Author Archives: Munkhtuvshin Baatar

TRACE CABLES THE EASY WAY WITH CISCO CDP ON WINDOWS

Download tool from:
https://www.definit.co.uk/2010/02/trace-cables-the-easy-way-with-cisco-cdp-on-windows/

Example of usage:
Step1:

c:\temp\tcpdumptcpdump.exe -D

********************************************************************
**                                                                **
**              Tcpdump v4.9.2 (September 03, 2017)               **
**                   http://www.tcpdump.org                       **
**                                                                **
** Tcpdump for Windows is built with Microolap Packet Sniffer SDK **
**              Microolap EtherSensor product family              **
**               build 5072.01 June 10, 2019 <<<              **
**                                                                **
**        Copyright(c) 1997 - 2019 Microolap Technologies         **
**       http://microolap.com/products/network/ethersensor        **
**         http://microolap.com/products/network/tcpdump          **
**                                                                **
**                  XP/2003/Vista/2008/Win7/Win8                  **
**                 Win2012/Win10/Win2016/Win2019                  **
**               (UEFI and Secure Boot compatible)                **
**                                                                **
**                       Trial license.                           **
**                                                                **
********************************************************************

1.\Device\{F4F682D0-3FEA-4DF1-9385-878235FC4177} (Intel(R) I350 Gigabit Network Connection)
2.\Device\{FF4C946F-ADB3-4DC9-A61A-A91973AFD7E8} (Intel(R) I350 Gigabit Network Connection)
3.\Device\{6C48897F-B39D-4298-B3D3-19402E588D0E} (Intel(R) I350 Gigabit Network Connection)
4.\Device\{D6A49332-2416-4227-89F5-55A5AA19578F} (Intel(R) Ethernet Converged Network Adapter X710)
5.\Device\{7C3220F8-224E-4867-B050-E252D849E404} (Intel(R) Ethernet Converged Network Adapter X710-2)
6.\Device\{9A86189E-CD60-4FD6-93C5-64E8DF14337D} (Intel(R) Ethernet Converged Network Adapter X710-2)
7.\Device\{32BBADAE-BA53-433C-B796-C51CC9526F23} (Intel(R) I350 Gigabit Network Connection)
8.\Device\{B87C05E6-1BF1-4126-AF7C-E01BC0D507DD} (Intel(R) Ethernet Controller X540-AT2)
9.\Device\{543DFBD5-610B-4165-B9B2-B1C6447272C7} (Intel(R) Ethernet Converged Network Adapter X710)
10.\Device\{CB9851A4-A64A-4F31-8AF8-97A812217C44} (Intel(R) Ethernet Controller X540-AT2)

which of interfaces is our?
Step2:

Step3:
Now we know value for parameter -i

c:\temp\tcpdumptcpdump -i 1 -nn -v -s 1500 -c 1 ether[20:2] == 0x2000

********************************************************************
**                                                                **
**              Tcpdump v4.9.2 (September 03, 2017)               **
**                   http://www.tcpdump.org                       **
**                                                                **
** Tcpdump for Windows is built with Microolap 
Read the rest

How to get list of all AD users in AD group

To list all members of one AD security group:

Get-AdGroupMember -identity "Domain Admins" | get-aduser -Properties * | ft name, samaccountname, whencreated

To list all sec. groups of one AD user (member of what groups):

Get-ADUser -Identity [someone'-samaccountname] -Properties memberof|Select-Object -ExpandProperty memberof

To copy all groups from one AD user to other:

Get-ADUser -Identity [source-user-samaccountname] -Properties memberof|Select-Object -ExpandProperty memberof|Add-ADGroupMember -Members [target-user-samaccountname]

# all groups of [source-user-samaccountname] will be copied to [target-user-samaccountname]… Read the rest

Recommendations for powershell profile

As i showed in my post about creation of powershell profile you can add into profile your own frequently used functions.

I recommend to name them with permanent prefix. For example i create all my functions as moguy-cdp, moguy-esxi and so on.

In this case you don’t need to remember the name of your function to run, just start typing as moguy… and autocompletion will show you all your functions.

for example:

function moguy-vms

{

Get-VMHost | Get-VM | Select-Object Name, PowerState, NumCpu, MemoryMB, VMhost, @{N="Datastore";E={Get-Datastore -vm $_}}, UsedSpaceGB, ProvisionedSpaceGB, @{Name='ToolsVersion';Expression={$_.Guest.ToolsVersion}}, @{Name=’VMHostVersion’;Expression={$_.VMHost.Version}},Version, @{N="IP Address";E={@($_.guest.IPAddress[0])}},@{Name=’Cluster’;Expression={$_.VMHost.Parent}}, @{N="PortGroup";E={Get-VirtualPortGroup -VM $_}}, @{N="owner1";E={$_.customfields.item("owner1")}} | Export-Csv 
Read the rest

powershell script notification about expiration of password for AD user

#Import AD Module
Import-Module ActiveDirectory

#Create warning dates for future password expiration
$SevenDayWarnDate = (get-date).adddays(7).ToLongDateString()
$ThreeDayWarnDate = (get-date).adddays(3).ToLongDateString()
$OneDayWarnDate = (get-date).adddays(1).ToLongDateString()

#Email Variables
$MailSender = " Password AutoBot <password-alerter@itforce.com>"
$Subject = 'FYI - Your account password will expire soon'
$EmailStub1 = 'I am a bot and performed this action automatically. I am here to inform you that the password for'
$EmailStub2 = 'will expire in'
$EmailStub3 = 'days on'
$EmailStub4 = '. Please contact the helpdesk if you need assistance changing your password. DO NOT REPLY TO THIS EMAIL.'
$SMTPServer = 'smtp.itforce.local'

#Find accounts that are enabled and 
Read the rest

How configure ssh_config for windows openssh client, for example for PubkeyAcceptedKeyTypes=+ssh-dss

Since win10 you have openssh ssh.exe in

C:\Windows\System32\OpenSSH

So to use passwordless ssh connection you maybe need to provide ssh.exe “PubkeyAcceptedKeyTypes=+ssh-dss”

For this you can create ssh_config file anywhere (for example in c:\users\yourname\.ssh near your id_dsa private key file) with only one line:

PubkeyAcceptedKeyTypes=+ssh-dss

so now you can:

ssh yourname@1.1.1.1 -F "c:\users\yourname\.ssh\ssh_config"

where 1.1.1.1 for example your ssh server, san_switch, HPE virtual connect manager, nimble storage and so on

ps
the same is true for openssh server installed from home site on win2016 server
only ssh.exe file will be in
“C:\Program Files\OpenSSH-Win64” (by default installation)… Read the rest

Allow for new user of FC san switch to use passwordless access

on SAN switch run:

sshutil allowuser moguy
sshutil importpubkey

if your san switch cannot importpubkey, in other words access back to your windows admin workstation over wcp for pub key file due to the lack of firewall access, then download openssh package and install it on windows pc in the storage array environment/subnet, copy to c:\users\moguy\.ssh\ folder of this jump server/adminpc id_dsa.pub and using sshutil importpubkey download/import/install pub key from this openssh server (not from originally generated admin workstation). For example if you installed openssh on windows with 1.1.1.1:22, then:

san_switch_00:moguy@itforce.local> sshutil importpubkey
Enter user name for whom key is 
Read the rest

Generate pub and private ssh keys for passwordless ssh access

in the linux (for windows users i highly recommend to install WSL2 with shared C and D disk file system among win10 and ubuntu; your existing network firewall ACL of main admin workstation to brocade is enough, WSL will NAT your linux) run below command:
ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/moguy/.ssh/id_dsa):
/home/moguy/.ssh/id_dsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/moguy/.ssh/id_dsa.
Your public key has been saved in /home/moguy/.ssh/id_dsa.pub.
The key fingerprint is:
SHA256:NW9kX0RJNKDza22347348734123984794721ppqXegwtY moguy@ws008-101.itforce.local
The 
Read the rest

Add passwordless ssh access for brocade san switch

  1. on administrator workstation generate pub and private ssh keys
  2. on brocade san switch create new user
  3. on brocade san switch allow for above new user to use passwordless access and import into brocade switch previouosly generated pub key for ssh access (the brocade user name should be the same as in public key, as initial linux system user name)

 

now you can script multiple san brocade san switches , for example to get WWN of each switch from both fabrics, from bash of linux/WSL:

inputline="san_switch_12.itforce.local san_switch_13.itforce.local san_switch_14.itforce.local san_switch_15.itforce.local san_switch_16.itforce.local san_switch_17.itforce.local san_switch_18.itforce.local san_switch_19.itforce.local san_switch_22.itforce.local san_switch_23.itforce.local san_switch_24.itforce.local san_switch_25.itforce.local san_switch_26.itforce.local san_switch_27.itforce.local san_switch_28.itforce.local 
Read the rest

Use powershell module to automate Nimble storage administration

Install Nimble module for powershell

Install-Module -Name HPENimblePowerShellToolkit -RequiredVersion 3.0.0

Use below script to connect to nimble SAN storage, and create LUN, Access InitiatorGroup and assign the LUN access group

import-module HPENimblePowerShellToolkit
#this section for inputs, what should be changed
$arrayname = "nimble-group02.itforce.local"
$nm_uid = "admin"
$nm_password = ConvertTo-SecureString -String "[your-password]" -AsPlainText -Force
$nm_cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $nm_uid,$nm_password
Connect-NSGroup -group $arrayname -credential $nm_cred -IgnoreServerCertificate

# The following commands are used if creating an FC connection
$servername="cbuat"
$wwn01="50:01:43:80:26:66:b2:e4"
$wwn02="50:01:43:80:26:66:b2:e6"
$volumename="cbuat-lun001"

$port0=$servername+"_p1"
$port1=$servername+"_p2"
$description="Initiator Group for ”+$servername
$performancepolicyid=Get-NSPerformancePolicy -name default | select -ExpandProperty id

New-NSInitiatorGroup –name $servername –access_protocol fc –description 
Read the rest