2015. március 23., hétfő

powershell - check if exists

Taken from various forums... can't remember where from.

do {
$testpath = Test-Path -path \\dns2\d$\test
start-sleep -s 10}
until ($testpath -eq $true)

do {
    sleep -seconds 1
    $mailboxExists = get-mailboxpermission -Identity "CN=$displayName,$DN" -User "NT AUTHORITY\SELF" -ErrorAction SilentlyContinue |fw IsValid
    write-host "." -nonewline
} while (!$mailboxExists)


Import-Module ActiveDirectory
#Import CSV
$csv = @()
$csv = Import-Csv -Path "C:\Temp\bulk_input.csv"

#Get Domain Base
$searchbase = Get-ADDomain | ForEach {  $_.DistinguishedName }

#Loop through all items in the CSV
ForEach ($item In $csv)
{
  #Check if the OU exists
  $check = [ADSI]::Exists("LDAP://$($item.GroupLocation),$($searchbase)")
     If ($check -eq $True)
  {
    Try
    {
      #Check if the Group already exists
      $exists = Get-ADGroup $item.GroupName
      Write-Host "Group $($item.GroupName) alread exists! Group creation skipped!"
    }
    Catch
    {
      #Create the group if it doesn't exist
      $create = New-ADGroup -Name $item.GroupName -GroupScope $item.GroupType -Path ($($item.GroupLocation)+","+$($searchbase))
      Write-Host "Group $($item.GroupName) created!"
    }
  }
  Else
  {
    Write-Host "Target OU can't be found! Group creation skipped!"
  }
}

2015. március 6., péntek

How to intall smokeping - the only way it works :)

What is smokeping? That's a powerful network monitoring tool which works mainly with tricky ICMP pings and also able to do special TCP and UDP port connection tests built-in. You can check your statistics on web based graphs.

How to install it? There are blogs that discusses the process but I strongly recommend not to follow them word for word because they suffer from serious errors that keep you from succeeding. Happily you are here, at the perfect place for the perfect tutorial!

What is a master and slave configuration?
Master is actually your central smokeping server. It periodically checks the hosts you configured to monitor. Nothing surprising, ehm ? Let's look at the slave(s) then. They check BACK to the master (or any other configured host) and send their results BACK to the master who process their data and displays the results together with its normal monitoring data.

Okay, let's install my master Debian/Ubuntu node first. I'm going to create two logical units inside my monitoring tree. I'll call the first "External hosts" and the second (guess what) "Internal hosts".

MASTER node
------
apt-get update
apt-get install smokeping
Check if /etc/default/smokeping has only ONE active line: "MODE=master"
cd /etc/smokeping/
touch slave-secrets
You define here your SLAVE servers individual passwords. In my case I will have two slave (also active checking) servers in my "External hosts", see later.
cat /etc/smokeping/slave-secrets
mywebserver:topsecr3t
myftpserver:topsecr3t
echo "topsecr3t" > slavesecrets.conf
chmod 660 slave-secrets
chmod 600 slavesecrets.conf
chown smokeping:www-data slave-secrets slavesecrets.conf
cd config.d/
cat Alerts
*** Alerts ***
to = me.admin@mydomain.com
from = smokeping@mydomain.com

[...others are remain the same default...]
cat Database
*** Database ***

step     = 200
pings    = 100

[...others are remain the same default...]
These two variables are changed because I want to check my hosts in every 200 seconds with 100 ping packets.
cat General
*** General ***

owner    = Me.Da.Admin
contact  = me.admin@mydomain.com
mailhost = localhost
# NOTE: do not put the Image Cache below cgi-bin
# since all files under cgi-bin will be executed ... this is not
# good for images.
cgiurl   = http://localhost/cgi-bin/smokeping.cgi
[...others are remain the same default...]
 cat Probes
*** Probes ***

+ FPing

binary = /usr/bin/fping
packetsize = 500
pings = 100
step = 200
timeout = 1.5
[...others are remain the same default...]
Several other parameters can be used, see later.
 cat Slaves
*** Slaves ***
secrets=/etc/smokeping/slave-secrets

+mywebserver
display_name=My Great webserver
color=ff0000

+myftpserver
display_name=My Super FTP server
color=00b7e2

I've defined here my slave servers. NOT those hosts I want to check. Don't be confused: these two categories are totaly different!
cat Targets
 *** Targets ***
probe = FPing

menu = Top
title = Network Latency Grapher
remark = Welcome to my little SmokePing website.

+ External
menu = External hosts
title = Ext

++ mywebserver
menu = My Superb Webserver
host = 10.243.43.6

++ myftpserver
menu = My gorgeos ftpserver
host = 172.16.29.253

++ mysmokeping
menu = this.server
host = 195.95.95.95
slaves = mywebserver myftpserver

+Internal
menu = Interal hosts
title = Gateways

++ MyGateway
menu = My Little Cisco Switch
host = 172.16.21.254

I've set the most important things here: my monitored hosts. Probe type is simple fping. Two units here: External and Internal. Their friendly name will shown in the web menu as "External hosts" and "Internal hosts". External has 3 hosts inside it: two external servers and the monitor server itself. mywebserver and myftpserver HAVE to be the same string as the servers identifies themselves! (as they answer to the "hostname" shell command) ++mysmokeping section MUST HAVE the "slaves = mywebserver myftpserver" line. If you don't have it, the slaves are going to reply with the unpleasant message
"ERROR: we did not get config from the master. Maybe we are not configured as a slave for any of the targets on the master ?"
/etc/init.d/smokeping restart
If you can't see any useful answer to this :) you may find this command profitable: journalctl -xn

Wait some minutes and point your browser to http://195.95.95.95/smokeping/smokeping.cgi

And! Here is the point for slaves: set your file rights according to the following:
/var/lib/smokeping# ls -sal
[...]
4 drwxrwx---  2 smokeping www-data  4096 Mar  6 13:05 External
cd smokeping/
chown smokeping:www-data *
chmod 755 *
This is a MUST to let the Slaves able to POST their data to apache running on your smokeping master.

SLAVE nodes
-----
apt-get install smokeping
cat /etc/default/smokeping
MODE=slave
MASTER_URL=http://195.95.95.95/cgi-bin/smokeping.cgi
SHARED_SECRET=/etc/smokeping/slavesecrets.conf

Note that this is considerably unsecure configuration. Use VPN connections, firewalls or other type of http authentication,in .htaccess for example. The above 3 lines you have to have, no more or less.
echo "topsecret" > /etc/smokeping/slavesecrets.conf
ls -sal /etc/smokeping/slavesecrets.conf
Set file rights as:
-r--r-----  1 smokeping root   13 Mar  6 07:41 slavesecrets.conf

All the other files are needless here. You can safely delete the whole config.d/ directory for example. Nice, huh?
/etc/init.d/smokeping restart
 Wait some minutes and watch your slave-driven data flow under your "External" session on your Master's webpage.
In case anything going wrong - or nothing, check your apache error log:
cat /var/log/apache/error.log

Check the online manual for further reference.

2015. március 3., kedd

Incremental back up vhdx files of Hyper-V Virtual Machines hosted on Cluster Shared Volumes to a network share

It's 2015 so why would anyone still use Windows Server 2008 R2? Windows Server Backup in Windows Server 2012 includes great (but limited,see below) support for CSV backup. Some notes and warnings:
  •     Virtual machines hosted on CSV’s cannot be added as part of normal system backup configuration
  •     Windows Server Backup has to be configured on all nodes to ensure that backup and recovery will be available in the event of a failure on one of the nodes in the cluster.
  •     Volumes recovery not supported - can be cheated
  •     Security access control lists are not applicable on CSV file service root. Therefore, file recovery to the root of CSV volume is not supported.
Say you have two Hyper-V hosts, one SAN hosting your VMs' files via Cluster Shared Volumes for your Hyper-V Hosts and you also have four VMs on the Hosts - each has two VMs. You already set up your OS level (e.g. Windows Backup) jobs inside your Hosts OSs and VM OSs and has already been backing up your data to the SAN on dedicated backup LUNs lying on physically separeted fault tolarent arrays. Look sufficient, isn't it.
Actually, it isn't that good. What if your SAN blows up? You lost all your VMs and your VMs' backups at the same time. You also need to have a fool-proof off-site backup and it must be easily handled. Luckily, there is a simple solution without the need to include third party tools, like HVbackup. (which is, anyway, a good one)
Let's say that your first Hyper-V Host server called HOST1 and your VMs running by it are named VM1 and VM2.
So you have a file system on Host1 like this:

as C:\ClusterStorage\Volume4\VM1\ ....

To backup your first virtual guest (with its entire CSV, being on the safe side) on your external backup server share, just execute:

wbadmin start backup -include:C:\ClusterStorage\volume4\ -backuptarget:\\backupserver\vmbackup\vm1

It takes some time:

You can easily restore files from your VM's virtual disk if you find it in the backup:
Then just mount it in your Disk Management (Attach VHD) .....
and then assign a drive letter to it, open your new disk with a file explorer and find your real VD :) inside it. You should repeat above process by attaching this real VD also with your Disk Management console.

In case you need to restore your whole VM (whole means: disaster recovery including all its Hyper-V settings)
Find your backup versions: (if you are lucky enough to have more than a single one)

wbadmin get versions -backuptarget:\\backupserver\vmbackup\vm1

Restoring: (be careful)

wbadmin start recovery -version:02/11/2015-08:25 -backuptarget:\\backupserver\vmbackup\vm1 -itemtype:file -items:C:\ClusterStorage\Volume4\  -recursive -recoverytarget:Z\recover -machine:HOST1

What did I mean when I said backup versions? Have you ever been frustrated that Windows Backup can't maintain multiple versions on a network share? So did I. I've tried to cheat WSB with using a local hardlink pointing out to the network share.
mklink /D M:\MyNetwork \\mybackupserver\vmbackup
and
wbadmin start backup -include:C:\ClusterStorage\volume4\ -backuptarget:\\localhost\d$\MyNetwork\vm1 -quiet
Tadaamm! So far so good.

Unfortunately,
wbadmin get versions -backupTarget:M:\MyNetwork                                               
matter-of-factly answers that it can't be fooled in such a stupid way.

wbadmin 1.0 - Backup command-line tool
(C) Copyright 2013 Microsoft Corporation. All rights reserved.
The backup cannot be completed because the backup storage destination is a shared folder mapped to a drive letter. Use the Universal Naming Convention (UNC) path (\\servername\sharename\) of the backup storage destination instead. 
In short, it sadly won't be versioning, just keeps one full version as usual. Bad luck. Folks say I should use iSCSI based network drives because thats the only way to get WSB versioning. I don't want to bother with this because I already have lots of iSCSI drives from the SAN and I would be a bit afraid of messing up these drives from different sources.

Meanwhile, here are some useful facts from Technet topics to consider about WBS: 
You can also set -vssFULL  parameter in backup jobs but there's not much use in doing so. According to the manual: "If specified, performs a full backup using the Volume Shadow Copy Service (VSS). Each file's history is updated to reflect that it was backed up. If this parameter is not used, wbadmin start backup makes a copy backup, but the history of files being backed up is not updated." In short: "vssfull is only meaningful if there is another 3rd party backup application is being simultaneously used on the same machine along with server backup application and you have application like exchange running on the machine who have vss writers. if that is not the case - it can be ignored and defaults will work fine."
And "All backups after first backup automatically takes incremental storage space on the backup location since changes are tracked using volume shadow copy on the backup location. This incremental storage space is proportional to the changes from the last backup."