24 May 2013
I’ve uploaded another little Powershell script to GitHub, as a module this time!
It’s called backupDhcpLogs and it tries to do what it says on the tin. Of course, if you couldn’t read the tin, it’s a module to back up DHCP logs.
Currently it backs up the previous days of logs to a destination you specify and will also remove logs from the destination that are older than a number of days you specify. There is also the option to back up the DHCP server configuration if you so wish.
However, I’ve got some more work to do on it. I’d like to offer an option to back up all the logs that exist, while managing them in the same way. Additionally, I would also like to offer a slightly more modern backup method using ‘Export-DhcpServer’ or ‘Backup-DhcpServer’, and not ‘netsh’.
I also had to remove a check for the DHCP Server Windows feature from the module, as it was stopping it from running when using the ‘Run whether the user is logged in or not’ option in the task scheduler. It’s something I’ll figure out eventually, then put the functionality back in.
24 Apr 2013
Here are two podcasts I have absolutely no reservations in recommending to anyone interested in how the world works or the magic of discovery. Their websites will do a better job of explaining it than I can, so here they are!
RadioLab
Caustic Soda
I’ve got some upcoming content on System Center 2012, focussing mostly on Service Manager, as there isn’t too much content out there. It’s almost like the black sheep of the System Center 2012 family, although that might change when/if either Sharepoint 2010 gets updated to support Server 2012, or Service Manager gets updated to support Sharepoint 2013.
There will also be some little bits on Operations Manager and maybe some things that apply to any System Center product, or SQL Server.
25 Feb 2013
If you have problems with your Mac not playing nicely with network resources after sleep, you may find adding the following managed preference useful. It makes the mac prompt for a password after coming out of screensaver/sleep.
Unfortunately, there’s no GUI checkbox or anything for this setting in Workgroup Manager, so I’ve taken a screenshot and highlighted the required setting.
14 Feb 2013
After getting our Macs into Active Directory with nice managed preferences, I ran into a few problems, first of which was slow logons.
To fix it, I had to make a change on each machine to disable the Bonjour service advertisements. This made .local DNS lookups much faster and solved a lot of issues with users not being able to log on, or logons taking a very long time. This appears to contradict the behaviour described here, although it could just be my particular environment. The important bit says:
In Mac OS X v10.6, as long as your network's DNS server is properly configured, you do not have to make any changes on your client Mac. Host names that contain only one label in addition to local, for example "My-Computer.local", are resolved using Multicast DNS (Bonjour) by default. Host names that contain two or more labels in addition to local, for example "server.domain.local", are resolved using a DNS server by default. Additionally, Mac OS X v10.6 automatically detects when the local network operator has set up a name server that will answer name requests for a domain ending in ".local". It does this by checking to see if there is a Start Of Authority (SOA) record for the top level domain "local", which is how a DNS server indicates that it claims to have authority over a part of the DNS namespace. As long as the DNS server is properly configured with the required SOA record, Mac OS X v10.6 will detect this SOA record and automatically use this server to look up all host names in the domain.
From: Mac OS X v10.4, 10.5, 10.6: How to look up “.local” host names via both Bonjour and standard DNS - http://support.apple.com/kb/HT3473
The change I made is also on the apple support knowlegebase, but I have listed it below if it disappears from the apple site (as pages often seem to do). You will need to edit the following file as an administrative user. You should probably make a backup of this file first, as breaking it can apparently prevent your Mac from starting up.
/System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
You will need to add the following line to the file, on the line before the declaration for the end of the array:
<string>-NoMulticastAdvertisements</string>
This should make the file look as follows.
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/mDNSResponder</string>
<string>-launchd</string>
<string>-NoMulticastAdvertisements</string>
</array>
Once you’ve saved the file, reboot the Mac. You can probably just reload mDNSResponder, but that’s what I did.
The second issue was more my fault than anything else and relates to a permissions issue I was having with network storage.
If you’re going to offer network attached storage to your Macs for home folders or shared storage, the user must have read permissions at the root of the share. The permission doesn’t need to apply to sub-folders, so you can still manage permissions in a secure way; although it’s a little strange as Windows XP and 7 machines don’t seem to need it. I just chalked it up to an implementation difference in SMB, made the changes and left it at that.
I’ll probably do a post on managed printing and printing to a Windows print server in the near future, but I’ve got to iron out a few more issues and get it all sorted out before I put it all together.
22 Jan 2013
There has been a couple of updates to the shadowGroupSync tool over the past few days. Apart from a bit of development, I also I went and threw it to GitHub. You can check out my previous posts on it, or grab the latest version. There’s also a development branch in the repository that lets you choose the type of group to create. UPDATE: The features from the development branch are now all in the stable version.
The stable branch has also had a few features added and a couple of little snags fixed. The main new feature is the ability to specify multiple source organisational units for inclusion into a single shadow group. These changes make the utility very useful for generating distribution lists or access groups based on whatever conditions you want; like employee type, manager, or existing group memberships.
The stable ‘master’ branch is essentially the script use myself on a day to day basis, so it should work fine for you. However, as with all things not done yet, the development branch ‘next’ may be unstable. If downloading it sets your computer/server/domain/datacenter on fire (delete as appropriate), that’s got nothing to do with me.