FSR TO DFS SYSVOL Migration on Windows Server 2012

Lab:

Windows 2012 AD Services

Functional Level 2003 raised to 2008 R2

CHECK BASICS

on domain controllers issue

net share – check if the sysvol are shared

repadmin /replsum – to check if the synchronization is working

regedit then HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters then check that entry SysvolReady is 1. You need to check on all domain controllers.

services.msc – check if the DFS Replication in the extended tab is set up Automatic Startup

MIGRATE FUNCTIONAL LEVEL

In my case I was on 2003 so had it raise it to 2008 (2008 R2).

First Make sure that all your AD server are within the level you raise.

So if you raise to 2008 R2 all your AD servers need to run at least Windows Server 2008 R2

Administrative Tools Folder -> Active Directory Domains and Trusts  Right click on domain then click on Raise domain functional leven Then choose the one you want from the list. Click Raise. This should only take few second. Once done on Primary AD the changes should be made to all of them.

to check which your DC is Primary issue

nltest /dclist:domain.int 

You will see that one of your DC has got [PDC] flag which means it’s primary

MIGRATE THE DOMAIN TO THE PREPARED STATE

BACKUP FIRST

Check install role Windows Server Backup from Add role control panel. It should on the second list of services after you press Next first time.

To make a state backup run: https://technet.microsoft.com/en-us/library/cc742124.aspx

wbadmin start systemstatebackup -backupTarget:\\myshare\dc1

Wait until backup is finish it may take some time.

SET GLOBAL STATE ON PDC DOMAIN CONTROLLER IDEALLY (Make sure it’s not RODC) (Read-only)  https://blogs.technet.microsoft.com/askds/2011/10/28/friday-mail-sack-they-pull-me-back-in-edition/#netdom

Use the command below firs to check then move it says Start dfsrmig /setglobalstate 1

Do not progress further until all domain controllers are showing “Prepared” state

check using

dfsrmig /getglobalstate

THIS PROCESS MAY TAKE SOME HOURS/DAYS

 

 

Advertisements

How to install multiple packages with Ansible

The below is my task example used in ansible-playbook of how you can install multiple packages in Debian use ‘yum’ in redthat/centos distros.

The below install bind (Dns) packages and it’s making sure that the bind9 is started


# This playbook contains common plays that will be run on all nodes.

- name: Is Bind Installed?
  apt: name={{ item }} state=installed
  with_items:
   - bind9
   - bind9-doc
   - dnsutils

- name: Is Bind Started?
  service: name=bind9 state=started

How to create directory and make sure that the permission are correct using Ansible

The below is an example of what you can enter in your task/main.yml file if you are using ansible-playbook command

The below will create multiple directories if does not exist and it will make sure that the permission are correct.


---
### This is main task for DNS Slave servers

- name: Make sure that directories for Slave servers exists
  file:
   path: '{{ item }}'
   state: directory
  with_items:
   - /var/cache/bind/Data
   - /var/cache/bind/Slave
   - /var/cache/bind/Slave.rev
   - /var/log/named

- name: Make sure that directory have got correct permissions
  file:
   path: '{{ item }}'
   owner: bind
   group: bind
  with_items:
   - /var/cache/bind/Data
   - /var/cache/bind/Slave
   - /var/cache/bind/Slave.rev
   - /var/log/named

 

 

How to select default editor in Linux / MC

 

Make sure that your choose editor exist or install apt-get install vim / yum install vim

then

export EDITOR=vim

Open up MC (Midnight Commander) if you are using then

$mc

then F9 -> Option -> Configuration and untick – select internal edit for view and edit.

The next time you will edit f4/or view f3 file in mc it will open in VIM or your selected editor

Ansible – Getting Started

Generate a key on your local host

ssh-keygen -t rsa -b 4096 -C “youruser@myemail”

Add your public key id_rsa.pub into the remote host under the .ssh folder into authorized_keys

Create a hosts file

[all]

192.168.1.1

Run ansible to check

ansible -i (for inventory) hosts all -m ping – Check ping for all host in the all group.

Testing Postfix after installation with Clamav and Spamassasin

Tools

http://www.jetmore.org/john/code/swaks/latest/doc/ref.txt

http://www.postfix.org/

http://spamassassin.apache.org/

https://www.clamav.net/

Test files

http://www.eicar.org/86-0-Intended-use.html

touch sample-virus-simple.txt

http://spamassassin.apache.org/gtube/gtube.txt

touch sample-spam-GTUBE-junk.txt

Normal Message test

swaks –to testuser@yourdomain.com –server localhost

amavis[1486]: (01486-02) Passed CLEAN {RelayedInternal}, LOCAL [127.0.0.1]:50268

(testuser@yourdomain.com – This is where you would like a test message to be delivered)

Testing VIRUS checking

swaks -t root@localhost –server localhost -d sample-virus-simple.txt

amavis[1488]: (01488-02) Blocked INFECTED (Eicar-Test-Signature) {DiscardedOutbound,Quarantined}, LOCAL [127.0.0.1]:50314

TESTING CLAMAV

Install test files:

sudo apt-get install clamav-testfiles

Then test it:

sudo clamdscan /usr/share/clamav-testfiles/

Once tested you can remove them:

sudo apt-get remove clamav-testfiles

Testing SPAM checking

swaks -t root@localhost –server localhost -d sample-spam-GTUBE-junk.txt

amavis[1487]: (01487-02) Blocked SPAM {DiscardedInternal,Quarantined}, LOCAL [127.0.0.1]:50238

File Examples:

sample-spam-GTUBE-junk.txt

Subject: Test spam mail (GTUBE)
Message-ID: <GTUBE1.1010101@example.net>
Date: Wed, 23 Jul 2003 23:30:00 +0200
From: Sender <sender@example.net>
To: Recipient <recipient@example.net>
Precedence: junk
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

This is the GTUBE, the
Generic
Test for
Unsolicited
Bulk
Email

If your spam filter supports it, the GTUBE provides a test by which you
can verify that the filter is installed correctly and is detecting incoming
spam. You can send yourself a test mail containing the following string of
characters (in upper case and with no white spaces and line breaks):

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

You should send this test mail from an account outside of your network.

sample-virus-simple.txt

From: virus-tester
To: undisclosed-recipients:;
Subject: amavisd test – simple – virus scanner test pattern

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Statistics

On Debian you can use: pflogsumm

sudo apt-get install pflogsumm

sudo pflogsumm -d today /var/log/mail.log

Postfix log summaries for Oct 3

Grand Totals
————
messages

16 received
16 delivered
0 forwarded
0 deferred
0 bounced
2 rejected (11%)
0 reject warnings
0 held
0 discarded (0%)

14189 bytes received
14189 bytes delivered
3 senders
2 sending hosts/domains
3 recipients
2 recipient hosts/domains

…..