Pages

Monday 11 July 2011

Computer / Active Directory Queries

You can use Queries in Active Directory:

All Users
(&(objectCategory=person)(objectClass=user)(name=*))
All Current Users
(&(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)))
All Computers
(&(objectCategory=computer)(name=*))
All Groups
(&(objectCategory=group)(name=*))
XP Machines with SP2
(&(&(&(&(objectCategory=computer)(operatingSystem=Windows XP Professional)(operatingSystemServicePack=Service Pack 2)))))
Non Expiring Accounts
(&(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536)))
Disabled Users
(&(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2)))
Locked Out Users
(&(&(&(objectCategory=person)(objectClass=user)(lockoutTime:1.2.840.113556.1.4.804:=4294967295))))

You can vbs/wmi script to interogate each computer for their service pack with the following:

' OperatingSystem.vbs
' VBScript WMI to document your Operating System
' Author Guy Thomas http://computerperformance.co.uk/
' Version 1.4 - November 2010
' -------------------------------------------------------'
Option Explicit
Dim objWMIService, objItem, colItems
Dim strComputer, strList

On Error Resume Next
strComputer = "COMPUTER_NAME"

' WMI Connection to the object in the CIM namespace
Set objWMIService = GetObject("winmgmts:\\" _
& strComputer & "\root\cimv2")

' WMI Query to the Win32_OperatingSystem
Set colItems = objWMIService.ExecQuery _
("Select * from Win32_OperatingSystem")

' For Each... In Loop (Next at the very end)
For Each objItem in colItems
WScript.Echo "Machine Name: " & objItem.CSName & VbCr & _
"===================================" & vbCr & _
"Processor: " & objItem.Description & VbCr & _
"Manufacturer: " & objItem.Manufacturer & VbCr & _
"Operating System: " & objItem.Caption & VbCr & _
"Version: " & objItem.Version & VbCr & _
"Service Pack: " & objItem.CSDVersion & VbCr & _
"CodeSet: " & objItem.CodeSet & VbCr & _
"CountryCode: " & objItem.CountryCode & VbCr & _
"OSLanguage: " & objItem.OSLanguage & VbCr & _
"CurrentTimeZone: " & objItem.CurrentTimeZone & VbCr & _
"Locale: " & objItem.Locale & VbCr & _
"SerialNumber: " & objItem.SerialNumber & VbCr & _
"SystemDrive: " & objItem.SystemDrive & VbCr & _
"WindowsDirectory: " & objItem.WindowsDirectory & VbCr & _
""
Next
WSCript.Quit

' End of WMI Win32_OperatingSystem VBScript
Posted by at No comments:

err-disbaled cause loopback

One of our Port channel ports came up as err-disbaled with the cause stated as "loopback". This in turn put the portchannel into the err-disbaled state and caused the spanning tree backup port to become active.

(config)#do sh inter status err
Port      Name               Status       Reason               Err-disabled Vlans
Gi0/22    PORT channel 1 to  err-disabled loopback
Port channel config which shows the interface gig0/22 is in the down state.

#sh ether sum
Flags:  D - down        P - bundled in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      f - failed to allocate aggregator
        M - not in use, minimum links not met
        u - unsuitable for bundling
        w - waiting to be aggregated
        d - default port

Number of channel-groups in use: 1
Number of aggregators:           1
Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
1      Po1(SU)         LACP      Gi0/21(P)   Gi0/22(D)

Here is the spanning tree output that shows the alternate interface gig0/23 is now the prefered path to the root. The cost of the link for the port channel has also increased to 20000, normally it is 10000, which means it will be chosen as the root as the cost is lower.

MST1
  Spanning tree enabled protocol mstp
  Root ID    Priority    4097
             Address     0021.915e.1900
             Cost        20000
             Port        23 (GigabitEthernet0/23)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     a40c.c315.ba80
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/23              Root FWD 20000     128.23   P2p
Po1                 Altn BLK 20000     128.56   P2p
The reason for the lookback error to disable the interface is because the interface sends out periodic keepalive messages and if the interface recieves one of its own keepalives back it will put the interface in a err-disabled state and assume that there is a loop in the network.

This is not the case in our situation as the layer 2 layout and final active topology is well understood. The issue may be occuring due to the compatibility between the DLINK and Cisco switches. More investigation will need to be done to verify this.

So how do we re-enable the interface that is in the err-diabled state and restore the layer 2 topology.
You can set the err-recovery cause for the loopback err-disbaled state by using

(config)#errdisable recovery cause loopback

and then setting the interval time to wait before re-enabling the interface, (seconds)

(config)#errdisable recovery interval 200

In our case though I decided to disable keepalives on both interfaces in the port channel so this error will not occur and the layer 2 topology will remain contsant. Port channel will be the root port for spanning tree and will be in a forwarding state.

(config)#interface gig0/21
(config-int)#no keepalives
(config)#interface gig0/22
(config-int)#no keepalives

Then you have to shudown the err-diabled port and then renable is with the no shutdown command. This will bring the port channel group out of the err-disabled state and resume the appropriate layer 2 topology.

#sh span mst 1
##### MST1    vlans mapped:   2-3,500,600,605,900
Bridge        address a40c.c315.ba80  priority      32769 (32768 sysid 1)
Root          address 0021.915e.1900  priority      4097  (4096 sysid 1)
              port    Po1             cost          10000     rem hops 19
Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi0/23           Altn BLK 20000     128.23   P2p
Po1              Root FWD 10000     128.56   P2p

Link:
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00806cd87b.shtml
Posted by at No comments:
Labels: , ,

Hot Standby Routing Protocol (HSRP)

Hello times are 3 seconds
Hold timers are 10 seconds

Simple config of VLAN 10
interface Vlan10
ip address 172.16.10.3 255.255.255.0
standby 1 ip 172.16.10.1
standby 1 priority 150
standby 1 preempt

If the proirity are the same the neighbour with the highest IP wins.
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)