contains Service block (as exactly same variable name $service will be created), Once it detects the correct block It creates hashtable with Service name variable. 

Next is using the Powershell splatting - "PowerShell Spatting is Bundling parameters before sending them along to a command can save your time", Simply using $Service as Get-Service @Service. It will take Name and ComputerName as syntax, parameter and value will be LanManServer and Localhost respectively. (This is the normal oneliner command I use Get-Service -Name LanManServer -ComputerName LocalHost), There are less chances for errors.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
function Get-IniConfiguration {
    ##############################
    #.SYNOPSIS
    #Convert INI data information to Hashtable for splatting
    #
    #.DESCRIPTION
    #The Get-IniConfiguration cmdlet fetch information from .ini file, and convert it to hashtable, This Hastable can be used later further as splatting. This is best for non technical users, and don't want to make any changes to script.
    #
    #.PARAMETER File
    #This is a File path. Extension can be .txt, .ini, .info or any other readable ascii file is supported, Below is the example content of file related to service.
    #[service]
    #Name=LanManServer
    #ComputerName=Localhost
    #
    #.PARAMETER Conf
    #This is a paramenter block mentioned in brackets, and same name variable created for splatting ie
    #[service] 
    #
    #.EXAMPLE
    #Get-IniConfiguration -File C:\temp\configuration.ini -Conf Service
    #Get-Service @Service
    #
    #Information is stored under $service (same name as -conf variable)
    #
    #.NOTES
    #http://vcloud-lab.com
    #Written using powershell version 5
    #Script code version 1.0
    ###############################
    
    [CmdletBinding()]
	param(
	    [Parameter(Position=0, Mandatory=$true)]
        [ValidateScript({
            If (Test-Path $_) {
                $true
            }
            else{
                "Invalid path given: $_"
            }
        })]
        [System.String]$File = 'C:\Temp\Test.ini',
		[Parameter(Position=1, Mandatory=$true)]
		[System.String]$Conf 
    )    
    $inifile = Get-Content -Path $File #-Raw -split '`r`n'
    $LineCounts = $iniFile.Count
    $ConfLineNumber = $iniFile | Select-String -Pattern "\[$Conf\]" | Select-Object -ExpandProperty LineNumber
    if ($ConfLineNumber -eq $null) {
        Write-Host "Please provide correct configuration name in -Conf parameter" -BackgroundColor DarkRed
        Break
    }
    $RawContext = $iniFile[$ConfLineNumber..$LineCounts] | Where-Object {$_.trim() -ne "" -and $_.trim() -notmatch "^;"}
    $FinalLineNumber = $RawContext | Select-String -Pattern "\[*\]" | Select-Object -First 1 -ExpandProperty LineNumber
    $FinalLineNumber = $FinalLineNumber - 1
    if ($FinalLineNumber -ge 1) {
        $FinalData = $RawContext | Select-Object -First $FinalLineNumber
        $FinalData = $FinalData | Where-Object {$_ -match "="}
    }
    else {
        $FinalData = $RawContext | Where-Object {$_ -match "="}
    }
    New-Variable -Scope Script -Name $Conf -Value ($FinalData | Out-String | ConvertFrom-StringData) -Force
}

Get-IniConfiguration -File .\Configuration.ini -Conf Service
Get-Service @Service

Another example I would like show about Folder, it does not recognize the single backward slash \ in the Path, so you will have to mention double backward slash. Also for switchparameter need to mention separately ie: Get-Childitem @Folder -Directory.

Powershell Parse INI file configuration, INI splatting, Ini data to hashtable.jpg

Splatting is very useful when you long and more than 2 Parameters to be selected, I frequently use them with external file (example as below for Send-MailMessage) so I don't have to touch my original script.

[MailMessage]
To=kunaludapi@vcloud-lab.com
From=noreply@vcloud-lab.com
Subject=This is test message
Body=Attached reports
Attachement=c:\\temp\\report.txt
SMTPServer=mail.vcloud-lab.com
Port=25

Download code from GitHub: https://github.com/kunaludapi/Powershell-INI-Parsing-as-spatting

VEMBU

June 7, 2017 07:24PM

Vembu is a prominent provider of a collection of software products and cloud facilities to insignificant and mid industries for more than a decade. The newest version of Vembu’s award-winning Backup & Disaster Recovery solution, latest Vembu BDR Suite v3.7 provides Vembu’s idea is to brand software and cloud services very reasonable for the hundreds of thousands of small and medium businesses worldwide.  Vembu BDR Suite is designed for varied environments like VMware vSphere, Microsoft Hyper-V, Windows, Linux and Mac. 
I tried it for 30 days for evaluating purpose here is my verdict about product – Download here

vembu backup replication, restore, onlinbackup, sasbackup

Vembu VMBackup
It is a Backup and Disaster Recovery software that provisions agentless backups for VMware vSphere and Microsoft Hyper-V environments. VMBackup provides option of sending the backup data to an off-site data center or Vembu Cloud for data redundancy and disaster recovery. VMBackup is intended to backup and replicate the virtual machines by taking the snapshots of the VM images at the Host level. There is no need to install any agent on each VM, Supported by consumers for its cool interface and its high-class design for virtualized environments,

Vembu ImageBackup 
A complete Backup & Disaster Recovery solution for Windows IT environment. It safeguards RTO fewer than 15 minutes by distributing consistent recovery choices like Bare Metal Recovery, Quick VM Recovery, Instant File Recovery, Partition level Recovery etc. Additionally, Desktops/Laptops Backup is absolutely free.

Vembu NetworkBackup 
It is intended for small & medium businesses to guard serious business data crossways file servers, application servers, workstations and other endpoints in Windows & Linux environments. Vembu offers NetworkBackup at free of price for end points which includes Windows Desktops, Laptops and Mac.

Vembu OnlineBackup
Vembu OnlineBackup delivers File Server, Exchange, SQL, SharePoint & Outlook Backups straight to Vembu’s protected cloud consuming enterprise-grade AES 256-bit encryption with gritty restores. 

Vembu SaaSBackup 
Vembu SaaSBackup is intended to deliver Backup & Recovery options for SaaS applications like Office365 & Google apps at reasonable pricing. SaaS applications are organized in the cloud, IT admins feel anxious about the security of the data. Here is the answer which comes to salvage of those who have no impression about safeguarding their valuable information in SaaS applications.

Vembu BDR Suite covers the below environments as follows:
•    Free VMware Backup
•    Free Hyper-V Backup
•    Free Windows Server Backup
•    Free Windows Workstations Backup
•    Free File Backup of Workstations
•    Free Vembu Universal Explorer
•    Free Vembu Recovery CD
 
Download the following Whitepapers for Free:
•    True 15-Minute RTO for Mission-Critical VM Systems.
•    Optimize RPO & RTO While Enhancing DR Resilience
•    By Virtualizing Its Backup Repository as a File System, Vembu Changes the Dynamics of Data Protection for Business Applications in a vSphere Environment
•    Does Backup Need a File System of its Own? A Deep Dive Into VembuHIVE File Systems

While writing above feature I amazed by the software and decided to test it by installing it do some test cases for this I chose Vembu BDR product, so I can clear my few doubts. I am using Windows 2012 R2 to install Vembu BDR Server, Below OS version can be supported.
· Windows Server 2012 R2 (64 Bit)
· Windows Server 2008 R2 (64 Bit)
· Windows Server 2012
· Microsoft Windows Server 2016

I have downloaded installation file with administrator privilege and once installation process begins Click Next to proceed with installing the setup. Next comes the Vembu BDR License agreement', choose 'I accept the agreement' option. and click Next, It can be installed with selected default configuration, but I would like to customize few configurations and selected the item as below screenshot, This option will show what else I can configure as per my need.

 1 vembu bdr installation location, storage repository location, web console, backup gui port, username password customization

In the customization it let me choose PostGreSQL configuration (PostgreSQL is a powerful, open source object-relational database system. It has more than 15 years of active development and a proven architecture that has earned it a strong reputation for reliability, data integrity, and correctness),  For best practices I can select the different location for installation and database storage, for simplicity I am going with default location.

2 vembu bdr installation location, customization, PostGreSQL Server configuration, installation location

Next is selection of Storage repository configuration for Backups, I can choose network drive as storage repository. If you select the option it gives me option of adding NFS or CIFS (SMB) shared path. By default I am selecting C drive for testing purpose. I will be adding this part in later when having live demo, Also make sure you have enough disk space for backups.

3 vembu bdr installation storage repository configuration, local and remote cifs smb

This is one of the main screen to configure Vembu BDR web server portal, Port no 6060 will be used for webserver portal to access and open the same in firewall, it is recommended leave this port no as it is unless you required some advanced configuration. Once setup is done default username admin and password admin can be used to login into the portal., Review the configuration on next screen.

4 vembu bdr installation configure vembubdr webserver port 6060, webconsole username and password, review

Once everything is setup correctly it will start VembuBDR service (Can be viewed in services. msc) and will start web console of Vembu BDR in default browser. I have already shown the screenshot of main portal here.

5 Vembu BDR Installation Completed start start VEMBU BDR server webconsole, vembuBDR services.msc and

To open a URL https://vembuserver IP:6061. This is the console of VEMBU BDR 3.5 suite, it is neat and intuitive single centralized control. If you want to backup just click and select Backup from menu bar, here Hyper-V and physical machine backup options are available, For this testing I am selecting VMware vSphere. Here you have ability to map your VMware Infrastructure for backup, all you need to do is add VMware vSphere server, Standalone Esxi server can also be added here, Both FQDN and IP address are supported. Credentials are required. And connection is made over secure ssl port 443. Once Server is added Backup can be started.

Same way I have added my other vCenter servers as well in my lab, Select the Esxi or vCenter from the list of server, click Backup, Check configure VMs to backup from list. here I have found very nice menu VMs/ Disks exclusion, Use this option if you don't want to backup disk which you don't want, for example if I have separate disk for Swap or pagefile volume, I might not want to backup that drive, Next option is scheduling, here I have frequency of backup from run every hours daily, weekly backup schedule (incremental). additionally I can choose full backup daily. But this option need to explicitly enable.

5 Vembu BDR, Backup Configure VMs wish to configure esxi, vm backup, next, VMs disks exclusion

Next windows is crucial and ask about retention of backup by default it will keep last 3 daily backups. Performs forever incremental backups. when the retention count for the incremental count is reached older incrementals will be purged and the latest incremental will be retained as per the configuration, In the Advanced retention. Again in the advanced retention policy, there is the option to select interval at granular level like daily, weekly and monthly merge options. This is kind of creating synthetic backups. 

Here to my amaze I checked Application aware backup options. below are some of the options useful from the application backup perspective, and can be selected as per requirement and they are optional
Application aware process is to create consistent database snapshots by quienscing the application using Microsoft VSS API
Require successful application processing: This option allows you to stop the backup if any one of application writer (Eg: MS Exchange Writer) was in unstable state or if VSS writers were not processed successfully after the snapshot.
Ignore application processing failures:  This option will not process Application VSS writers and ignore the check in of the application writers status. It is not recommended and this might leads to have inconsistent data of the applications in the backup.
Truncate the transactions logs is to avoid the disk consumption by the application transaction logs

If you are planning for application-aware image processing. login credentials of the VM guest machines are required.

8 vembu bdr backup configure retention policy, application aware backup crash consistent, truncate transaction logs

Review the backup job for configured host and VMs, backup date and retention policy, If everything looks good give it a name. Next first backup will start and and it will show progress.

Once backup is completed, I can see the complete status (same can viewed on Reports menu bar), I have liberty to suspend it, on demand run it, and in the More I can modify the current backup settings. One thing to note, After completion of backup I checked VM events. As earlier said, Backup is dependent on VM snapshot. In the event I can see snapshot is created and deleted after Backup process is done.

10 Vembu BDR Backup job completed successfully, run now, esxi vm vcenter snapshot backup

Recovery option is fairly easy, Click recovery option and select restore. One thing to note, there is mount option. when I clicked mount it mounted backup on Vembu BDR server under VEMBUBACKUPDr and it converted files and I had option to download file in 4 main format. RAW IMG, VHD, VHDX and VMDK itself, very handy and portable.
Under restore I have 5 types to restore.
Quick VM Recovery: Recover backup images as ready-state VMs (i.e.) instantly available and helps in maintaining business continuity with minimal downtime. Note: Default Hypervisors used for quick VM recovery are: Hyper-V (for MS Windows) and KVM (For Linux, Ubuntu).
Live Recovery to ESXi Server Restore backed-up VMs directly to target ESXi hosts, where you can also perfrom partial VM restore (Custom Disk-Level)
File Level Recovery Auto attach backup to Disk Management in local machine that allows instant access to backed up data and instant file recovery possible.
Disk Level recovery Restore VM Backups at disk level where backed up disks can be restored to target VMs in an Esxi host.
Download Multi-format restore available for any image backup (Physical/Virtual) and is easy to process. The file formats available for restores are: VHD, VMDK, VHDX, Flat-VMDK and RAW image file

11 Vembu BDR Restore backup, mount, Quick VM recovery, live recovery to esxi server, file level recovery, disk level recovery, download

here I have select Quick VM recovery option. Here I can select multiple restore version and possible to go in required timing (I have only one restore point as after backup I immediately tested restore), Another amazing option it will convert images to cross platform hypervisor (Microsoft Hyper-V) for me. Select target server, I need another copy so I have changed the name of VM. Review the selected item need to restore. 

12 Vembu BDR Restore backup, vmware to hyper-v conversion hyperv

Once restore is finished I can verify it on Esxi server for the restored VM, one thing to note. as it is cloned copy make sure you keep it powered off until disconnect network adapter, Failing to do so in production my encounter warning and error with duplicate IP. Here are the few thing from management perspective configure email smtp server and sender IP so backup server can send success and failure of backup also disk space related critical emails to management team.

12 VEMBU BDR Report schedule email reports, management email configuration, smtp and send id.png

This is last point I want to show on Storage Management, Things are good if you manage and monitor storage correctly. here I have very nice dashboard view on space, I can add Network storage drive here. also I have a option to wipe backed up data.

13 vembu bdr storage management nfs smb cifs storage volume disk space usage alarm

Vembu has positively exciting and complete product. I can see that Vembu’s five backup products inside their group is approximately shelters you with greatest choices to stay safe against catastrophes, ransomware or straight whole site damage. Vembu can get you sheltered whether you’re very small commercial with a solo server which requires to be secure, or whether you’re a giant business with hundreds of machines. The Online portal where all your products, licenses, transfers, modernizes, maintenance is available is well built and got me poised while trying in my test center.

 

WINDOWS VCENTER 6.5: VCENTER VPXD AND OTHER SERVICES MISSING OR NOT EXIST IN SERVICES.MSC

May 24, 2017 07:15PM

Recently while troubleshooting VMWare vCenter 6.5 on Microsoft windows, I found some necessary services either missing or does not exist. Crucial services like VMware vcenter (VPXD), Vmware Single sign on and other services simply missing. Earlier I thought this could be because it might have upgraded from previous version. but even on fresh installation I found same scenario. For already working VMware guy this will find odd as he generally will go to services for maintenance in case vCenter server not working, Here as it can be one of the major change in vCenter 6.5.

1 VMware vSphere vCenter 6.5 services missing in Services.msc, afd, amqp, certificate, directory, caf management, dns, lifecycle manager, vpxd, single sign on, sts, security token service

So there is a question where did those services gone and where are they. To find the answer, There is official KB from VMware which has detailed information. (How to stop, start, or restart vCenter Server 6.x services (2109881)). So in this article it is mentioned "Starting with vSphere 6.5, the vCenter Server services are not standalone services under Windows Service Control Manager (SCM). The vCenter Server Appliance services run as child processes of the VMware Service Lifecycle Manager service." Below are the Services display name and actual service name.

 vmware-imagebuilder
 VMware Image Builder Manager
 vmware-cm
 VMware Component Manager
 vmware-vpxd
 VMware vCenter Server
 vimPBSM
 VMware vSphere Profile-Driven Storage Service
 applmgmt
 VMware Appliance Management Service
 vmware-statsmonitor
 VMware Appliance Monitoring Service
 vmware-rhttpproxy
 VMware HTTP Reverse Proxy
 vmware-vapi-endpoint
 VMware vAPI Endpoint
 lwsmd
 Likewise Service Manager
 vmafdd
 VMware Authentication Framework
 vmware-vsm
 VMware vService Manager
 vmonapi
 VMware Service Lifecycle Manager API
 vmware-perfcharts
 VMware Performance Charts
 vmware-updatemgr
 VMware Update Manager
 vmware-vmon
 VMware Service Lifecycle Manager
 vmware-vsan-health
 VMware VSAN Health Service
 vsphere-client
 VMware vSphere Web Client
 vmware-vpostgres
 VMware Postgres
 vmware-eam
 VMware ESX Agent Manager
 vmcam
 VMware vSphere Authentication Proxy
 vmware-mbcs
 VMware Message Bus Configuration Service
 vmware-vcha
 VMware vCenter High Availability
 vsphere-ui
 VMware vSphere Client
 vmware-content-library
 VMware Content Library Service
 vmware-sca
 VMware Service Control Agent
 vmware-netdumper
 VMware vSphere ESXi Dump Collector
 vmware-vpxd-svcs
 VMware vCenter-Services
 vmware-rbd-watchdog
 VMware vSphere Auto Deploy Waiter

All the required commands are installed under InstallationDrive:\Program Files\VMware\vCemter Server\bin. In my case my installation is at, and it will show the list of services. 

c:\Program Files\VMware\vCemter Server\bin\service-control --list

2 VMware vsphere vCenter services missing services bin, image builder, vpxd stop start restart, syslog, vsan web client, service-control --list

To check the status of all services command service-control --status. and if instead need to view individual service service-control --status servicename. 

3 VMware vsphere vCenter services missing services bin, image builder, vpxd stop start restart, syslog, vsan web client, service-control --status services

If you want to restart particular service first it need to stop and start again using
service-control --stop servicename
service-control --start servicename 

If incase all services need to be restarted (stop and start) use.
service-control --stop -all
service-control --start -all

4 VMware vsphere vCenter services missing services bin, image builder, vpxd stop start restart, syslog, vsan web client, service-control --start --stop --status --all  services

POWERSHELL INSTALLING AND CONFIGURING MICROSOFT ISCSI TARGET SERVER

May 22, 2017 02:45PM

In my previous blog I configured Microsoft iSCSI Target Server using GUI way, Here in this chapter I am utilizing Powershell to do the task. First command is to check the status of FS-iSCSITarget-Server role. (Only running Get-WindowsFeature will show all the list of role and features), to show specific role name has to know, run commands in Powershell running as administrators. (I am running these commands directly on windows server 2012 R2)

Get-WindowsFeature -Name FS-iSCSITarget-Server

Next is installing actual role, with all sub features and required management tools.

Install-WindowsFeature -Name FS-iSCSITarget-Server -IncludeAllSubFeature -IncludeManagementTools

1 Powershell microsoft windows server 2012 R2, iSCSI target server installation, get-WindowsFeature, FS-iSCSITarget-Server, Install-WindowsFeature, include all sub features and management tools success failed, and true, restart no exit code success

Next step, Create Virtual disk before had so it can be mapped later to Target, Make sure you have enough disk space, This is dynamically expanding disk by default.

New-IscsiVirtualDisk -Path "E:\iSCSIDisks\Esxi001boot.vhdx" -SizeBytes 8GB

2 Powershell microsoft windows server 2012 R2, Iscsi Target server, New-IscsiVirtualDisk -path -sizebytes GB dynamic expanding

For nex step initiator IQN addresses are required. I have already shown how to find initiator IQN ID on Esxi server in my earlier blog, It will create target without any vdisk attached.

New-IscsiServerTarget -TargetName "Boot-Esxi001" -InitiatorIds @("iqn:initior01", "iqn:initior02")

3 Powershell microsoft windows server 2012 R2, Iscsi Target server, New-iscsiservertarget -targetname -initiatorids, iqn

This is final step mapping iscsi virtual disk to target.

Add-IscsiVirtualDiskTargetMapping -TargetName "Boot-Esxi001" -Path "E:\iSCSIDisks\Esxi001boot.vhdx"

4 Powershell microsoft windows server 2012 R2, Iscsi Target server, Add-IscsiVirtualDiskTargetMapping -targetName -path vhdx.png

 

MICROSFOT WINDOWS 2012 R2 ISCSI TARGET STORAGE SERVER FOR ESXI AND HYPERV

May 22, 2017 08:47AM

As Microsoft has introduced iSCSI server role since windows 2012, it can be used as iSCSI target (storage box). I use this instead of  openfiler, freenas or any other appliance for testing in my lab, I have even seen Dell vendor has come up with one of the storage NX3200 model and organizations are using it for production to store data over iscsi protocol, Although Microsoft iSCSI target 3.3 software was already existed and could be downloaded and installed separately for windows 2008 OS line. Now same thing is embedded in windows server 2012 and later as a role, no need to download and install it separately. I think Microsoft iSCSI target is better substitute for other small appliances as you can install this role along with other roles or features, and resources can be shared, so don't have to manage another server.

windows server 2012 r2 iscsi target storage server iscsi initiator esxi and hyperv iqn iscsi protocol port 3260 vhd

In common networking like Ethernet and switches when you want to connect to remote storage (SAN), iSCSI protocol is used over TCP/IP protocol. (Other protocol FC are used for SAN bet require special devices and hardware), In simple storage terms iSCSI Target is the storage box where it will provide LUN disk, and iSCSI initiator (Client like esxi, windows) will consume it over LAN. This is not the file share where it is mapped or mounted on os. It is block level storage, Block level storage is like local disk to OS and uses SCSI commands for I/O. so it can be formatted like local disk and can be put choice of file system, this is one of the main difference between Block and file level and. (mapped or mounted file level storage cannot be formatted and they use protocols like SMB, CIFS or NFS and etc). 

In the above diagram I have 2 NIC cards connected to different switches for redundancy purpose and it is a best practice. If any of the (storag'se or esxi's) Nic or switch goes down, data is still visible, and it is using normal networking to carry iSCSI protocol.

Below are the IP addressing scheme on my Windows iSCSI server using for connection, Management Ethernet adapter is purely for Management connectivity, ie RDP or any other sort of connectivity. Other 2 nics cards will streaming iSCSI data only.

1 Microsoft windows storage iscsi target server ip addressing to nic ethernet card lan 3 ips multipathing, management and iscsi network

To start installing iSCSI server role, open Server Manager from start if it is not opened. click Add roles and features. I am going through all the defaults without changing any option and clicked next for Before you Begin, Installation type and server selection. Once I reached to Server Roles Select check box on File Server and iSCSI Target Server under File and storage services (File and iSCSI Services). Once clicking next for other option Features and confirmation I pressed next and in the last Install button.

2 add roles and features file and storage servers, services, iscsi target server file server, default option server manager, Installation type, server selection

Once role installation is successful, Before going forward make sure 3260 ports for above iSCSI IPs are opened in firewall. Next step is configuration, on the server manager click File and Storage Services in the left pane, choose iSCSI, Click to create an iSCSI virtual disk, start the New iSCSI Virtual Disk Wizard, same option can be found under Tasks as well. In the wizard select virtual disk location, this can be any drive, I have selected C:\iSCSIDisks.

3 iSCSI storage server windows 2012 R2, to create iSCSI Virtual Disks wizard, storage location, custom path, target server name

Name the iSCSI virtual disk name, It is a vhdx file. check the file path,

4 iSCSI storage server windows 2012 R2, to create iSCSI Virtual Disks wizard, storage location, custom path, target server name, specify virtual disk name

Next window is interesting, It shows how much is the Free size is on the selected disk location, and up to that much size of disk can be created. If Fixed size is selected all the 8 GB will be allocated, similar to VMware lazy thick provisioned disk (if clear the virtual disk on allocation is selected it will full format (fill up the complete disk with 0's) takes some time similar to eager zero thick disk), Dynamically expanding is allocate the disk space when data written (VMware thin provisioned disk), 

Differencing has its own us case, it is as same as VMware linked clone disk, means it saves great amount of disk and time. once the base disk is created, it will use same disk but won't write anything to it and write changes to snapshot disk. If base disk is gone so everything is.

I am going with the Dynamically expanding, as data grows the vhdx disk size will grow and will same some space.

5 iSCSI storage server windows 2012 R2, to create iSCSI Virtual Disks wizard, Fixed size, clear the virtual disk on allocation, dynamically expanding

As this is a new deployment, create new iSCSI target and assign the disk created to this server, Multiple targets can be created to restrict or grant the access to initiators. (Access is granted to initiator server on per iSCSI target instead of on per virtual disk)

6 iSCSI storage server windows 2012 R2, to create iSCSI Virtual Disks wizard, iSCSI Target assigning disk to new iscsi target

Provide target name and description.

7 iSCSI storage server windows 2012 R2, to create iSCSI Virtual Disks wizard, iSCSI Target assigning disk to new iscsi target, name and description

For next step I need IQN name of the client initiator, for this I will be getting the same name from Esxi storage iSCSI software adapter, It is a kind of WWN or Mac address of the iSCSI adapter. Target will use it to identify initiator to grant access to virtual disks (LUN), it can be easily copy paste.

8 iSCSI storage server windows 2012 R2, to create iSCSI Virtual Disks wizard, Esxi storage adapter iscsi software adapter, vmhba, iqn name

Once IQN is identified and copied, Add initiator ID under IQN type value, There are other several type IP address and DNS name also can be added. For simplicity I am using IQN name.

9 iSCSI storage server windows 2012 R2, to create iSCSI Virtual Disks wizard, Esxi storage adapter iscsi software adapter, vmhba, iqn name, identify the initiator

Communication between iSCSI Target and initiator can be authenticated using CHAP protocol, This is a security option, for simplicity I am not using these option and clicking next.

10 iSCSI storage server windows 2012 R2, to create iSCSI Virtual Disks wizard, initiator enable reverse chap authentication, initiator authentication chap protocol

On the confirmation page verify the configuration and click create.

11 iSCSI storage server windows 2012 R2, to create iSCSI Virtual Disks wizard, confirmation vhdx virtual disk target iscsi security chap protocol

This is the end of successful configuration of windows iSCSI target. showing status as completed.

11 iSCSI storage server windows 2012 R2, to create iSCSI Virtual Disks wizard, confirmation virtual disk target iscsi security chap protocol result completed, set target access, assign iscsi virtual disk to target

This is last and important settings need to be configured, go to servers menu from the list, right click storage server, iSCSI Target Settings, and configure the IP address (Nic interfaces) to be used by iSCSI request.

12 iSCSI storage server windows 2012 R2, to create iSCSI Virtual Disks wizard, specify network addresses to be used for iSCSI Sotrage requests

As can see my target and virtual disks are in place, and I can see vhdx file with low size, as data is written disk will grow.

13 iSCSI storage server windows 2012 R2, to create iSCSI Virtual Disks wizard, cofiguration completed, iscsi virtual disks and targets

AWARDED VMWARE VEXPERT AGAIN FOR 2017

February 9, 2017 08:49AM

I am honored today again to see the announcement that I was awarded the title vExpert for the 4th year in a row.

vExpert is a title that VMware awards to those that have made significant contributions to the VMware community.  The title doesn’t show a particular level of technical expertise; but rather shows that those awarded have a strong desire to share what knowledge they have with others.  Most vExperts either blog, are VMUG leaders, speak at local events, contribute on the VMTN boards, or even speak at large events like VMworld.

vmware vexpert for all time vcloud-lab.com kunal udapi

See the entire list here: https://blogs.vmware.com/vmtn/2017/02/vexpert-2017-award-announcement.html

MICROSOFT AZURE POWERSHELL: CLONING (COPING) OR IMPORTING EXISTING NSG (NETWORK SECURITY GROUP) FROM EXCEL

January 26, 2017 07:14PM

CREATE NEW NSG (NETWORK SECURITY GROUP - VIRTUAL FIREWALL ACL) ON MICROSOFT AZURE
POWERSHELL - EXPORT AZURE NSG (NETWORK SECURITY GROUP) RULES TO EXCEL
MICROSOFT AZURE POWERSHELL: CREATING NEW NSG (NETWORK SECURITY GROUP)

Here I had got a task to clone or copy existing NSG in the Azure Powershell. I already have created one Template Network Security Group and all rules are created in it. As I required Rules, Need to run below command to know store all the rule in powershell variable. This will not copy default firewall rules, Only manually created rules information are stored.

$TemplateNSGRules =  Get-AzureRmNetworkSecurityGroup -Name 'Windows-NSG' -ResourceGroupName 'POC-VPN' | Get-AzureRmNetworkSecurityRuleConfig

Cloning, copying, Importing, copy, clone, import, Microsoft Azure NSG network security Group Template to another NSG, Get-azurermNetworkSecurityGroup, Get-AzureRmNetworkSecurityRuleConfig

As I need rules only I will create new NSG.

$NSG = New-AzureRmNetworkSecurityGroup -ResourceGroupName 'POC-VPN' -Location 'East US 2' -Name 'Copy-of-Windows-NSG'

Next with the help of foreach loop I will copy inject all the rules from Template NSG to newly created rules.

foreach ($rule in $TemplateNSGRules) {
    $NSG | Add-AzureRmNetworkSecurityRuleConfig -Name $rule.Name -Direction $rule.Direction -Priority $rule.Priority -Access $rule.Access -SourceAddressPrefix $rule.SourceAddressPrefix -SourcePortRange $rule.SourcePortRange -DestinationAddressPrefix $rule.DestinationAddressPrefix -DestinationPortRange $rule.DestinationPortRange -Protocol $rule.Protocol # -Description $rule.Description
    $NSG | Set-AzureRmNetworkSecurityGroup
}

Cloning, copying, Importing, copy, clone, import, Microsoft Azure NSG network security Group Template to another NSG, New-AzureRmNetworkSecurityGroup, Add-AzureRmNetworkSecurityRuleConfig, direction, source.png

Sane way importing NSG from excel file will work. follow this article to create CSV excel file - POWERSHELL - EXPORT AZURE NSG (NETWORK SECURITY GROUP) RULES TO EXCEL.to import.

$TemplateNSGRules = Import-CSV -Path C:\Temp\TestNSG01.csv 

Create new empty NSG firewall, and run the foreach script block as shown above.

MICROSOFT AZURE POWERSHELL: CREATING NEW NSG (NETWORK SECURITY GROUP)

January 23, 2017 02:18PM

This post is based on article CREATE NEW NSG (NETWORK SECURITY GROUP - VIRTUAL FIREWALL ACL) ON MICROSOFT AZURE. Although it is same, but in this I will be showing how to do the same task using PowerShell. Below command creates new NSG with no custom Security Rules. 3 parameters are required -Name, -ResourceGroupName and -Location and they are self explanatory. And new NSG information is stored into a $NSG Variable, which I require to add inbound and outbound rules.

$NSG = New-AzureRmNetworkSecurityGroup -Name 'Windows-NSG' -ResourceGroupName 'POC-VPN' -Location 'East US 2'

As currently no rules (There are by default three default security rules) are there in newly created network security group, I will creating one using below command.

$NSG | Add-AzureRmNetworkSecurityRuleConfig -Name 'rule-default-allow-RDP' -Direction Inbound -Priority 100 -Access Allow -SourceAddressPrefix '*'  -SourcePortRange '*' -DestinationAddressPrefix '*' -DestinationPortRange 3389 -Protocol Tcp  -Description 'RDP exception for Windows'

Parameters Breakdown
-Name: This is the Name for rule under NSG
-Direction: Direction will be either Inbound or Outbound
-Prioirty: Rule priority (should be between 100 - 4096), Lower The priority number, Higher the precedence. 
-Access: This will be either Allow or Deny
-SourceaddressPrefix: Provide the IP or subnet range, * means any IP can connect. Source is the machine from you will be generating connection to destination.
-SourcePortRange: Provide Port range of Source. * means any port.
-DestinationAddressPrefix: Provide the IP or subnet range, Destination is the Azure VM or services.
-DestinationPortRange: Here I am opening only 3389 port on azure virttual machine for RDP.
-Protocol: This can be TCP, UDP or Both
-Description: This option is not visible on Azure Resource manager portal, and can be set through only Powershell, It is good practice to put information about rule.

POWERSHELL - EXPORT AZURE NSG (NETWORK SECURITY GROUP) RULES TO EXCEL

Now Rule is created, but still changes are not committed into Azure, they are still on Local Powershell memory.

Microsoft Azure powershell create NSG, Network Security Group, New-AzureRmNetworkSecurityGrouP, Add-AzurermnetworkSecurityRuleConfig, NSG inbound outbound rules, tcp udp allow deny

To commit changes of new security rules into NSG, execute below command, Once successful It will show the new rules provisioningstate as succeeded, It can be compared with above and below screenshots.

$NSG | Set-AzureRmNetworkSecurityGroup

Microsoft Azure powershell create NSG, Network Security Group, Add-AzurermnetworkSecurityRuleConfig, NSG inbound outbound rules, tcp udp allow deny set-azurermnetworksecuritygroup commit changes

You can use below command on powershell to know about existing NSGs.

Get-AzureRmNetworkSecurityGroup -Name 'Windows-NSG' -ResourceGroupName 'POC-VPN'

Microsoft Azure powershell NSG, Network Security Group, Add-AzurermnetworkSecurityRuleConfig, NSG inbound outbound rules, tcp udp allow deny set-azurermnetworksecuritygroup, get-AzureRMNetworkSecurityGroup changes.png

Subsequently Use below One-Liner command to check Network Security rules under NSG.

Get-AzureRmNetworkSecurityGroup -Name 'Windows-NSG' -ResourceGroupName 'POC-VPN' | Get-AzureRmNetworkSecurityRuleConfig -Name 'rule-default-allow-RDP'

Microsoft Azure powershell NSG, Network Security Group, Add-AzurermnetworkSecurityRuleConfig, NSG inbound outbound rules, tcp udp allow deny Get-AzurermnetworkSecurityRuleConfig, get-AzureRMNetworkSecurityGroup change

Associating NSG to VM Nic is relatively easy with below commands.

$VMNetoworkInterface = Get-AzureRmNetworkInterface -Name 'NIC_Interface' -ResourceGroupName POC-VPN
$VMNetoworkInterface.NetworkSecurityGroup =  $NSG
$VMNetoworkInterface | Set-AzureRmNetworkInterface

Microsoft Azure associate NSG (Network Security Group) to Virtual Machine vm Nic interface, Network, Get-AzureRmNetworkinterface - NetworkSecurityGroup, Set-Azure RmNetworkInterfaces

Next is associating Network security group to virtual network subnet. First command I need information about existing vNet stored in $vNet variable

$vNet = Get-AzureRmVirtualNetwork -ResourceGroupName 'POC-VPN' -Name 'POC-VPN-vNet'

And set the existing vNet subnet, make sure you are using correct existing address prefix only.

Set-AzureRmVirtualNetworkSubnetConfig -VirtualNetwork $vNet -Name 'Default' -NetworkSecurityGroup $NSG -AddressPrefix '10.0.0.0/24'

Associating, assigning NSG, network security group to a Virtual Network vNet subnet microsoft azure powershell get-azurermvirtualnetwork, set-azurermvirtualnetworksubnetconfig networksecuritygroup, virtualnetwork, vnet

This is the last piece of command, associating NSG in vNet subnet and need to commit the changes in azure.

Set-AzureRmVirtualNetwork -VirtualNetwork $vNet

Associating NSG network security group to a Virtual Network vNet subnet microsoft azure powershell get-azurermvirtualnetwork, set-azurermvirtualnetworksubnetconfig , Set-AzureRmVirtualNetwork -virtualNetwork.png

Useful Links
INSTALLING MICROSOFT AZURE POWERSHELL
PART 9: CREATING AND MANAGING VIRTUAL MACHINE (VM) USING MICROSOFT AZURE RESOURCE MANAGER PORTAL
POWERSHELL - EXPORT AZURE NSG (NETWORK SECURITY GROUP) RULES TO EXCEL
MICROSOFT AZURE POWERSHELL: CLONING (COPING) OR IMPORTING EXISTING NSG (NETWORK SECURITY GROUP) FROM EXCEL

View older posts »