Archive for the ‘Registry’ Category

Active Directory quick queries

Saturday, January 31st, 2015

Here is reference to a few quick AD queries.

Dump of AD:

List of Domain Controllers:

List of FSMO holders:

List of Global Catalog holders:

List of Sites:

Site where myDC belongs:

List of preffered bridgeheads:

Domain Controller which authenticated my:

All users:

Total number of users:

All active users:

Locked users:

Restricting Active Directory replication traffic to the fixed ports

Wednesday, January 28th, 2015

Overview:

Except of well known ports such 389 TCP/UDP, 636 TCP, 3268 TCP, etc. (full overview is here) Active Directory uses a few ones from dynamic pool for replicaton purposes. If we don’t have strict security policy where is allowed only explicity defined traffic in firewalls we can leave default configuration of communication between domain contollers:

1024  – 65535 TCP Dynamic RPC W2K/W2K3

49152 – 65535 TCP Dynamic RPC W2K8+

However if we would like to have more control over AD and SYSVOL replication we can limit above scope to our needs:

#1. Restricting Active Directory replication traffic to exemplary 5000 TCP port (0x1388):

#2a. Restricting SYSVOL FRS traffic to exemplary 5050 TCP port (0x13ba):

#2b. Restricting SYSVOL DFS-R traffic to exemplary 5050 TCP port:

#3. RPC dynamic port allocation to exemplary 6000 – 6050 TCP port pool:

Practice:

Common operation issues in complex environments, like Event 1722: “The RPC server is unavailable”, are sometimes caused by FW restrictions where are allowed traffics on fixed ports only instead of full RPC dynamic pool. For example just promoted domain controller with default configuration is trying to replicate with remote partner located behind FW via dynamically assigned 49157 TCP port where design of replication topology strictly defines 5000 TCP for example and it is implemented on all DCs and FWs.

To check what ports are used for replication purposes simply query 135 TCP enpoint mapper of each domain contoller. It looks like as follow using portqry.exe:

and in the result try to find section: MS NT Directory DRS Interface to check AD replication ports:

and: Frs2 Service to check DFS-R port:

To find out if above RPC ports are fixed or not simply query registry settings of this domain controller:

Restricted Active Directory replication traffic:

RPC dynamic port allocation:

 

Reference articles:

How to configure a firewall for domains and trusts

Active Directory Replication Over Firewalls

Restricting AD Replication Traffic between DCs to only a few ports

Service overview and network port requirements for Windows

Using PORTQRY for troubleshooting

 

VBS scripts to query everything

Wednesday, December 24th, 2014

There are a few simple scripts developed by me to automate somehow regular reporting against set of servers. Result is usually presented in csv file to use it quickly in Excel or similar calculation software.

Scripts to query WMI:

Script to report installed roles and features:

getRoles.zip

usage: cscript /nologo getRoles.vbs servers.txt

Example of input file: servers.txt

Example of output file: getRoles_26-09-2014_12-30-14.csv

Script to report info about installed services:

getServices.zip

usage: cscript /nologo getServices.vbs servers.txt

Example of input file: servers.txt

Example of output file: getServices_19-11-2013_07-30-15.csv

Script to report information about capacity of local disks:

getCapacity.zip

usage: cscript /nologo getCapacity.vbs servers.txt

Example of input file: servers.txt

Example of output file: getCapacity_01-10-2013_13-01-51.csv

Script to report activation status:

getActivationStatus.zip

usage: cscript /nologo getActivationStatus.vbs servers.txt

Example of input file: servers.txt

Example of output file: getActivationStatus_17-06-2013_10-12-18.csv

Script to report about sharings:

getSharings.zip

usage: cscript /nologo getSharings.vbs servers.txt

Example of input file: servers.txt

Example of output:

Scripts to query registry:

Script to report installed software:

getSoftware.zip

usage: cscript /nologo getSoftware.vbs servers.txt

Example of input file: servers.txt

Example of output file: getSoftware_12-06-2013_13-51-58.csv

Script to report status of WSUS:

getWSUS.zip

usage: cscript /nologo getWSUS.vbs servers.txt

Example of input file: servers.txt

Example of output:

Scripts to query LDAP:

Script to enumarate groups where user, specified in input file, belongs to directly (nesting level = 0) and indirectly (nesting level > 0):

getMemberOf.zip

usage: cscript /nologo getMemberOf.vbs users.txt

Example of input file: users.txt

Example of output:

Feel free to use them.