Category: Powershell

How to Add Multiple Subnets to Active Directory Sites and Services

Yusuf Ustundag Leave a comment

Your infrastructure may have multiple locations and, depending on those locations, many network subnets. In some cases, you may choose to use multiple network subnets to separate services even within a single data centre.

If you are using Active Directory as the directory service in your infrastructure, you need to add these subnets to ‘Sites’ under "Active Directory Sites and Services" and ‘Subnets’ under that.

You can add subnets most simply with a few right clicks on the "Active Directory Sites and Services" console. This is usually the method that everyone uses.

This process also has an equivalent in the PowerShell world. Although it is generally not preferred by those who do not like to work with scripts, there is no better method than this when you want to do batch processing.

If you have hundreds of subnets that you need to define, you can do it in seconds with the following script.

# CSVPath
$csvFilePath = "C:\Subnet.csv"

# CSVRead
$subnets = Import-Csv -Path $csvFilePath

#Created
foreach ($subnet in $subnets) {

$name = $subnet.Name
$site = $subnet.Site
$description = $subnet.Description

try
{New-ADReplicationSubnet -Name $name -Site $site -Description $description
Write-Host "Subnet $name added."
}catch{
Write-Host "Subnet $name failed: $_"
}
}

 

For mote detailed information ;

Have a nice day!

How to Upgrade Failover Cluster Functional Level

Yusuf Ustundag 4 Comments

When you add new nodes with a higher operating system to your Windows Failover cluster environment, you will receive warnings about "Functional Level" mismatch in your failover cluster logs.

The main reason for these warnings is that the operating systems and functional levels of the clusters connected to the nodes in your environment are different from each other.

You can follow the steps below to change the functional level compatibility;

  • To view the Failover Cluster Functional Level version
    Get-Cluster | select ClusterFunctionalLevel
  • To upgrade the Failover Cluster Functional Level version
    Update-ClusterFunctionalLevel
  • To view the upgrade process of the Failover Cluster Functional Level version
    Get-Cluster | select ClusterFunctionalLevel
  • In Windows Server 2019 the Clustering team introduced a new PowerShell cmdlet to check how many nodes of the cluster are running on which level
    "Get-ClusterNodeSupportedVersion" helps you to identify the Cluster Functional Level and the Cluster Upgrade Version.

The table below shows the values and each corresponding functional level:

 

For more detailed information;

Have a nice day!

How to Fix Failed While Applying Switch Port Settings ‘Ethernet Switch Port VLAN Settings’

Yusuf Ustundag 4 Comments

If you get the following error when you want to make a VLAN change on your virtual server that you use on Hyperv;

"Error applying Network Adapter changes"
"The operation failed. Failed while applying switch port settings 'Ethernet Switch Port VLAN Settings' on switch 'Vs': One or more arguments are invalid (0x80070057)."

The root cause of this problem is the network mode you use on your virtual server, for example F5 virtual server appliance.
Let’s continue with the example there are more than one ethernet card over the F5 virtual server appliance, some of which are trunk and some are access mode.

You will get an error when you make the VLAN change on the Trunk mode card from the Hyper V Failover Cluster gui.

To fix this problem, you can follow the steps below;

  • First of all, we view the cards and their modes on the virtual server.
    Get-VMNetworkAdapterVlan -VMName servername
  • The tag is removed the network card with trunk mode.
    Set-VMNetworkAdapterVlan -VMName servername -VMNetworkAdapterName NIC3 -untagged
  • We define access mode and VLAN ID.
    Set-VMNetworkAdapterVlan -VMName servername -VMNetworkAdapterName NIC3 -Access -VlanId 715
  • To view the change made.
    Get-VMNetworkAdapterVlan -VMName servername

Have a nice day!

 

How to Enable Multi-Factor Authentication (MFA) Office 365 with Powershell ?

Yusuf Ustundag 1 Comment

You can use Microsoft’s free Multi-Factor Authentication (MFA) application to further increase the security of your Office 365 users in your organization.
Of course, for this, your organization must have minimum Azure AD, Microsoft 365 and Microsoft 365 license types.

For more, you can visit the addresses below;

Secure user sign-in events with Azure AD Multi-Factor Authentication
Set up multifactor authentication for Microsoft 365
Multifactor authentication for Microsoft 365
Features and licenses for Azure AD Multi-Factor Authentication

If you want to enable MFA for all or some of your users in your organization, you can follow the steps below;
Method 1: You can access the MFA area via the console and take action for users.
Login to Office 365 Admin Center –> Active Users –> Multi-factor authentication

 

Method 2: You can do it using Connect-MsolService cmdlet powershell commands.
You can use three different methods, “EnablePerUserMFA”, “BulkImportEnable” and “EnableAllUserMFA”.

#ConnectMsolService Connect-Msolservice #EnablePerUserMFA $user = "alias@domainname"
$st = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$st.RelyingParty = "*"
$st.State = "Enabled"
$sta = @($st) Set-MsolUser -UserPrincipalName $user -StrongAuthenticationRequirements $sta

If you want to enable MFA for more than one user or certain departments;
First we organize your users in csv file type

UserPrincipalName
alias1@domainname
alias2@domainname
alias3@domainname
alias4@domainname
alias5@domainname
alias6@domainname
#BulkImportEnable $users = Import-Csv "C:\Temp\MFAEnable.csv" foreach ($user in $users) { $st = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement $st.RelyingParty = "*" $st.State = "Enabled" $sta = @($st) Set-MsolUser -UserPrincipalName $user.UserPrincipalName -StrongAuthenticationRequirements $sta } Write-Host "Script is Running.." Read-Host -Prompt "Script is Completed, Press Enter to Exit."
#EnableAllUserMFA $st = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement $st.RelyingParty = "*" $st.State = "Enabled" $sta = @($st) Get-MsolUser -All | Set-MsolUser-StrongAuthenticationRequirements $sta

Have a nice day !

How to Fix Exchange Server “421 4.3.2 Service not available”

Yusuf Ustundag 2 Comments

When I examined the receive connector logs to identify the problem with the mail traffic I was experiencing on one of my Exchange servers, I saw that the error “421 4.3.2 Service not available” was constantly repeated.

When I followed the mail flow in the log, I observed that the steps continued successfully, but at the last stage it gave the error “421 4.3.2 Service not available“.

auth login,
334 authentication response,
SMTPSubmit SMTAccept,
235 2.7.0 Authentication Successful,
Mail From : <…@…>,
421 4.3.2 Service not available,
Remote(SocketError)

I checked the ServerComponentState of the server, and saw that the HubTransport was Draining.

Get-ServerComponentState (hostname)

To fix this situation, we need to use the following command.

Set-ServerComponentState ExchServerName -Component HubTransport -State Active -Requester Maintenance

Check again Get-ServerComponentState (hostname)

Have a nice day !

Exchange Server Cluster(DAG) Maintenance

Yusuf Ustundag 3 Comments

If you are planning to make cumulative updates to your Exchange Servers, you must first put the server on which you will install the update into maintenance mode.
To perform maintenance on Exchange Servers, follow these steps:

  • First of all, if you are using a load-balancer, make sure that there is no mail traffic to the server you will maintain.
  • Pre-Check 1 – Get-ServerComponentState ExchServerName | ft Component,State -Autosize
  • Pre-Check 2 – Get-MailboxServer ExchServerName | ft DatabaseCopy* -Autosize
  • Pre-Check 3 – Get-ClusterNode ExchServerName| fl
  • Pre-Check 4 – Get-Queue
  • Maintenance 1 – Set-ServerComponentState ExchServerName -Component HubTransport -State Draining -Requester Maintenance
  • Maintenance 2 – Restart-Service MSExchangeTransport
  • Maintenance 3 – Get-Queue
  • Maintenance 4 – CD $ExScripts
    .\StartDagServerMaintenance.ps1 -serverName ExchServerName -MoveComment Maintenance -PauseClusterNode
  • Maintenance 5 – Redirect-Message -Server ExchServerName -Target OtherServerName
  • Maintenance 6 – Suspend-ClusterNode ExchServerName
  • Maintenance 7 – Set-MailboxServer ExchServerName -DatabaseCopyActivationDisabledAndMoveNow $True
  • Maintenance 8 – Set-MailboxServer ExchServerName -DatabaseCopyAutoActivationPolicy Blocked
  • Maintenance 9 – Set-ServerComponentState ExchServerName -Component ServerWideOffline -State Inactive -Requester Maintenance
  • Control 1 – Get-ServerComponentState ExchServerName | ft Component,State -Autosize
  • Control 2 – Get-MailboxServer ExchServerName | ft DatabaseCopy* -Autosize
    Get-ClusterNode ExchServerName | fl
    Get-Queue

By the way, if you have made changes to the configuration files (Web.config,Edgetransport.exe.config etc) before starting the update process, it is recommended to backup them, because the changes you made after the update will return to their default settings.

You can now update the server.

After completing the update process we need to take the server out of maintenance mode.

  • After 1 – Set-ServerComponentState ExchServerName -Component ServerWideOffline -State Active -Requester Maintenance
  • After 2 – CD $ExScripts
    .\StopDagServerMaintenance.ps1 -serverName ExchServerName
  • After 3 – Set-ServerComponentState ExchServerName -Component HubTransport -State Active -Requester Maintenance
  • After 4 – Restart-Service MSExchangeTransport
  • After 5 – Get-ServerComponentState ExchServerName | ft Component,State -Autosize

 

If you have specific configuration backups, you can compare them with your backups and rearrange them. (Don’t forget to restart the server)

Now you can add your server to the load-balancer again and include it in the mail traffic.

 

Have a nice day !

How to Change User Role “Manage Teams”

Yusuf Ustundag 1 Comment

If you want to change the roles of the members of the team groups you have, you can usually use the Teams Admin Panel.

Manage Team Settings

In cases where there are too many members in the group you want to change roles, it may not be efficient to do this from the management console, or you may not see the action taken.

The next thing to do is to use Teams Powershell commands.

First of all, we use the get-team cmdlet to see the properties of the group.

Get-Team -DisplayName "Group Name"

We need to use the Get-TeamUser cmdlet to view the members of the group, but it needs “GroupId” information to use it.

Get-Team -DisplayName "Group Name" | select GroupID

Get-TeamUser -GroupId "419XXX-XXfc-XX6-bXX9-XXXX2ae8a"

We need to use the Add-TeamUser or Remove-TeamUser cmdlet to change roles.

Add-TeamUser -GroupId "419XXX-XXfc-XX6-bXX9-XXXX2ae8a" -User yusuf@yusufustundag.com -Role Owner

or

Remove-TeamUser -GroupId "419XXX-XXfc-XX6-bXX9-XXXX2ae8a" -User yusuf@yusufustundag.com -Role Owner

 

Have a nice day !

How to Find Servers are Using VMXNET3 Adapter

Yusuf Ustundag 1 Comment

If you want to list the adapters used by the virtual servers in your VMware virtualization platform, you can use the commands below.

By the way first of all you need to connect to vCenter and vmware tools must also be installed on your virtual servers.

For example to list servers with VMXNET3 adapters;

Get-Vm | Get-NetworkAdapter | Where-object {$_.Type -eq "Vmxnet3"} | Select @{N="VM";E={$_.Parent.Name}},Name,Type

 

For example to list servers without VMXNET3 adapters you can changing the -eq parameter;
Get-Vm | Get-NetworkAdapter | Where-object {$_.Type -ne "Vmxnet3"} | Select @{N="VM";E={$_.Parent.Name}},Name,Type

 

If you want to export these lists into .csv file usage Export-Csv command;
Export-Csv C:\VMXNET3_Adapter.csv -NoTypeInformation

The final state of the command;

Get-Vm | Get-NetworkAdapter | Where-object {$_.Type -eq "Vmxnet3"} | Select @{N="VM";E={$_.Parent.Name}},Name,Type | Export-Csv C:\VMXNET3_Adapter.csv -NoTypeInformation

Have a nice day !

How to Connect VMware from Powershell

Yusuf Ustundag 3 Comments

I know it sounds like a very simple process.It is usually told that you can open the powershell application and access it with the “Connect-VIserver” command sets.
This information is correct but incomplete because the need to required install the powershell module.

Install-Module -Name VMware.PowerCLI

If you have installed the module, you can now connect to VMware vCenter via Powershell.

Connect-VIserver -Server vCenter -Port 443

If you get an error like the one below while connecting, you can use the command below to ignore the warning.

Error: Invalid server certificate. Use Set-PowerCLIConfiguration to set the value for the InvalidCertificateAction option to Prompt if you’d like to connect once or to add a permanent exception for this server. Additional Information: Could not establish trust relationship for the SSL/TLS secure channel with authority

Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false

Now you can connect

Have a nice day !

How to Find Local Group Members from Remote Servers

Yusuf Ustundag 2 Comments

If you need to list local group members belonging to remote servers , you can use two different powershell commands below.

By the way If the Windows Remote Management (WinRM) service is turned off on your remote servers, “Invoke-Command” doesn’t work.

$Servers = Get-Content C:\Temp\BulkServers.txt
Foreach ($Server in $Servers)
{
Invoke-Command -ComputerName $Server -ScriptBlock {Get-LocalGroupMember -Group "Remote Desktop Users"} | Select PSComputerName,Name
}

or

$Servers = Get-Content C:\Temp\BulkServers.txt
Foreach ($Server in $Servers)
{
$Groups = Get-WmiObject Win32_GroupUser –Computer $Server
$RDPUsers = $Groups | Where GroupComponent –like '*"Remote Desktop Users"'

Write-Host "Server: $Server"
Write-Host " "
$RDPUsers |% {
$_.partcomponent –match ".+Domain=(.+)\,Name=(.+)$" > $null
$matches[1].trim('"') + "\" + $matches[2].trim('"')
}
Write-Host " "
}

To list other group members, simply change the “Remote Desktop Users” group information.

Have a nice day !