Saturday, 22 September 2018

11 PowerShell commands to use in managing Active Directory




1. Create computer object

New-ADComputer -Name "ComputerName" -SamAccountName "ComputerName" -Path "OU=Computers,DC=Domain,DC=com"

2. Create new security groups

New-ADGroup -Name "Security Group Name" -SamAccountName "SecurityGroupName" -GroupCategory Security -GroupScope Global -DisplayName "Security Group Name" -Path "CN=Groups,DC=Domain,DC=com" -Description "Brief description of the what security group is used for"

3. Create a new user account

New-ADUser -Name "User Account Name" -SamAccountName "UserAccountName" -AccountPassword (ConvertTo-SecureString "password" -AsPlainText -Force) -DisplayName "User Name" -Enabled $True -GivenName "FirstName" -Path "CN=Users,,DC=Domain,DC=com" -Server "controller.domain.com" -Surname "LastName" -UserPrincipalName "username@domain.com"

4. Create a new OU

New-ADOrganizationalUnit -Name "OU Name" -Path "DC=Domain,DC=com"

5. Add/remove users or computer objects to/from groups

Add-ADGroupMember SecurityGroupName -Members Username01 -Server "controller.domain.com" Remove-ADGroupMember SecurityGroupName -Members Username01 -Server "controller.domain.com"

6. Obtain the locally stored password from a computer object

Get-AdmPwdPassword -ComputerName "computer.domain.net"

7. Joining a computer to a domain

Add-Computer -DomainName "domain.com" -Credential Domain\Username -Restart -Force

8. Enable/Disable users, computers, or service accounts

Enable-ADAccount -Identity "ComputerName"

Disable-ADAccount -Identity "Username"

9. Unlock user accounts

Unlock-ADAccount -Identity "Username"

10. Locate disabled computer or user accounts

Search-ADAccount -AccountDisabled | FT Name,ObjectClass

11. Repair a broken trust between a client and the domain

Test-ComputerSecureChannel -Server "controller.domain.com"

Friday, 17 August 2018

Very Usefull cisco IOS show commands




Important Cisco Router Show commands and their uses listed below:


1FRouter2#show interfaces
Displays statistics for all interfaces
1FRouter2#show interface fa0/0
Displays statistics of fa0/0 interface. You may use other interface also.
1FRouter2#show ip interface brief
Displays a summary of all IPv4 interfaces, including status and IPv4 address assigned in router "1FRouter2"
1FRouter2#show ipv6 interface brief
Displays a summary of all IPv6 interfaces, including status and IPv6 address assigned in router "1FRouter2"
1FRouter2#show controllers serial 1/0
Displays statistics for interface hardware serial 1/0. Statistics display if the clock rate is set and if the cable is DCE, DTE, or not attached
1FRouter2#show clock
Displays the system clock of the router "1FRouter2".
1FRouter2#show hosts
Displays the configured hostnames and their corresponding IP addresses of the router "1FRouter2"
1FRouter2#show users
Displays all users connected to the router "1FRouter2"
1FRouter2#show history
Displays history of Cisco IOS commands used
1FRouter2#show flash
Displays info about Flash memory
1FRouter2#show version
Displays info about loaded Cisco IOS software
1FRouter2#show arp
Displays the ARP table of the router "1FRouter2". ARP table is the table which contains the resolved IPv4 address to MAC address mappings.
1FRouter2#show protocols
Displays status of configured Layer 3 protocols
1FRouter2#show startup-config
Displays configuration saved in NVRAM
1FRouter2#show running-config
Displays configuration currently running in RAM
1FRouter2#show ip route
Displays the IPv4 routing table of the router "1FRouter2"
1FRouter2#show ipv6 route
Displays the IPv6 routing table of the router "1FRouter2"


Wednesday, 15 August 2018

Very Basic Cisco Router or switch Configuration Commands




How to Configure a Router Hostname

To configure a name for router, use hostname command from Global Configuration mode.

Router>enable
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname f5skills.com.R1
f5skills.com.R1(config)#exit
f5skills.com.R1#

How to Configure a MOTD Banner for Router

Users will be presented with a MOTD (Message of the DAY) banner every time they attempt a connection via the console port, auxiliary port, or a telnet session to router. Use the following commands to configure a MOTD message. Here the "#" character is known as a delimiting character. The banner message should be sorrounded by delimiting character and the message should not contain the delimiting character.

f5skills.com.R1>enable
f5skills.com.R1#configure terminal
f5skills.com.R1(config)#banner motd #
***************************************************************
                     PROPERTY OF F5SKILLS.COM
        Access is restricted to authorized users only.
  Unauthorized access is a violation of state and federal,
            civil and criminal laws.

***************************************************************

#
f5skills.com.R1(config)#exit
f5skills.com.R1#


How to enable DNS lookup

To configure a DNS server for your router, follow these steps.

f5skills.com.R1>enable
f5skills.com.R1#configure terminal
f5skills.com.R1(config)#ip name-server 10.100.156.10
f5skills.com.R1(config)#exit
f5skills.com.R1#

How to turn off the automatic name resolution
The router is set by default to try to resolve any word that is not a command to a DNS server at address limited broadcast IP Address 255.255.255.255. We can turn off this by using the following command.

f5skills.com.R1>enable
f5skills.com.R1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
f5skills.com.R1(config)#no ip domain-lookup
f5skills.com.R1(config)#exit
f5skills.com.R1#

How to assign a Local Name to an IP address

Following command assigns a host name to an IP address. Once this is completed, we can use the configured host name for telnet or ping.

f5skills.com.R1>enable
f5skills.com.R1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
f5skills.com.R1(config)#ip host PC1 10.100.156.10
f5skills.com.R1(config)#exit
f5skills.com.R1#


How to Turn on synchronous logging

If the router sends a message to the console while you're entering a command, by default the router will interrupt your work to show the message.

If you want the information sent to console not interrupt the command you are typing, turn on synchronous logging.

f5skills.com.R1>enable
f5skills.com.R1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
f5skills.com.R1(config)#line console 0
f5skills.com.R1(config-line)#logging synchronous
f5skills.com.R1(config-line)#exit
f5skills.com.R1(config)#exit
f5skills.com.R1#

How to configure an inactivity time-out for automatic log-off

Sets time limit when console automatically logs off. Set to 0 0 (minutes seconds) means console never logs off.

f5skills.com.R1>enable
f5skills.com.R1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
f5skills.com.R1(config)#line console 0
f5skills.com.R1(config-line)#exec-timeout 3 0
f5skills.com.R1(config-line)#exit
f5skills.com.R1(config)#exit
f5skills.com.R1#

Tuesday, 14 August 2018

How to secure cisco router or a switch with passwords




To configure the console password

Router>enable
Router#configure terminal
Router(config)# line console 0
Router(config-line)# password f5skills
Router(config-line)# login
Router(config-line#Ctrl-Z
Router#



To configure the auxilary password

Router>enable
Router#config t
Router(config)#line aux 0
Router(config-line)#password f5skills
Router(config-line)#login
Router(config-line)# Ctrl-Z
Router#

To password protect VTY Ports (Telnet Ports)

Configuring the VTY password is very similar to doing the Console and Aux ones. The only difference is that there are 5 VTY virtual ports, which are named 0, 1, 2, 3, and 4. You can use the shortcut 0 4 (a zero, a space, and 4) to set all 5 passwords at the same time. To configure the VTY password, follow these steps.

Router#config t
Router(config)#line vty 0 4
Router(config-line)#password f5skills
Router(config-line)#login
Router(config-line)# Ctrl-Z
Router#

To password protect Privileged Mode

The Enable Password is the old form of the password for "Privileged Mode". Here the password is stored un-encrypted.

Router#config t
Router(config)#enable password f5skills
Router(config-line)# Ctrl-Z
Router#

Enable Secret provides better security since password is kept encrypted using irreversible encryption algorithm.

Router#config t
Router(config)#enable secret f5skills
Router(config-line)# Ctrl-Z
Router#

Sunday, 12 August 2018

What is User, Privilege and Global configuration modes in Cisco IOS command line




Cisco IOS has a Command Line Interface (CLI) and it has three command line modes. Each mode has access to different set of IOS commands.



User mode (User EXEC mode)

User Mode is the first mode a user has access to after logging into the router. The user mode can be identified by the > prompt following the router name. This mode allows the user to execute only the basic commands, such as those that show the system's status. The router cannot be configured or restarted from this mode.

The user mode can be identified as shown below

Router>                                                                                             


Privileged mode (Privileged EXEC Mode)

Privileged mode mode allows users to view the system configuration, restart the system, and enter router configuration mode. Privileged mode also allows all the commands that are available in user mode. Privileged mode can be identified by the # prompt following the router name. From the user mode, a user can change to Privileged mode, by running the "enable" command. Also we can keep a enable password or enable secret to restrict access to Privileged mode. An enable secret password uses stronger encryption when it is stored in the configuration file and it is more safe.

The Privileged mode can be identified as shown below

Router#                                                                                              

Global Configuration mode

Global Configuration mode mode allows users to modify the running system configuration. From the Privileged mode a user can move to configuration mode by running the "configure terminal" command from privileged mode. To exit configuration mode, the user can enter "end" command or press Ctrl-Z key combination.

The Global Configuration mode can be identified as shown below.


Router(config)#                                                                               

Global Configuration mode has various submodes, starting with global configuration mode, which can be identified by the (config)# prompt following the router name. Following are the important Global Configuration submodes.

Interface mode (Router physical interface configuration mode)


Router(config-if)#                                                                           

Subinterface mode (Router sub-interface configuration mode)


Router(config-subif)#                                                                     

Line mode (Router line configuration mode - console, vty etc.)


Router(config-line)#                                                                        

Router configuration mode (Routing protocols configuration mode.)


Router(config-router)#                                                                    

Friday, 10 August 2018

Simply Explained Collision & broadcast domain




A Collision domain is, as the name implies, a part of a network where packet collisions can occur. A collision occurs when two devices send a packet at the same time on the shared network segment. The packets collide and both devices must send the packets again, which reduces network efficiency. Collisions are often in a hub environment, because each port on a hub is in the same collision domain. By contrast, each port on a bridge, a switch or a router is in a separate collision domain.

The following example illustrates collision domains

As you can see, we have 6 collision domains.

Each port on a hub is in the same collision domain. Each port on a bridge, a switch or router is in a seperate collision domain.


A broadcast domain is a domain in which a broadcast is forwarded. A broadcast domain contains all devices that can reach each other at the data link layer (OSI layer 2) by using broadcast. All ports on a hub or a switch are by default in the same broadcast domain. All ports on a router are in the different broadcast domains and routers don’t forward broadcasts from one broadcast domain to another.

The following example clarifies the concept.

In the picture above we have three broadcast domains, since all ports on a hub or a switch are in the same broadcast domain, and all ports on a router are in a different broadcast domain.

Wednesday, 8 August 2018

What is Unicast, Multicast and Broadcast




Unicast: 

Unicast is a type of communication where data is sent from one computer to another computer, and in this type of communication, there is only one sender, and one receiver.



Eg:
1) Browsing a website. (Webserver is the sender and your computer is the receiver.)
2) Downloading a file from a FTP Server. (FTP Server is the sender and your computer is the receiver.)

Muticast:

Multicast is a type of communication where multicast traffic addressed for a group of devices on the network. IP multicast traffic are sent to a group and only members of that group receive and/or process the Multicast traffic.
Devices which are interested in a particular Multicast traffic must join to that Multicast group to receive the traffic. IP Multicast Groups are identified by Multicast IP Addresses (IPv4 Class D Addresses)



In Multicast, the sender transmit only one copy of data and it is delivered and/or processed to many devices (Not as delivered and processed by all devices as in Broadcast) who are interested in that traffic.

Eg : Multicast Windows Deployment Services (WDS) OS deployment traffic, IP TV etc


Broadcast

Broadcast is a type of communication where data is sent from one computer once and a copy of that data will be forwarded to all the devices.

In Broadcast, there is only one sender and the data is sent only once. But the Broadcast data is delivered to all connected devices.



Switches by design will forward the broadcast traffic and Routers by design will drop the broadcast traffic. In other words, Routers will not allow a broadcast from one LAN to cross the Router and reach another Network Segment. The primary function of a Router is to divide a big Broadcast domain to Multiple smaller Broadcast domain.

Example: ARP Request message, DHCP DISCOVER Message

Monday, 6 August 2018

How to connect and access a Router or a switch using console connection

Every Cisco router or a switch has a console port (also known as the management port) on its back side.  Console port is used to connect a computer directly to a router or switch and manage the router or switch since there is no display device for a router or switch . The console port must be used to initially to install routers onto because there is no network connection initially to connect using SSH, HTTP or HTTPS. Normally router console port is a RJ45 port. The following picture shows a console port on a router.



A special type of cable, known as roll over cable is used to connect the Serial/COM port of the computer to the router or switch console port. One end of the cable is RJ49 type and a DB9 to RJ45 converter is molded on the other end. A picture of the console cable is shown below.





IF YOUR COMPUTER DOESNT HAVE A SERIAL PORT

If you have a new computer or laptop, there is a chance that you may not have a serial port in your computer. The new computers or laptops sold today do not include serial or printer ports. The serial ports have been replaced by Universal Serial Bus (USB) ports.


If you want to connect to the console port of your router or switch, you will need to use a USB to Serial Adapter. The USB to Serial adapter may not be plug-and-play. You need to install the corresponding drivers also for these adapters. A typical USB to Serial adapter with console cable is shown below.


TERMINAL EMULATOR SOFTWARE CONFIGURATION


PUTTY is a 3rd party terminal emulator software used to access the Switch or Router.

Configuration: 

connect the console cable with Cisco Router or Swtich, double click putty.exe to execute it. Expand Connection > Serial. Enter the port number inside "Serial line to connect to" text box. to check this go to device manager in your computer




The port number is COM1 in below example. The port number may be different in your computer. Enter the correct port number when you connect from your computer. Enter other values also as shown below.

• Bits per sec: 9600

• Data bits: 8

• Parity: none

• Stop bits: 1

• Flow control: none





Click Session and click "Serial" radio button. Verify whether you can see the port number and the baud rate (9600) you had selected before. Click "Open" to connect to Cisco Router or Switch IOS.


3) PuTTY is connected to Cisco IOS and now you can configure, monitor or manage a Cisco Router or Switch using putty.



Wednesday, 1 August 2018

How to Convert File system from FAT to NTFS



To convert a FAT partition to NTFS, perform the following steps.

Start ---> RUN ----->. Type  CMD



At the command prompt, type,

CONVERT [driveletter]: /FS:NTFS

Convert.exe will attempt to convert the partition to NTFS.


NOTE: Although the chance of corruption or data loss during the conversion from FAT to NTFS is minimal, it is best to perform a full backup of the data on the drive that it is to be converted prior to executing the convert command. It is also recommended to verify the integrity of the backup before proceeding, as well as to run RDISK and update the emergency repair disk (ERD).

Friday, 11 May 2018

Windows Server 2016 Minimm Hardware Requiremnts



CPU:

A minimum of 1.4 GHz 64-bit EMT64 or AMD64 processor. Quad Core Recommended for production systems.
Support for security features like NX Bit and DEP (Data Execution Prevention)
 The processor should support CMPXCHG16b, LAHF/SAHF, and PrefetchWNeeds
Needs to Support EPT or NPT (Second Level Address Translation)


Disk Space:

For Core installation, a minimum Disk Space of 32 GB is required. Additional 4 GB is necessary for GUI installation.

Disk Space Capacity Planning:

Microsoft Support recommends the following:

3 times the RAM size limited up to 32 GB. Which means 96 GB (32×3 = 96 GB)
Additional disk space of 10-12 GB for additional roles and features installed based on server roles. For 32 GB Systems with GUI (96 + 12 = 108 GB)
Additional 10 GB is required for Windows Updates. So, 108 GB +10 GB = 118 GB for 32 GB Systems.
10 GB extra space for miscellaneous files and logs (Perfmon, Server Trace, etc.) (128 GB for 32 GB Systems)
Any Disk Space requirements for applications that are installed on the OS partition are additional. For example SQL, Exchange, SharePoint MS-CRM, etc.


Storage Controller:

Needs to be a PCI Express Compliant Disk Controller.
ATA/PATA/IDE/EIDE are not supported for either boot, page, or data.
RAM (Random Access memory) Requirements:
512 MB ECC supported Memory Modules
800 MB for VM Installations, post-installation, reduce RAM to 512 MB.
Optional System Requirements Features:
Support of UEFI 2.3.1c-based system and firmware with support for secure boot
Trusted Platform Module
Graphics Accelerator device and monitor, capable of SVGA (1024 x 768) minimum. 1080 p monitors or higher-resolution recommended.
Input devices such as a Keyboard and Microsoft® mouse (or other compatible pointing devices)
Internet access to download Windows Updates where the tenant is managing the updates.


Network :

Minimum a Gigabit Ethernet adapter with 1 Gbps throughput.
Needs to be PCI Express Compliant hardware.
Supports Pre-boot Execution Environment (PXE).As you may know, Wireless Devices cannot be used to boot from the network.
Some of the requirements have changed compared to its predecessor, but most of the changes are already available in hardware that is sold in the market. For example, the processor feature requirements are already present in products sold for the last couple of years.

 
Powered by Blogger