SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The operating system error code indicates the cause of failure. The logon attempt failed

Many times setting up servers you’ll get the following.

SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The operating system error code indicates the cause of failure. The logon attempt failed

A few things to keep in mind.

#1 – Is the SPN set properly on SQL. (Done in AD).

#2 – Is Delegation configured on the application? (Done in AD).

Simply put this error can indicate a kerberos error (remember NTLM cannot do delegation).

Looking up FSMO (Flexible Single Master Operations) without using NETDOM /Query:FSMO

If you are looking for your FSMO (Flexible Single Master Operations)  in PowerShell this information can be gathered using:

Get-ADDomain

&

Get-ADForest

For a more specific results the following can be run:

DOMAIN Level FSMO

Table format--> Get-ADDomain | ft Name,Forest,PDCEmulator,RIDMaster,InfrastructureMaster
List format --> Get-ADDomain | fl Name,Forest,PDCEmulator,RIDMaster,InfrastructureMaster

FOREST Level FSMO

Table format--> Get-ADForest | ft Name,DomainNamingMaster,SchemaMaster
List format --> Get-ADForest | fl Name,DomainNamingMaster,SchemaMaster

Network Commands in PowerShell

Need something similar to Ipconfig in PowerShell, try these commands.

Get Network Adapter Details in PowerShell.

Get-NetAdapter | ft ifname,ifdesc,ifIndex,MacAddress,status,LinkSpeed,LinkSpeed -AutoSize

Use Get-NetAdapter |FL * for all Details.

Get IP Address Details in PowerShell

Get-NetIPConfiguration| Sort InterfaceIndex | ft InterfaceAlias,InterfaceIndex,InterfaceDescription,AllIPAddresses -AutoSize

OR

Get-NetIPAddress | Sort InterfaceIndex | FT InterfaceIndex, InterfaceAlias, AddressFamily, IPAddress, PrefixLength -Autosize

Use Get-NetIPConfiguration | fl * for all details.

Get Client DNS Settings in PowerShell.

Get-DnsClient | sort interfaceIndex | ft interfaceIndex,InterfaceAlias,ConnectionSpecificSuffix,SuffixSearchList,RegisterThisConnectionsAddress -AutoSize

Get-DnsClientServerAddress |sort interfaceindex | ft InterfaceIndex,InterfaceAlias,ServerAddresses,EnabledState

How to take my Events (EVT or EVTX format) and copy them to SQL for merged/further evaluation.

While PowerShell can be used, for very large datasets I commonly use SQL to parse and merge my events. Below is a simple example of how to convert your event files from the Windows Event format to SQL Server.

Download the Log Parser toolset from Microsoft:

https://www.microsoft.com/en-ca/download/details.aspx?id=24659

Run the following Command (from a command line):

cd “c:\Program Files (x86)\Log Parser 2.2”

logparser “select * into MyTable from c:\MyEventFile\MyEventFile.evtx” -i:evt -o:SQL -createTable:ON -server:MYsqlServer -database:MyDB -username:MyUser -password:MyPassword! -driver:”SQL Server”

Simple PowerShell Scripts to Gather user information

**NOTE if running from a DC and a non 500 account, ensure Command prompt is elevated!

Get all users where Password does not expire.

Get-ADUser -LDAPFilter ‘(&(userAccountControl:1.2.840.113556.1.4.803:=65536))’ -Properties useraccountcontrol,DistinguishedName,Enabled,Name

Get all enabled users where Password does not expire.

Get-ADUser -LDAPFilter ‘(&(!userAccountControl:1.2.840.113556.1.4.803:=2)(userAccountControl:1.2.840.113556.1.4.803:=65536))’ -Properties useraccountcontrol,description,DistinguishedName,Enabled,Name

Get all enabled users where Kerberos Preauthentication is disabled.

Get-ADUser -LDAPFilter ‘(&(!userAccountControl:1.2.840.113556.1.4.803:=2)(userAccountControl:1.2.840.113556.1.4.803:=4194304))’ -Properties useraccountcontrol,description,DistinguishedName,Enabled,Name

Get all enabled users where Kerberos DES encryption types are used.

Get-ADUser -LDAPFilter ‘(&(!userAccountControl:1.2.840.113556.1.4.803:=2)(userAccountControl:1.2.840.113556.1.4.803:=2097152))’ -Properties useraccountcontrol,description,DistinguishedName,Enabled,Name

Get all enabled users where Password is not required.

Get-ADUser -LDAPFilter ‘(&(!userAccountControl:1.2.840.113556.1.4.803:=2)(userAccountControl:1.2.840.113556.1.4.803:=32))’ -Properties useraccountcontrol,description,DistinguishedName,Enabled,Name

Get all enabled computers where Password is not required.

Get-ADcomputer -LDAPFilter ‘(&(!userAccountControl:1.2.840.113556.1.4.803:=2)(userAccountControl:1.2.840.113556.1.4.803:=32))’ -Properties useraccountcontrol,description,DistinguishedName,Enabled,Name

 

 

Switching Azure Mode

The Switch-AzureMode cmdlet switches between the Azure and Azure Resource Manager (AzureResourceManager) modules.

The new Azure Resource Manager module lets you manage your resources in an entirely new way.

Instead of creating individual resources and trying to use them together, begin by imagining the service you want to create, such as a web portal, a blog, a photo gallery, a commerce site, or a wiki.

Select a resource group template, including one of dozens in the Azure template gallery, or create your own. Each template provides a model of a complex service, complete with the resources that you need to support the service. Then use the template to create a resource group and its resources, and deploy and manage the related resources as a unit.

You can use Switch-AzureMode to switch between Azure modules as often as you like. To set an Azure module as the default for all sessions, use the Global parameter when switching between modes.

Enabling the AD Recycle Bin

A lot of information can be found at the following link for enabling the AD Recycling bin.  –> https://technet.microsoft.com/en-us/library/dd379484(v=ws.10).aspx

Key Notes:

  • Functional level of your Active Directory forest will need to be Windows Server 2008 R2.
  • Enterprise Admins, or equivalent, is the minimum required to complete these procedures.
  • The process of enabling Active Directory Recycle Bin is irreversible. After you enable Active Directory Recycle Bin in your environment, it cannot be disabled.
  • Enabling the recycling bin will remove the ability to drop the FFL and DFL to 2008.
  • Expect to see growth in your AD Database after enabling the feature.
  • Do not attempt to recover a recycled object through an authoritative restore from a backup of AD DS. Instead, we recommend that you recover deleted objects with Active Directory Recycle Bin during the deleted object lifetime.
  • By default, a “recycled object” in Windows Server 2008 R2 preserves the same set of attributes as a “tombstone object” in Windows Server 2003 and Windows Server 2008.

Functions:

  • After the “deleted object” lifetime expires, the logically “deleted object” is turned into a “recycled object” and most of its attributes are stripped away. A “recycled object,” which is a new state in Windows Server 2008 R2, remains in the Deleted Objects container until its “recycled object” lifetime expires. After the recycled object lifetime expires, the garbage-collection process physically deletes the recycled Active Directory object from the database.

 

  • The deleted object lifetime is determined by the value of the msDS-deletedObjectLifetime attribute. The recycled object lifetime is determined by the value of the legacy tombstoneLifetime attribute. By default, msDS-deletedObjectLifetime is set to null. When msDS-deletedObjectLifetime is set to null, the deleted object lifetime is set to the value of the recycled object lifetime. By default, the recycled object lifetime, which is stored in the tombstoneLifetime attribute, is also set to null. In Windows Server 2008 R2, when tombstoneLifetime is set to null, the recycled object lifetime defaults to 180 days. In your case I think it is set to 60 days.

 

  • You can use Active Directory Recycle Bin to restore all deleted objects that were previously stored in AD DS. However, if you use Active Directory Recycle Bin to restore deleted Group Policy objects (GPOs) or Exchange-related objects that were previously stored in AD DS, any application-specific data for these objects that was not stored in AD DS will not be restored.

 

Enabling the Recycling Bin:

To enable the recycling bin from Powershell (note: elevation is required):

 

Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,,DC=corp,DC=contoso,DC=com’ –Scope ForestOrConfigurationSet –Target ‘corp.contoso.com’

 

Restore a Deleted Object:

More examples can be found here: https://technet.microsoft.com/en-us/library/dd379509(v=ws.10).aspx

 

To restore a deleted object in 2008R2 Powershell must be used (note: elevation is required). In 2012+ the Active Directory Administrative Center (dsac) can be used for recovery GUI and/or Powershell. (NOTE: you can use the RSAT tools for a workstation to get these functions).

 

To view the Object prior to recovery:

Get-ADObject -Filter {displayName -eq “Mary Jones”} –IncludeDeletedObjects

 

or to View the Previous OU of an object before it was deleted (to confirm if the OU was removed).

Get-ADObject -Filter {displayName -eq “Mary Jones”} -IncludeDeletedObjects -Properties lastknownparent

 

To recover Object:

Get-ADObject -Filter {displayName -eq “Mary Jones”} -IncludeDeletedObjects | Restore-ADObject

 

Note – additional steps would be required to restore an entire OU Steps are included in the link above.

 

The Basics of PowerShell

Step #1 – Modules

Modules are a set of related Windows PowerShell functions, many roles/functions have specific modules which get installed when the remote administrative tools are installed for a product such as Active Directory, Group Policy, Hyper-V, Failover Clustering… other products have Powershell modules included in their installation such as SQL, Exchange while others are downloadable such as Azure.

Before Windows 8/2012+ you needed to perform “import-module” to add modules to the current session.

To get the “Available Modules” which are essentially the PowerShell modules installed on the machine, the following can be run.

Get-Module -ListAvailable

To import all available modules you can Right Click PowerShell from explorer.

Import-Modules

or run the following from within PowerShell.

Get-Module -ListAvailible | Import-Module

 Step #2 – What to run

PowerShell uses a verb-noun pair for the names of cmdlets and for their derived Microsoft .NET Framework classes. The verb part of the name identifies the action that the cmdlet performs. The noun part of the name identifies the entity on which the action is performed.

Microsoft has an Approved Verbs for Windows PowerShell Commands list available.

Use “get-command” to display the available Cmdlets, Functions and Aliases available to be run. You can use a wildcard search parameters to find the appropriate verb/noun of the cmdlet you will want to run.

For a starting point the following would show various cmdlets that could be run to gather information on the computers network settings.

get-command get-net*

Notice the “GET” command was used for getting information.

As an alternative to the get-command cmdlet, “show-command” in Windows 8/2012+ can be used, or the “ISE” Integrated Scripting Environment.

Step #3 – Find the appropriate properties to output

Using the “Get-Member” or “GM” cmdlet you can easily find the output properties of a cmdlet. Select the appropriate properties to output.

get-member

Using a cmdlet such as get-help can aide in finding examples of what to run and more details about the cmdlet.

Note: Check out the “update help” Article for details about keeping your help files up-to-date (ensure you are running update-help from an elevated Powershell Window.)

Get-Help Get-NetAdapter

get-help

Using a simple command such as the following would export my chosen network adapter settings to the screen –>

 Get-NetAdapter

Notice by default it selected only a few of the available properties.

get-netadapter

Step #4 – Formatting the output

In PowerShell you can easily change how you can view it on the screen using the “format-table” or “format list” cmdlets.

Notice the “aliases” used — FT for Format-Table and FL for Format-List.

The following could be used to change the view of the data into a list format or table format.

Get-NetAdapter | FL name,status,linkspeed

Format Table

For simplicity to find all the properties available for output the following could also be used.

Get-NetAdapter | FL *

format-list

Step #5 (coming coon) filtering the output

 

Bring your own VHD to Azure (uploading and Downloading VMs to Azure)

Want to move workloads into Azure?

Microsoft Azure has a few options, one of the easiest ways is with Microsoft Azure PowerShell.

$source = “D:\VirtualMachines\MyVm\**OS-DISK**.vhd”
$destination = “https://**mystoragepath**.blob.core.windows.net/vhd/**OS-DISK**.vhd”
 
Add-AzureVhd -LocalFilePath $source -Destination $destination -NumberOfUploaderThreads 5

Once the VHD file has been uploaded, it must be registered as either a OS disk or an additional disk. Use the “-OS” switch to specify whether it is a Linux or Windows OS.

Add-AzureDisk -DiskName ‘**OS-DISK**’ -MediaLocation $destination -Label ‘**OS-DISK**’ -OS Windows *** or Linux

Create a new Cloud/VM and attach the new **OS-DISK**
New-AzureVMConfig -DiskName ‘**OS-DISK**’ -Name ‘**OS-DISK**’ -InstanceSize **small** | Add-AzureDataDisk -Import -DiskName ‘**OS-DISK**’ -LUN 0 | New-AzureVM -ServiceName ‘*CLOUDNAME*’ -Location ‘**West US**’

To download the VHD from Azure the following can be used:

$source = “https://**mystoragepath**.blob.core.windows.net/vhd/**OS-DISK**.vhd”
$destination = “D:\VirtualMachines\MyVm\**OS-DISK**.vhd”

Save-AzureVhd -Source $source -LocalFilePath $destination -NumberOfThreads 5

For Physical or VMWare machines, the Microsoft Virtual Machine Converter 3.0 tool can be used.

http://www.microsoft.com/en-us/download/details.aspx?id=42497

Want to streamline the process ever more for Physical, Hyper-V or VMWare??? Take a look at Azure Site Recovery.

http://azure.microsoft.com/en-us/services/site-recovery/

 

 

Get the latest Azure Windows Image

The following will get you the latest version of the image for the Windows 2012 R2 Server.

<–Start snippet–>

$imageFamily = “Windows Server 2012 R2 Datacenter”

$imagename = Get-AzureVMImage | where {$_.ImageFamily -eq $imageFamily } | sort PublishedDate -Descending | select -expandProperty ImageName -First 1

echo $imagename

<–End Snippet–>

NOTE: Use the $imagename value in your “New-AzureVM” Scripts.

How to create a PaaS website in Azure with PowerShell

Creating a new Website

To create a PaaS website in Azure the following command can be used.

<–Start Snippet –>

$websitelocation = “West US”

$websitename = “MyWebsite”

New-AzureWebsite -Location $websitelocation -Name $websitename

<–End Snippet –>

NOTE:

“test-azurename -Website $websitename”

This command could be run prior to ensure the name is not already in use.

Deployment Slots

To Create a “Deployment Slot” from an existing Website, or to create a new Deployment Slot the following can be used:

<–Start Snippet –>

$websiteslot = “UAT”

New-AzureWebsite -location $websitelocation -name $websitename -slot $websiteslot 

<–End Snippet –>

Swapping Deployment Slots

Switch your SIT – Systems Integration Testing slot with PROD – Production.

<–Start Snippet –>

$prodslot = “PROD”

$sitslot =”SIT”

Switch-AzureWebsiteSlot -Name $websitename -Name -Slot1 $sitslot -Slot2 $prodslot  

<–End Snippet –>

NOTE:

All websites are created in the “AzureWebsites.net” Domain. Each “Slot” are separate Azure sites and will be under the main website slot. As an example a site called SIT would be

SIT.%websitename%.azurewebsites.net

Publishing an Azure Website

If you have a website deployment package you can publish it to azure using the following commands (note you can also publish using FTP,GIT, Visual Studio and other methods):

<–Start Snippet –>

$websitename = “MyWebsite”

$sitslot =”SIT”

$package = “C:\mywebfiles.zip”

Publish-AzureWebsiteProject -Name $websitename -Slot $sitslot  -Package $package

<–End Snippet –>

 

 

How to determine if an Azure web site, cloud, storageaccount or service bus name already exists.

The following can test whether a Microsoft Azure cloud service name, storage service name or service bus namespace name exists or not.

test-Azurename  -Service “CloudServiceName”

test-Azurename  -Storage “StorageAccountName”

test-Azurename  -ServiceBusNamespace “ServiceBusName”

test-Azurename  -Website “WebSiteName”

These parameters will return a “$true” value and can be used to determine how a script will handle a name already in use. This is useful for testing a name prior to creating a cloud service/website/storage account/ service bus automatically.

 

Powershell Help files – Keeping them up-to-date, automated and available offline.

Keeping your Powershell Help files up-to-date is a relatively easy task.

Run the “update-help” cmdlet.

The Update-Help cmdlet downloads the newest help files for Windows PowerShell modules and installs them on your computer. “–Force” Overrides the once-per-day limitation, version checking, and the 1 GB per module limit.

Note: You *may* need to be elevated to an Administrator to update the “Core” PowerShell Modules as only members of the Administrators group on the computer can download help for the for modules in the $pshome\Modules directory.

Individual modules can be updated by specifying the module parameter “Update-Help -Module ServerManager, Azure” (notice the comma separation if multiple modules are required).

Automating the Task:

Update of help can be automated using a scheduled job to ensure the latest version of the help files exist:

Register-ScheduledJob -Name UpdateHelpJob -Credential YourDomain\AUser -ScriptBlock {Update-Help} -Trigger (New-JobTrigger -Daily -At “12 AM”)

Offline Help:

For offline computers the “save-help” cmdlet can be used to download the help files. This can be done from an Internet-connected client computer, without installing the module or the Server role on the local computer.
Saving the Help file (without having the module installed) Example–>

$module = Invoke-Command -ComputerName RemoteServer -ScriptBlock { Get-Module -Name Hyper-V -ListAvailable }
Save-Help -Module $m -DestinationPath C:\HelpFolder

Copy the files to a flashdrive (or use a remote share) and update the local machine(s) –>

Update-Help –Module Hyper-V –SourcePath D:\FlashDrive\HelpFolder

Installing the PowerShell Module for Azure

To install Azure PowerShell:

1.Install Microsoft Web Platform Installer. (Select “Free Download”) and run the application.

FROM -> http://www.microsoft.com/web/downloads/platform.aspx

2.Open Microsoft Web Platform Installer and search for Microsoft Azure PowerShell.

3.Click “Add” and select “Install”.

Install Azure PowerShell

4. Run “Microsoft Azure PowerShell”

Run PS

5. Run “Add-AzureAccount”

6. Logon to your Azure Account.

Use –> “Get-Command -Module Azure” <– for a list of Azure functions or “Show-Command” and search for name “Azure”.

 

**NOTE** These default values will be cached locally in the following file:

“%APPDATA%\Roaming\Windows Azure Powershell\AzureProfile.json”

The Following can provide additional functions to control the cached information.

Add-AzureAccount  –> Makes your Azure account and its subscriptions available in Windows PowerShell. It’s like logging into your Azure account in Windows PowerShell.

Get-AzureAccount –> Gets the Azure accounts that are available to Windows PowerShell.

Remove-AzureAccount –> Removes the account information from the configuration file

Get-AzureSubscription –-> Gets the subscriptions in your Azure account. You can use this cmdlet to get information about the subscription and to pipe the subscription to other cmdlets.Get-AzureSubscription requires access to your Azure accounts. Before you run Get-AzureSubscription, you must run the Add-AzureAccount cmdlet or the cmdlets that download and install a publish settings file (Get-AzurePublishSettingsFile,Import-AzurePublishSettingsFile.

Select-AzureSubscription –->  Sets and clears the current and default Azure subscriptions. The “current subscription” is the subscription that is used by default in the current Windows PowerShell session. The “default subscription” is used by default in all Windows PowerShell sessions. The “current subscription” label lets you specify a different subscription to be used by default for the current session without changing the “default subscription” for all other sessions.

NOTE

The “default” subscription designation is saved in your subscription data file.

The session-specific “current” designation is not saved.

Set-AzureSubscription –->  The Set-AzureSubscription cmdlet establishes and changes the properties of an Azure subscription. You can use this cmdlet to create a new subscription or change the properties of an existing subscription.

Remove-AzureSubscription –-> Removes the subscription information from the configuration file

Switch-AzureMode –-> The Switch-AzureMode cmdlet switches between the Azure and Azure Resource Manager modules. These modules are not designed to be used in the same session.

To determine which module is in your current
session, use the Get-Module cmdlet.NOTE: The AzureResourceManager module is currently in preview and may not provide the same management capabilities as the Azure module.