Blog Archives

Managing AD Account State

Sometimes the situation arise where an AD account is enabled or disabled by mistake or earlier then its required time. With a lot of companies using automated solutions for managing this, reverting the change can take time. Such urgent situations can be handled by using scripts which could automatically revert the changes to account (enable/disable) every x minutes. All you need to do is to schedule the scripts below to run every x minutes as per your requirements and then keep the input files updated with IDs to action on. Once the changes are permanently fixed, remove the IDs from the input files.  Create two .txt files in say C:\Temp\ folder which would act as input files. One for enable ID and one for disable ID scripts. Populate the required samAccountNames in the relevant files.

Enable IDs:

Option Explicit
On Error Resume Next
Dim ranpass, i, digit, final, Usr, Usrpass, AlphaID, NumericID, EnaUser
Dim oFSO, sFile, oFile, sText, pResult, oFilesys, oFiletxt, sFilename, sPath
Dim objRootDSE, strDNSDomain, objTrans, strNetBIOSDomain
Dim strUserDN, objUser, strempid, strUserNTName, aLine
Set oFSO = CreateObject("Scripting.FileSystemObject")
Set oFilesys = CreateObject("Scripting.FileSystemObject")
Set oFiletxt = oFilesys.OpenTextFile("C:\Temp\EnabledIDs.txt",8,True) 
sFile = "C:\Temp\Userlistenable.txt"
If oFSO.FileExists(sFile) Then
Set oFile = oFSO.OpenTextFile(sFile, 1)
 Do While Not oFile.AtEndOfStream
  sText = oFile.ReadLine
  aLine = split(sText, ",")
   If Trim(sText) <> "" Then
                DisableEmp aLine(0)
   End If
 Loop
oFile.Close
Else
WScript.Echo "The file was not there."
End If
Sub DisableEmp (NumericID)
Dim strUserName,strDomain, objSystemInfo
Set objSystemInfo = CreateObject("ADSystemInfo")
strDomain = objSystemInfo.DomainShortName
strUserName = NumericID
DisableUser strUserName,strDomain
End Sub
sub DisableUser(UserName,DomainName)
Dim strDisableAccount
strUserDN = GetUserDN(UserName,DomainName)
strDisableAccount = FALSE
' ------ END CONFIGURATION ---------
set objUser = GetObject("LDAP://" & strUserDN)
if objUser.AccountDisabled = TRUE then
                objUser.AccountDisabled = strDisableAccount
                objUser.SetInfo
                Outfile UserName
end if
end sub
Function GetUserDN(strUserName,strDomain)
                Set objTrans = CreateObject("NameTranslate")
                objTrans.Init 1, strDomain
                objTrans.Set 3, strDomain & "\" & strUserName
                strUserDN = objTrans.Get(1)
                GetUserDN = strUserDN
end function
Sub Outfile(EnaUser)
                oFiletxt.WriteLine(EnaUser)
End Sub

Disable IDs:

Option Explicit
On Error Resume Next
Dim ranpass, i, digit, final, Usr, Usrpass, AlphaID, NumericID, EnaUser
Dim oFSO, sFile, oFile, sText, pResult, oFilesys, oFiletxt, sFilename, sPath
Dim objRootDSE, strDNSDomain, objTrans, strNetBIOSDomain
Dim strUserDN, objUser, strempid, strUserNTName, aLine
Set oFSO = CreateObject("Scripting.FileSystemObject")
Set oFilesys = CreateObject("Scripting.FileSystemObject")
Set oFiletxt = oFilesys.OpenTextFile("C:\Temp\DisabledIDs.txt",8,True) 
sFile = "C:\Temp\Userlist.txt"
If oFSO.FileExists(sFile) Then
Set oFile = oFSO.OpenTextFile(sFile, 1)
 Do While Not oFile.AtEndOfStream
  sText = oFile.ReadLine
  aLine = split(sText, ",")
   If Trim(sText) <> "" Then
                DisableEmp aLine(0)
   End If
 Loop
oFile.Close
Else
WScript.Echo "The file was not there."
End If
Sub DisableEmp (NumericID)
Dim strUserName,strDomain, objSystemInfo
Set objSystemInfo = CreateObject("ADSystemInfo")
strDomain = objSystemInfo.DomainShortName
strUserName = NumericID
DisableUser strUserName,strDomain
End Sub
sub DisableUser(UserName,DomainName)
Dim strDisableAccount
strUserDN = GetUserDN(UserName,DomainName)
strDisableAccount = TRUE
' ------ END CONFIGURATION ---------
set objUser = GetObject("LDAP://" & strUserDN)
if objUser.AccountDisabled = FALSE then
                objUser.AccountDisabled = strDisableAccount
                objUser.SetInfo
                Outfile UserName
end if
end sub
Function GetUserDN(strUserName,strDomain)
                Set objTrans = CreateObject("NameTranslate")
                objTrans.Init 1, strDomain
                objTrans.Set 3, strDomain & "\" & strUserName
                strUserDN = objTrans.Get(1)
                GetUserDN = strUserDN
end function
Sub Outfile(EnaUser)
                oFiletxt.WriteLine(EnaUser)
End Sub

This can be scheduled on one of the domain controllers.

Advertisements

Track VM Changes

With large VMware implementations and large teams to support those environments, it becomes difficult to track of all your team is following the company standards while changing any existing virtual machine or creating new ones. Following is a sample script on how you can track it automatically via emails. The parameters being tracked can be changed as per your individual environment standards. We will implement this on the Datacenter level with the vCenter, however, you can change the target as per your requirement.

Prerequisite: Sending SMTP mails from your vCenter server should be configured.

First, identify the scenario which could indicate a machine configuration change or new machine creation, e.g. a VM is created, VM is configured or VM is powered off.

Now create a new alarm on the datacenter level within vCenter with following Events:

1

 

Create a folder under C:\Windows\ or any other preferred location and copy the following three scripts in it.

  1. Batch File:

Create a batch file createalert.bat with following content:

@echo off
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\windows\folder\createalert.ps1 %1"
  1. Powershell Script:

Create a powershell script createalert.ps1 with following content:

param ([string] $srv = $null)
"C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI\Scripts\Initialize-PowerCLIEnvironment.ps1"
if (-not (Get-PSSnapin VMware.VimAutomation.Core -ErrorAction SilentlyContinue)) {
Add-PSSnapin VMware.VimAutomation.Core} 
$VC1 = "xxx.xxx.xxx.xxx"
$date = Get-Date -DisplayHint DateTime -Format "yyyy-M-d" 
Connect-VIServer -Server $VC1 -WarningAction SilentlyContinue
Get-VM $srv |Select Name,PowerState, vmhost, memoryGB, numcpu, notes, folder, resourcepool, version, 
@{N="Guest OS";E={ ($_ | Get-vmguest).osfullName}},
@{N="Cluster";E={ ($_ | Get-Cluster).Name}}, 
@{N="Network Name";E={ foreach($nic in $_ | Get-networkadapter){$nic.name}}},
@{N="Network Type";E={ foreach($nic in $_ | Get-networkadapter){$nic.type}}},
@{N="IP Address";E={ ($_ | Get-vmguest).ipaddress}},
@{N="Datastore Name";E={ ($_ | Get-Datastore).Name}},
@{N="DS Size GB";E={ ($_ | Get-Datastore).CapacityGB}},
@{N="DS Free Space GB";E={ ($_ | Get-Datastore).FreespaceGB}},
@{N="Total Disk GB"; E={  ($_ | Get-harddisk | measure-object -prorerty CapacityGB -sum).Sum}}, 
@{N="Hard Disks";E={ foreach($disk in $_ | Get-harddisk){$disk.name}}},
@{N="Disk Size GB";E={ foreach($disk in $_ | Get-harddisk){$disk.capacityGB}}},
@{N="Disk Format";E={ foreach($disk in $_ | Get-harddisk){$disk.storageformat}}},
@{N="Disk File Name";E={ foreach($disk in $_ | Get-harddisk){$disk.filename}}}|out-file c:\windows\folder\report\Report-$srv-$Date.txt -encoding ASCII
Disconnect-VIServer -server $VC1 -Force -Confirm:$false
cscript c:\windows\folder\sendmail.vbs "c:\windows\folder\report\Report-$srv-$Date.txt"
remove-item "c:\windows\folder\report\Report-$srv-$Date.txt"
  1. VBScript:

Create a vbscript sendmail.vbs with following content. You can also write the code below in powershell itself:

Const ForReading = 1
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile (WScript.Arguments(0), ForReading)
Set objMessage = CreateObject("CDO.Message") 
objMessage.Subject = "VM State Alert"
objMessage.From = "sender@yourdomain.com" 
objMessage.To = "receiver@yourdomain.com"
objMessage.TextBody = "State of following VM has been changed. Please verify VM configuration:" & vbCRLF
objMessage.TextBody = objMessage.TextBody & objTextFile.ReadAll()
objTextFile.Close
objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2 
objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "smtp.yourdomain.com"
objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
objMessage.Configuration.Fields.Update
objMessage.Send

Once all the three scripts are in place, reopen the alarm created earlier and add the following action:

2

Under configuration, mention the path of your batch file:

c:\windows\folder\createalert.bat %VMWARE_ALARM_EVENT_VM%

VMWARE_ALARM_EVENT_VM is a parameter which would pass the hostname of affected VM into the batch file.

Once this alert is configured and enabled, you will get an email every time a new VM is created or an existing VM is modified, and you can keep track of your organizational VM policies.