Wednesday, 30 December 2009

List all Users and Groups in Domain

Using LDIFDE

From the support tools we can find LDIFDE.exe, which is a tool for bulk import and export of Active Directory Objects. You can use LDIFDE to import new user records into the directory, or export specific information on specific users into a text file. LDIFDE defaults to export mode (reading From the Directory). When you add the -i option it can be used to write changes into the Directory. Also, if you want to export and extract only specific details, such as the user name, title and login name for all the users in a specific OU (Organizational Unit), you can run the following command:

ldifde -f C:\ldif\ExportUsers.ldf –s SERVERNAME -d "OU=YourOUname,dc=YourDomainName,dc=com" -p subtree -r "(objectClass=User)" -l "cn,givenName,Title,SamAccountName"

Enabling Multiple Remote Desktop Sessions in Windows XP Professional and Media Center Edition 2005

If you have ever used a real remote computer system like Citrix, then you have probably been craving multiple Remote Desktop sessions since you first fired up Windows XP Professional and/or Media Center Edition. Here is a HACK (translated: USE AT YOUR OWN RISK), to enable multiple Remote Desktop sessions on your XP Pro or MCE 2005 box:

NOTE: You will have to have knowledge of the Windows operating system and more specifically the Windows Registry. If you have no experience with the registry, then I would recommend you find someone who does or leave these alone. I do not make any kind of warranty that this will work for you or your friends. This is provided for entertainment purposes only. Don’t call me if your computer stops working. Got it?

Print these directions so that you have them to work from.
Restart your computer in Safe Mode - Follow this link to learn how to restart Windows XP in Safe Mode
Turn off/disable Remote Desktop Connection (RDC) and Terminal Services
Right click My Computer
Select Properties
Click on the Remote tab at the top of the window
UNCHECK the box next to, “Allow users to connect remotely to this computer“
Click OK
Go to Start -> Control Panel -> Administrative Tools -> Services
Find Terminal Services in the list
Right click on Terminal Services and click Properties
In the Startup Type box, select Disabled
Click OK to close the window
Next you will replace the current version of the Terminal Services DLL (termsrv.dll) with an unrestricted version from a previous release of Terminal Services.
Here is a copy of the Terminal Services DLL - Save it to your Desktop or other suitable location
Using a file manager like Windows Explorer open C:\Windows\system32\dllcache
Rename the file termsrv.dll to termsrv_dll.bak or whatever you would like.
Copy the downloaded termsrv.dll file (the one you just downloaded from the web) to C:\Windows\system32\dllcache
Open the C:\Windows\system32 folder
Delete the file termsrv.dll in C:\Windows\system32
Now we can edit the Windows Registry to enable more than one RDP connection. Go to Start -> Run and type regedit - Hopefully you knew that already
Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Licensing Core
Add a DWORD Key named EnableConcurrentSessions and give it a value of 1
Close the Registry Editor window
Go to Start -> Run and type gpedit.msc to run the Group Policy Editor
Browse to Computer Configuration -> Administrative Templates -> Windows Components -> Terminal Services and double click Limit number of connections
Select the Enabled button and enter the number of connections you would like to enable….at least 2.
Restart Windows
Right click My Computer and select Properties.
Click on the Remote tab at the top of the window
CHECK the box next to, “Allow users to connect remotely to this computer“
Click OK
Go to Start -> Control Panel ->Administrative Tools -> Services. Select Terminal Services from the list and double click it or right-click -> Properties. Set the Startup Type to Manual.

Restart Windows/Computer
You should be good to go

Friday, 11 December 2009

Bulk delete from Postfix queue

To delete a message in Postfix queue, I normally find out the message id first from “postqueue -p” (or simply “mailq”) command. Once the message id is known, I simply issue the following command to delete that particular message (assume the message id is BA4491827DE):

# postsuper -d BA4491827DE

If there is only one message to delete, I can live with that. However, when there’s a bunch of messages (e.g. from a particular domain) you need to delete from the queue, the above method simply too much of a hassle (well, unless you want to delete *everything*, which would be #postsuper -d ALL). Postfix does not have a function for doing that. Luckily, a search on Google yielded this Perl script that does exactly what I want, removing message(s) from queue based on my keyword. Here is the content of that Perl script called “delete-from-mailq”:

#!/usr/bin/perl

$REGEXP = shift || die “no email-adress given (regexp-style, e.g. bl.*\@yahoo.com)!”;

@data = qx;
for (@data) {
if (/^(\w+)(\*|\!)?\s/) {
$queue_id = $1;
}
if($queue_id) {
if (/$REGEXP/i) {
$Q{$queue_id} = 1;
$queue_id = “”;
}
}
}

open(POSTSUPER,”|postsuper -d -”) || die “couldn’t open postsuper” ;

foreach (keys %Q) {
print POSTSUPER “$_\n”;
};
close(POSTSUPER);

Save the above script to a file say “delete-queue” in your home directory, and make it excutable:

# chmod 755 delete-queue

Usage

Delete all queued messages from or to the domain “iamspammer.com”

./delete-queue iamspammer.com
Delete all queued messages to specific address “bogususer@mydomain.com”

./delete-queue bogususer@mydomain.com
Delete all queued messages that begin with the word “bush” in the e-mail address:

./delete-queue bush*\@whateverdomain.com
Delete all queued messages that contain the word “biz” in the e-mail address:

./delete-queue biz

That's it.

Thursday, 10 December 2009

Self-Signed IIS SSL Certificates using OpenSSL

Self-Signed IIS SSL Certificates using OpenSSL

This tutorial assumes that you have a Linux box with OpenSSL installed,and that you want to create a self-signed certificate for IIS5.0 / 6.0

Set up your CA (you only have to do this once)
ON THE LINUX BOX…

Create a private key

openssl genrsa -des3 -out CA.key 1024

(You’ll need to supply a passphrase. DON’T FORGET THIS!!)

Set this to read-only for root for security

chmod 400 CA.key

Create the CA certificate

openssl req -new -key CA.key -x509 -days 1095 -out CA.crt

(Provide appropriate responses to the prompts…for Common Name, you might want to use something like “OurCompany CA”)

Set the certificate to read-only for root for security

chmod 400 CA.crt

Obtain a CSR
ON THE IIS BOX…

Open the Internet Manager
Select the site for which you want to create a key
Right-click and choose Properties
Select the “Directory Security” tab
Click the “Server Certificate” button
Follow the prompts to create a CSR
Save
your CSR, then transfer it to the Linux box for further processing.
(For the following steps, we’ll refer to your CSR as “new.csr”)
Sign the CSR
ON THE LINUX BOX…

Sign the CSR (all of this on one line)

openssl x509 -req -days 365 -in new.csr -CA CA.crt
-CAkey CA.key -CAcreateserial -out new.crt

Transfer the new.crt file back to the IIS box
Install self-signed certificate
ON THE IIS BOX…

Open the Internet Manager
Select the site to install the key
Right-click and choose properties
Select the “Directory Security” tab
Click the “Server Certificate” button
Specify that you want to complete the pending request
Select the .crt file that you just transferred
That’s it!



PS: If you have problems with the certification path (”does not chain up to a
trusted root certificate” in System Log), the following seems to fix it:

1. Internet Information Services -> select the site -> right click -> Properties
2. Directory Security -tab -> Secure communications -frame -> Edit…
3. Select “Enable certificate trust list”, click New… -> Next
4. Add from file -> use CA.crt -> Next
5. Write something to the Name and Description, if you like. -> Next -> Finish