Automating Untrusted Forest Discovery

So I ran upon a case that is woefully undocumented in Configuration Manager – Scripting the discovery of an new untrusted forest. What little information exists about automating discovery assumes a trust relationship between all domains. As we all know, in the real world this isn’t always possible. Fortunately, with the use of WMI and a great deal of help from the SMSProv.log, I’ve worked out a method to add a new untrusted forest. The trick was running the ImportGlobalUserAccount method to turn the local account into a global account. I kept getting stuck trying to use the SMS_SC_Reservered_SDK class to create the global account. (If other folks are having this problem, stop. You can’t do it.) For reference, here’s my powershell code sequence. You will need similar code for User, System and Group discovery, but instead of updating the site definition table, I believe you’ll want to update the SMS_SCI_Component table. But I’m still working that out…

BTW – Another good reference is Dexter Posh’s blog, http://www.dexterposh.com/2014/02/powershell-sccm-2012-r2-discovery.html.

Good luck!
Greg


# create new forest
$NewForest = $([WMIClass] "\\xxxxxxxx\ROOT\SMS\Site_xxx:SMS_ADForest").CreateInstance();
$NewForest.Account = "JUNK10\NOUSER10";
$NewForest.Description = "JUNK10\NOUSER10";
$NewForest.EnableDiscovery = 1;
$NewForest.ForestFQDN = "junk10.local";
$NewForest.PublishingPath = "";
$NewForest.Put();


# add account to site definition
$ns = "ROOT\SMS\Site_xxx"
$sitedef = gwmi -Namespace $ns -Class SMS_SCI_SiteDefinition;
$sitedef.get();
$NewAccount = $([WMIClass]"\\xxxxxxxx\ROOT\SMS\Site_xxx:SMS_EmbeddedProperty").CreateInstance();
$NewAccount.ItemType = "";
$NewAccount.PropertyName = "GlobalAccount:JUNK10\NOUSER10";
$NewAccount.Value = "0";
$NewAccount.Value1 = "JUNK10\NOUSER10";
$NewAccount.Value2 = "plaintext";
$NewAccount = [System.Management.ManagementBaseObject] $NewAccount;
$sitedef.props += $NewAccount;
$sitedef.Put();


# create global account
$pwclass = [WMIClass]"\\xxxxxxxx\ROOT\SMS\Site_xxx:SMS_Site";
$param = $pwclass.GetMethodParameters("ImportGlobalUserAccountEx");
$param.UserName = "JUNK10\NOUSER10";
$param.Password = "plaintext";
$pw = $pwclass.InvokeMethod("ImportGlobalUserAccountEx",$param,$null);

Fundamentals

Earlier this week, I watched one of the most disappointing performances that I can remember.  This performance occurred during the NCAA Men’s Basketball tournament.  For those of you who didn’t see the game, the Northern Iowa Panthers lead by 12 points over the Texas A&M Aggies with 35 seconds left in the game.  In basketball, this is about as close as you can get to a sure victory.  However, Texas A&M outscored Northern Iowa by 14-2 over the last few seconds of the game, sending the game to overtime.  Two overtime periods later, Texas A&M claimed the right to advance in the tournament while Northern Iowa’s season came to an end.

These type of performance breakdowns beg the question, “How could this happen?” A number of items worked against the Panthers.  Northern Iowa is a small school from a second tier conference; Texas A&M is an SEC powerhouse.  Texas A&M was a 3-seed; Northern Iowa, and 11-seed.  By all measures, Texas A&M was supposed to easily win this game.  But against the odds, the Panthers performed at a high level, and for 39 minutes and 25 seconds, Northern Iowa was the better team.  At the point where they could claim a great accomplishment, their effort fell apart.

In the end, it came down to a failure to execute the fundamentals. Continue reading

SQL Divide By Zero

Here’s a fix for a divide by zero problem I was encountering in SQL.  I am trying to check for a low free drive space condition by calculating the percent free,

SELECT 100 * ROUND ( vol_free_mb / vol_total_mb, 5 )
FROM dataset
WHERE vol_free_mb / vol_total_mb < 0.25

StackOverflow suggested the use of the NULLIF and COALESCE statements.  The SQL division will return a NULL if the divisor is NULL.  The COALESCE statement will return a valid value if the condition is triggered.  In this case, I decided to trigger the alert because I always want to know when something funny is going on.

SELECT 100 * ROUND ( COALESCE ( vol_free_mb / NULLIF(vol_total_mb,0), 0 ), 5)
FROM dataset
WHERE COALESCE ( vol_free_mb / NULLIF(vol_total_mb,0), 0) < 0.25

 

When Disaster Strikes

Are you prepared?

No, I’m not talking about the upcoming zombie apocalypse or a [insert candidate’s name here] presidency.  While these are important considerations, let’s keep the conversation technical.  Let’s talk about your data.

First question, do you have any critical data?  If I were to say that all of the information on your computer was going to be irrevocably erased in 1 hour, does a streak of pain shoot through your body?  Does the mental image of a photo album or Quicken file instantly appear in your head?  If so, this is a sign you might have a problem.

As with most things, the first step to recovery is simply realizing the problem.  But what do you do next?  Several different approaches, and a multitude of software, exist to backup data.  As you explore options to protect your data, a couple of items become clear.

First, data backup is not fire-and-forget.  If you are expecting to install a software package and never follow-up, please just go ahead and throw your hard drive in a shredder.  It’ll save you time.

Secondly, good disaster recovery plans don’t happen by accident.  Developing a DR plan requires several, intentional steps.  Continue reading

Robocopy – Copy This!

From time to time, Windows professionals must copy large amounts of data from one volume to another.  Many technicians take the easy route and simply drag and drop individual files and folders.  Oh, and by the way, they also lose time and drive up costs for their company because they have to babysit the process.  If you want to save yourself time and become a more valuable engineer, Robocopy is a tool you will want to add to your repertoire.

Robocopy may be run from a either a Command prompt or a PowerShell prompt.  I recommend that you run Robocopy from PowerShell, as you will eventually want to create PowerShell scripts.  The basic form of Robocopy is,

robocopy  <source directory> <destination directory> <files> <options>

The source directory is the location of the files to be copied.  The destination directory is the place where you want the files.  The files argument specifies a DOS file matching parameter, for example, all executable files would match “*.exe”.  The files argument may be omitted, in which case all files would be copied, i.e., the matching pattern of “*.*” is assumed.

So for example, if we wanted to copy the files located in Sally’s documents folder to an external drive mounted on the F: drive, the Robocopy command would be,

robocopy c:\Users\Sally\Documents f:\

The options argument allows you to modify the default manner in which Robocopy operates, and here we begin to see the real power of Robocopy.  Some of the more commonly used options are,

/e – Copy all subdirectories, including empty directories

/z – Copy files in Restart mode.  This is useful if you are copying large files over an unstable network.  If disconnected, Robocopy picks up where it left off.  In my experience, Robocopy performs slower when using this option. You don’t need to use it if you are on a stable network.

/b – Copy files in Backup mode.  Allows an administrator to assert a “backup right” and copy files with denied readability to the administrator.

/copy:<copyflags> – Specify file properties to be copied.  Values for this options include D (Data), A (Attributes), T (Time Stamps), S (NTFS ACL), O (owner information), and U (Auditing information).  The default for <copyflags> is DAT.

/purge – (DANGER) Deletes destination files and directories that no longer exist in the source.

/mir – (DANGER) Mirrors a directory tree.  Equivalent to /e /purge.

/move – (DANGER) Moves files and directories, and deletes from the source.

/xf <filename> – Excludes files that match a specified name (wildcards are allowed).

/xd <dirname> – Exclude directories that match a specified name (wildcards are allowed).

/r:<n> – Specify the number of retries on failed copies.  The default is one million, you will want to set this to something less, like /r:1.

/w:<n> – Specify the wait time in seconds between retries.  The default is 30 seconds.  You will probably want to set this to something less, like /w:1.

/l – List the operations to be performed.  No actions are taken.  This is very useful if you’re not sure what Robocopy is going to do.

/log:<logfile>– Send output to a log file instead of standard output.

/tee – Send output to standard output as well as the log file.

Extending the previous example, let’s say that Sally’s Documents directory possessed a number of subdirectories.  Also, we don’t want to copy any executable files, and we want to log the output.  The Robocopy command would be,

robocopy c:\Users\Sally\Documents f:\ /e /r:1 /w:1 /xf *.exe /log:f:\logfile.txt

This is only a small fraction of the options available with Robocopy.  See the TechNet website for a full description of the Robocopy command.  If you find a new or interesting use for Robocopy, please add to the comments for all of us to admire!!!

https://technet.microsoft.com/en-us/library/cc733145.aspx

 

 

Don’t Kermit

 Kermit the Frog (n.) The name of the bright green frog that is one of the central characters of the Muppets.

Kermit (v.) The reaction of a computer user to particularly distressing system issue.  This reaction is accompanied by a loud scream and an uncontrollable flapping of the arms.

The other day I was packing up my stuff to leave the office when the phone rang. Phone calls toward the end of the day are not usually good.  More often than not, an early evening phone call means a user with a tight deadline has discovered trouble.  No worries, though.  This is what we do.

For all you newbies in tech support, here’s a tip.  You can always infer the seriousness of the problem by the speed of the user’s speech.  For example, if the user describes the problem in a rapid manner, but stays under control, the problem is significant and important.  However, if the user is speaking so fast that they skip words and cannot complete a single thought, the problem is destroying the user’s world, and they are experiencing sheer panic.

Tonight’s user was nearing full-blown Kermit the Frog mode, and I completely understood why.

In the computer world, few things compare with the frustration of being unable to access your backups.  After all, the backup is your security blanket.  You see the little icon chugging away as you do your work, protecting you from trouble.  No matter what happens, no matter how bad it get, you can always go back in time and start over.

Then it happens, the computers turn on you.  Your files disappear.  But you don’t worry because you were smart enough to have a Plan B. 

And then things get worse… Continue reading

Fiber Cheat Sheet

This is a cheat sheet on fiber optics that I put together for CMA.  Please let us know if you find it helpful.  Also, any comments regarding items we left off would be awesome.

Fiber Cable Types

These are the optical cable types that we most commonly encounter. The principal difference between the types is the recommended speed. We almost always utilize OM2 and OM3 cable types.

Type Mode Diameter
(inside/outside)
Laser
Wavelength
Recommended
Speed
OM1 Multimode 62.5/125 micron 850 nm or 1310 nm 100 Megabit
OM2 Multimode 50/125 micron 850 nm or 1310 nm 1 Gigabit
OM3 Multimode 50/125 micron 850 nm or 1310 nm 10 Gigabit
OS1 Single 9/125 micron 1310 nm or 1550 nm 1 Gigabit and faster

SFP Transceivers (mini-GBIC)

The switches and routers that we commonly deal with require the addition of a SFP Transceiver (or mini-GBIC) in order to accept the Fiber connection.  The type of transceiver is dependent on the required speed and distance of the transmission.  Both sides of the Fiber connection must have the same transceiver type.  Transceivers for 10 Gigabit applications are ofter referred to as SFP+.  The designation “LH” is frequently used.  “LH” could be LX, EX, or ZX depending on the vendor.  You have to check the specs.

Also, transceivers with wavelength of 850nm may be referred to as “shortwave” transceivers.  Those with wavelength of 1310nm or higher may be referred to as “longwave” transceivers.

Type Mode Laser
Wavelength
Maximum
Distance
Maximum
Speed
FX Multi 1310 nm 2 km 100 Megabit
SX Multi 850 nm 550 m Gigabit Ethernet
LX Multi 1310 nm 550 m Gigabit Ethernet
LX Single 1310 nm 5-10 km Gigabit Ethernet
LH40 Single 1310 nm 40 km Gigabit Ethernet
EX Single 1310 nm 40 km Gigabit Ethernet
ZX (LH) Single 1550 nm 80 km Gigabit Ethernet
SR Multi 850 nm 400 m 10 Gigabit Ethernet
LRM Multi 1310 nm 220 m 10 Gigabit Ethernet
LR Single 1310 nm 10 km 10 Gigabit Ethernet
ER Single 1550 nm 40 km 10 Gigabit Ethernet

Fiber Connection Type

Below are the most commonly used fiber connection types.  The connection types can be used with either single or multimode uses.

ST (an AT&T Trademark) is the most popular connector for multimode networks, like most buildings and campuses. It has a bayonet mount and a long cylindrical ferrule to hold the fiber. Most ferrules are ceramic, but some are metal or plastic. And because they are spring-loaded, you have to make sure they are seated properly. If you have high loss, reconnect them to see if it makes a difference.
FC/PC has been one of the most popular singlemode connectors for many years. It screws on firmly, but make sure you have the key aligned in the slot properly before tightening. It’s being replaced by SCs and LCs.
SC is a snap-in connector that is widely used in singlemode systems for it’s excellent performance. It’s a snap-in connector that latches with a simple push-pull motion. It is also available in a duplex configuration.
LC is a new connector that uses a 1.25 mm ferrule, half the size of the ST. Otherwise, it’s a standard ceramic ferrule connector, easily terminated with any adhesive. Good performance, highly favored for singlemode.

 

A Mile-High Hack

(reprinted from the Metro Spirit 03-01-16)

The meeting went long, too long if you ask my opinion, but we ended up getting everything that we needed to continue the project.  Believe it or not, I’m looking forward to the trip home.  The San Jose to Atlanta flight should give me enough time to catch up on email and do some birthday shopping.  A year ago, I’m not sure if any carrier had Wi-Fi during their flights.  Now, it seems like they all do.  It’s a nice touch…

The popularity of in-flight Wi-Fi has skyrocketed.  With virtually everyone carrying a mobile device, the airlines were a great big dead spot.  Services such as GoGo wireless and Global Eagle Entertainment have filled this coverage gap.  The airlines are quick to point out these services when trying to differentiate service.   

Last month, my family flew to Denver on Southwest Airlines.  Like most airlines, Southwest provides Internet access for a fee ($8).  Of course, this Internet access isn’t the greatest – Southwest utilizes satellite-based communications that limit bandwidth to 40 Mbps per plan – but it’s good enough for email and Facebook.  In addition, Southwest provides a number of free services, including 19 channels of live TV and on-demand streaming of other TV episodes.  The in-flight Wi-Fi proved extremely effective in keeping my kids and, more importantly, my wife entertained during the 3-1/2 hour flight.

I have to admit, it was tempting to close the Word document I was editing and watch a movie.  But in the end, I decided to keep the Wi-Fi of my work laptop turned off.  If you need an explanation, look no further than Steven Petrow, a columnist for USA Today. Continue reading