Tuesday, March 27, 2012

HOWTO: Shortcuts to managing DHCP in enterprise environments

How to extract MAC address from DHCP reservations


netsh dhcp server dump >> reservationdump.txt
find “Add reservedip” reservationdump.txt >> reservations.csv


Updated June 26, 2012


Had another issue at work where I had to merge two DHCP scopes that divided a single segment between the scopes. Each scope controlled a range of IP addresses (Scope #1, .1 - .127, Scope #2, .128 - 254). 


Both of the scopes had custom scope attributes defined. 


One of the scopes had reservations defined.


To make matters more interesting, the subnet mask had to be changed from /25 (255.255.255.128) to /24 (255.255.255.0) - DHCP scope allows you to edit the defined range but the subnet mask is greyed out.


Lastly, a new scope had to be created under a new segment based on one of the old scopes above.




How to merge scopes without losing custom settings and re-doing reservations:


A variation of the commands  at the start of this post will get you a text dump.
(Note there are two kinds of export data; binary and text and they are not interchangable)


If you need to quickly modify a scope on DHCP, eg, delete a scope and recreate all the reservations in a new scope, the above technique with the following steps will make it easier.


1. Export the scopes: netsh dhcp server dump >> dump.txt
2. Edit the exported file (you can safely delete the other non applicable scopes)
3. Import the exported file using this command: netsh exec c:\dump.txt


You may encounter these errors when you try to export DHCP server configuration (binary):
"An attempt was made to load a program with an incorrect format" - Hotfix solution from Microsoft
"Access denied" error message when you use the "netsh dhcp server import" - Binary Export/Import DHCP database steps




References:
Netsh commands for DHCP


Starting point for solution:
HOWTO: Import and Export DHCP reservations in server 2003

How to reset Windows XP/2000 default system security


I bet some of you guys have had these "power users" that absolutely screw up their own workstations so much so that you as an administrator can't control the file system nor control the machine remotely.

Well...

To restore Windows 2000/XP’s default system security you can execute following command:

secedit /configure /cfg "%systemroot%\security\templates\setup security.inf" /db waisaw.sdb /verbose

If file “%systemroot%\security\templates\setup security.inf” does not exist, retrieve it from another XP machine.

Friday, March 23, 2012

VMware/vSphere - CPU READY and CPU USAGE put simply


I was asked this question by my colleagues and after answering it with the official VMware explanation, they still didn't quite get it. (Yeah, actually if I look at it without the necessary background info, I'd probably not get it either...)

The following visualization helped put it simply:

What's the difference between CPU READY and CPU USAGE
CPU USAGE and CPU READY - What is it?




CPU Ready = % of time there is work to be done for VMs, but no physical CPU available to do it on (all host CPUs are busy serving other VMs). One rule of thumb that I heard is that below 5% Ready is normal; anything between 5% and 10%, best keep an eye on the VM and the host. Over 10% (for extended periods) you should be planning on taking some action.
-           
-          CPU Usage = raw, absolute amount of CPU used by corresponding VM at the given moment.

References:
The amount of time a virtual machine waits in the queue in a ready-to-run state before it can be scheduled on a CPU is known as ready time.
The higher the ready time is, the slower the virtual machine is performing. The ready time should preferably be as low as possible. Virtual machines that are allocated multiple cpus or have high timer interrupts are more frequently seen with high ready time values. 


Tuesday, March 20, 2012

The best way to disable 4300 computer accounts in Active driectory

Reposting here for my own reference.
Original thread can be found here

Here is a VBScript program Richard Mueller wrote a few years ago to disable computer accounts from a text file. The file name and path are hard coded in the program, so the file can be anywhere. The file must be a list of computer names (NetBIOS names), one name per line:

--- Begin script ---
Option Explicit

Dim strFile, objFSO, objFile
Dim objRootDSE, strDNSDomain, objTrans, strNetBIOSDomain
Dim strComputer, strComputerDN, objComputer

' Constants for the NameTranslate object.
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1

' Specify text file of computer NetBIOS names.
strFile = "c:\Scripts\Computers.txt"

' Open the file for read access.
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(strFile, 1)

' Determine DNS name of domain from RootDSE.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")

' Use the NameTranslate object to find the NetBIOS domain name from the
' DNS domain name.
Set objTrans = CreateObject("NameTranslate")
objTrans.Init ADS_NAME_INITTYPE_GC, ""
objTrans.Set ADS_NAME_TYPE_1779, strDNSDomain
strNetBIOSDomain = objTrans.Get(ADS_NAME_TYPE_NT4)
' Remove trailing backslash.
strNetBIOSDomain = Left(strNetBIOSDomain, Len(strNetBIOSDomain) - 1)

' Read lines from the file.
Do Until objFile.AtEndOfStream
strComputer = Trim(objFile.ReadLine)
If (strComputer <> "") Then
' Convert NetBIOS name to DN.
' NetBIOS name must have "$" appended to end.
' Trap error if computer not found.
On Error Resume Next
objTrans.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain & "\" & strComputer & "$"
If (Err.Number <> 0) Then
On Error GoTo 0
Wscript.Echo "Computer not found: " & strComputer
Else
On Error GoTo 0
strComputerDN = objTrans.Get(ADS_NAME_TYPE_1779)
' Bind to the computer object.
Set objComputer = GetObject("LDAP://" & strComputerDN)
' Disable the computer.
objComputer.AccountDisabled = True
objComputer.SetInfo
End If
End If
Loop

Wscript.Echo "Done"

--- End Script ---