Add passwordless ssh access for brocade san switch

  1. on administrator workstation generate pub and private ssh keys
  2. on brocade san switch create new user
  3. on brocade san switch allow for above new user to use passwordless access and import into brocade switch previouosly generated pub key for ssh access (the brocade user name should be the same as in public key, as initial linux system user name)

 

now you can script multiple san brocade san switches , for example to get WWN of each switch from both fabrics, from bash of linux/WSL:

inputline="san_switch_12.itforce.local san_switch_13.itforce.local san_switch_14.itforce.local san_switch_15.itforce.local san_switch_16.itforce.local san_switch_17.itforce.local san_switch_18.itforce.local san_switch_19.itforce.local san_switch_22.itforce.local san_switch_23.itforce.local san_switch_24.itforce.local san_switch_25.itforce.local san_switch_26.itforce.local san_switch_27.itforce.local san_switch_28.itforce.local 
Read the rest

Use powershell module to automate Nimble storage administration

Install Nimble module for powershell

Install-Module -Name HPENimblePowerShellToolkit -RequiredVersion 3.0.0

Use below script to connect to nimble SAN storage, and create LUN, Access InitiatorGroup and assign the LUN access group

import-module HPENimblePowerShellToolkit
#this section for inputs, what should be changed
$arrayname = "nimble-group02.itforce.local"
$nm_uid = "admin"
$nm_password = ConvertTo-SecureString -String "[your-password]" -AsPlainText -Force
$nm_cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $nm_uid,$nm_password
Connect-NSGroup -group $arrayname -credential $nm_cred -IgnoreServerCertificate

# The following commands are used if creating an FC connection
$servername="cbuat"
$wwn01="50:01:43:80:26:66:b2:e4"
$wwn02="50:01:43:80:26:66:b2:e6"
$volumename="cbuat-lun001"

$port0=$servername+"_p1"
$port1=$servername+"_p2"
$description="Initiator Group for ”+$servername
$performancepolicyid=Get-NSPerformancePolicy -name default | select -ExpandProperty id

New-NSInitiatorGroup –name $servername –access_protocol fc –description 
Read the rest

how properly enter into maintenance mode on Exchange2016/2013 DAG

Let’s assume that we have

ex01.itforce.local and ex02.itforce.local Exchange 2016 servers in DAG cluster. We need to install new CU on this cluster without downtime. (assumed that all CAS, smtp protocols are properly loadbalanced). So we need:

  1. at first disable all workloads/switch to maintenance mode on the node ex01,
  2. install CU on ex01,
  3. reboot ex01
  4. exit from maintenance mode on ex01
  5. enter into maintenance mode on ex02
  6. install CU on ex02,
  7. reboot ex02
  8. exit from maintenance mode on ex02
  9. equally spread workload on both nodes again
#goto ex01
#run in elevated mode powershell for exchange

#prepare smtp transport:
Set-ServerComponentState ex01 
Read the rest

How to report all hidden mailboxes with related AD user Enable status

# find all hidden mailboxes for whole AD  and show AD user’s Enabled/Disabled status, plus with location (in what OU)

get-mailbox -resultsize unlimited | where {($_.IsMailboxEnabled -eq "True") -and ($_.HiddenFromAddressListsEnabled -eq "True" )} | select-object name, samaccountname, @{N="ADAccount-Is-Enabled"; E={(get-aduser -Identity $_.samaccountname).enabled}}, PrimarySmtpAddress, IsMailboxEnabled , HiddenFromAddressListsEnabled, OrganizationalUnit| export-csv -path c:\temp\hidden.csv -NoTypeInformation
Read the rest

How in bulk disable “Protect from accidental deletion” in AD

sample, how to untick/disable attiribute “Protect from accidental deletion” in bulk/batch for whole OU

It can be useful to be able to move, delete ADobjects using powershell, ADManager

$searchb02 = "OU=Disabled Users,DC=itforce,DC=local"
Get-ADObject -Filter * -SearchBase $searchb02 |ForEach-Object -Process {Set-ADObject -ProtectedFromAccidentalDeletion $false -Identity $_}
Read the rest

How to report in Active Directory all protected users

If you use ManageEngine ADmanager Plus then some your manual operations or automations can fail due to the “Protect from accidental deletion”. In this case it’s very useful to determine who has already this attribute enabled:

Get-ADuser -Filter * -Properties * | select-object name, samaccountname,enabled, ProtectedFromAccidentalDeletion | export-csv -path c:\temp\protection-status.csv -NoTypeInformation

if you need to disable this attribute pls visit my other post

 … Read the rest

How to configure safe vpn for free and easy

Coronavirus forced many people, companies to move to teleworking. The banks and large corporations surely have enough budget to buy enterprise vpn boxes and solutions. My post is only for small companies which need free/cheap solution to access own small office infrastructure during coronavirus pandemia from home, remote offices and at the same time to avoid directly openning RDP access from the internet (which is not safe at all even with DUO 2fa and so on)

It’s assumed that the small company has at least

  1. router which can port forward (even tplink and dlink can do it;  if you have
Read the rest