« Posts under Active Directory

Visualize Active Directory Site Connections

In this post I use powershell with graphviz to create an Active Directory diagram of all site connections between servers. Additionally, I’ve included some code which displays site connection options. You may be able to use this to find isolated DCs or just to see a pretty diagram.

»Read More

Find Disabled Users With Lync Enabled Without Lync Cmdlts

Here is a quick tip which applies to more than just Lync. I use powershell with .NET ADSI to gather a list of all users which are disabled but still have Lync sip addresses assigned. There are numerous reasons to disable lync on such accounts. One reason would be to make certain that users whom are no longer with the organization get removed from the Lync address list. Another is so these same users can no longer access Lync! (Yes, a disabled AD account may still be authorized to access Lync).

»Read More

Gather Applied GPOs from Remote Systems With Powershell

Gather the applied GPO information for one or more systems using wmi, alternate credentials, and multiple runspaces. Function supports custom timeout parameters in case of wmi problems and returns GPO name, applied order, source, no override settings, and more. You can view verbose information on each runspace thread in realtime with the -Verbose option.

»Read More

Audit User Profile Folders With Powershell

This function will aggregate sub-folders within a folder on a server and attempt to associate them with user IDs within a domain and provide additional information. This script can also be used to move folders for disabled or non-existent accounts.

»Read More

Exchange: Mailbox GUI

Exchange 2010 Mailbox GUI

A powershell GUI for selecting and performing actions against multiple Exchange mailboxes.

»Read More

Exchange – The State Of External Client Access


Most within the messaging and collaboration industry are hyped up about the next wave of Microsoft collaboration and messaging products which are soon to be released. Among these products is Exchange 2013 RTM. This type of release typically precedes yet another wave of architecture upgrades across the corporate landscape. Some of these (beta testers) will be will undoubtedly upgrade to Exchange 2013.

Other corporations will start to feel the burn to upgrade as well. These will be organizations which realize that their Exchange 2003/2007 infrastructure is nearing a decade old existence and cannot meet the demands of their ever growing mobile workforce. Realizing they are behind the curve, they may feel hastened to upgrade as well, possibly just to Exchange 2010. Regardless the reason in choosing to upgrade their messaging infrastructure, there are critical design decisions which need to be made in how clients access this infrastructure both internally and externally. This article focuses solely on the external access aspect of the infrastructure.

»Read More

Exchange 2010: Even More Migration Tips

It has been a while since I passed on some personal experiences when performing Exchange 2010 migrations. I thought it was about time to update my list to include some more of the lesser known aspects of an Exchange 2010 migration.

»Read More

Active Directory: Best Practices Workbook

This is a checklist for technicians performing Active Directory assessments. It is broken down by category and best practice. Some items listed are not really a best practice, but rather something which you may find in an environment which should be rectified (as part of an audit perhaps).

»Read More

Create Your Own Network Assessment Appliance

In this write-up I setup several network assessment tools which can be used in the discovery process of a new environment. This can be useful for a newly hired sysadmin or a consultant in rapidly gathering information to assess the health and/or state of a network.


I often find myself assessing a foreign network infrastructure for performance or other issues. Depending on the size of the environment, digesting everything can be daunting without the help of some third party tools. I’ve been using a custom Linux VM on my workstation that has all kinds of tools specifically for gathering information about a network’s performance, layout, and statistics. I’ve decided to retool the VM I currently use and take better notes on what I install so others may do the same if they so desire.

List of tools installed


Nedi is probably the coolest network information gathering tool out there. You can create maps, population reports, and get more information than you ever wanted to know about an environment. The catch is that you really want to enable cdp/lldp (FDP?) on all infrastructure devices and make sure that they all have an SNMP read-only string configured. You also gain benefits by setting the SNMP location string in a particular format.

This format (directly from the nedi site) is as follows:

Region;City;Building;Floor;[Room;][Place within room;][Whatever additional info you want]

Example SNMP location string for a device:

Illinois;Chicago;Main Station;5;DC;Rack 17;7-8

Even if you don’t have the time to set all these locations on all devices the information gathered from Nedi (that is more of a task for the system administrator as it requires knowledge of device placement and such ahead of time), the information gathered with the tool still very valuable for performing analysis of an environment. Nedi is really meant to squat on the network and gather information over a period of time. In this article I do not set it up with any cron jobs as I normally run this appliance from my laptop for short term engagements for general environment analysis only. I use a few other applications to gather performance metrics for short periods of time that I’m on site.


This is one of those hidden gems which I’m surprised more people are not using. Observium terms itself as:

…an autodiscovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems including Cisco, Linux, FreeBSD, Juniper, Brocade, Foundry, HP and many more.

Observium has grown out of a lack of easy to configure network monitoring platforms. It is intended to provide a more navigable interface to the health and performance of your network. Its design goals include collecting as much historical data about devices as possible, being completely autodiscovered with little or no manual intervention, and having a very intuitive interface.

I use Observium as an alternate way of mapping out a network by interface. Here is a quick example of what such output may look like with a couple of HP switches at the core connected to each other and to a few other cisco switches:

Observium Port Mapping

Figure 1: Example Observium Map

I also use it for a short term performance monitor of an environment’s equipment. As an example, I once used it to determine that a random network outage that lasted less than a minute was isolated to an old catalyst switch with an IOS bug that forced a reboot from memory over-consumption.

The BIG caveat to using this tool is that any device added needs to be able to resolve in DNS. It is the author’s preference (and I kinda do not blame the man, not enough people fully resolve their infrastructure equipment).


Ok, this one was going to be NetworkAuthority (which I’ve setup in the past). But when I went to go install it again I was unsurprised to find out that it had died. Fortunately an open sourced project forked from it called Xerela. Even more fortunate is that the project is windows only with a nice installer. So this isn’t going to be officially covered in this install guide but I felt the need to give the project props in hopes that it stays alive 🙂 If you do install this on your laptop you will need the Java SDK installed so may as well download that ahead of time. Oh, and install perl as well.

In the future I may shove Rancid into this position but the goal of Rancid is more long term rather than assessment oriented. It is great at collecting configurations but the primary use is to collect and diff the configs to be able to know what is changing in your environment. If you go onsite for a day or two the effort to setup Rancid just to get a copy of device configs is not really worth it.


I use this tool to gather information concerning internet latency. Sometimes network issues are not necessarily internal but rather provider based. This can be used to provide evidence of latency issues which a provider may be having. And the graphs it produces look pretty on a deliverable report as well J


Nipper is used for firewall configuration auditing. Nipper became a commercial product some time ago but, with a little work, you can still use the fork of the OSS version though. Generating reports from this appliance is not as easy as using NipperME but it is certainly not impossible. I don’t cover NipperME as this appliance is really meant to be headless in use. I may go into the many windows tools I use for network analysis in a future write up though.


When installing ubuntu at the install screen press F4 for modes and select the minimal virtual machine install mode. Select the OpenSSH Server and the LAMP Server options. Create your user and a root mysql password and keep a note of them.

Get some base software and prep your sandbox some:


Now time for nedi.

There, now you are able to access nedi at http://<server ip>/nedi/html with the admin/admin credentials. If you find you are reusing this tool for many sites you can easily customize it by logging in, going to System -> Files, and using the first dropdown in the upper left to select /var/www/nedi/seedlist and/or /var/www/nedi/nedi.conf to modify snmp/logon string and initial seedlists for an environment. Then clear things out from the last engagement you may have done by going to the System -> Nedi area, selecting the “Init” radio button on the right and entering in root for your user and your mysql password for the password. Execute that puppy and all data cleared. Finally select verbose, protocol, node dev, FQDN, Route, and OUI checkboxes and the “discover” radio box. Click execute again and depending on the environment size wait around for a bit while watching all that beautiful information roll down on the screen.

As a bonus I also include NeDi2GraphML. This can be used to create some pretty wicked looking diagrams which you can edit with yED. To create a diagram you can run the following after having performed your initial collection.

Then transfer NiceSchemmatic.graphml to your workstation for editing as you see fit.


Setup your observium home and get it installed (I ran into issues not running observium from opt so that is why it is there)

If you will be using observium in an assessment you will gain the most value by adding devices to it early on. It really excels in gathering performance information in a manner which is easy to maneuver through. You can now access observium at http://<ip address>:81/


This is probably the easiest one to setup. Just add a few external targets to monitor and start the service.

To access smokeping go to http://<ip address>/cgi-bin/smokeping.cgi


This one is pretty easy:

Then use nipper at the command line to see options for scanning your firewall configuration and generating client consumable deliverables.


I’ve added a few extra applications in this appliance setup which can be used (or not) in an assessment. I ran across a few of them while doing this write up and have not actually used them in a real assessment. But they show potential and are pretty easy to setup so I decided to include them in the appliance. I give minimal instructions on their usage (as I’ve minimally used them). I’ll leave it as an exercise to the reader to determine their worthiness.


I’ve literally never used this before but the project looks promising so I did a very basic setup for future use. Much of what I read from the readme points to a process where you setup a config file, run some scripts in order, and finally run a script which produces an html formatted report. I’m looking forward to using this when the opportunity presents itself.


This little bad boy is not really new to me but my experience with it is minimal. I decided to add it to the appliance to get more experience with its usage and see if I can gain further assessment information from it for future engagements.

The setup for the appliance is fairly basic. You just need to download it, put it into a php/apache capable directory, and change a few perms.

After this is done go to http://<ip address>/openaudit and go through the initial configuration steps. Use root/<mysql root password> when asked for database information.

To actually get a domain audit is a bit more of a pain. The general process is to make your appliance available to the network, download a config and a vbs file from it to a DC, modify the config, then run the vbs to start collecting server information to send back up to appliance.

From the Admin->Config page add an ldap connection. After it has been added add a path as well, it may not be immediately discernible where this is done. Simply hover over the ldap connection and select “Add New Path” from the pop-up menu (as shown below). Make the path the root of the domain you are assessing (ie. DC=the-little-things,DC=net)

Open-AudIT LDAP Config

Figure 2: Open-AudIT LDAP Config

Then remote to a DC and access http://<ip address>/openaudit/scripts/ from a web browser, download audit.config and audit.vbs from it to the local machine, and edit audit.config. Below is audit.config pertinent configuration settings (not the entire audit.config, just the areas which are most important)

audit_location = “r”


strComputer = “”

audit_local_domain = “y”

local_domain = “LDAP://dc=the-little-things,dc=net”

nmap_subnet = “172.17.0.”            ‘ The subnet you wish to scan

nmap_subnet_formatted = “172.017.000.”    ‘ The subnet padded with 0’s

Then, from that same directory, (where both the audit.config and audit.vbs files are located) run:

Tying It All Together

We are not really tying these apps together as much as making them usable for you from your laptop. If you are using VMware workstation then you need to setup some NAT love to get things working. Typically VMware workstation will use vmnet8 for NAT so you will want to go into the virtual network editor and setup a few NAT Setting rules on it for your new network info collecting baby.

The primary NAT settings which need to be set are as follows:

Host Port Type Virtual Machine IP Address Description


TCP <IP Address> SSH


TCP <IP Address> Nedi, Open-AudIT, Smokeping


TCP <IP Address> Observium


Although this little setup guide only covers a small portion of the tools I use on a daily basis it should be enough for most people to get their feet wet. I do not at all cover the ways which I utilize the data collected from an environment to come to an assessment for a client. This is because each environment and engagement is different. If you are looking for security issues your assessment will be far different than if you are looking for causes of a periodic network slowdown (or not, root/cause analysis can lead to some pretty interesting results). Besides, if you understand networking and infrastructure then you will know what you are looking for far better than I could verbalize.

Sysadmin Task: Migrate DNS

I’ve migrated DNS servers more than a few times and find that I’m doing the same tasks or using the same custom scripts over and over again. Here is my quick and dirty task list with some powershell scripts you too might find of use. As there are a hundred ways to skin this cat I don’t claim my methods to be the best but they sure are fast and far easier than manually changing a dns address on hundreds of servers, workstations, and network devices.

»Read More


Get every new post delivered to your Inbox

Join other followers