Accessing Files Mac from Windows SMB Grayed Out

After migrating our File Share to Server 2012 R2 using DFS Replication, I had a Mac user indicate that folders he usually had access to were grayed out and unable to open the folder.

Screen Shot 2014-10-30 at 10.17.59 AM

First thing I noticed was that the date was January 24, 1984. Every folder that was grayed out had the same date.

**Fact, On January 24, 1984 the Apple Macintosh was introduced**

In order to find out what other files were grayed out, I went to PowerShell, rather than manually searching each folder.

Get-ChildItem -Recurse -Path '\\server\share' | Where-Object {$_.CreationTime -like '*1984*'} | Format-List FullName, CreationTime

This outputs each folder that has the 1984 creation date. If you want to export that to a file, just add a pipe and Out-File.

The command could take quite some time to run depending on the size of your file share.

Since we now have the information we need, we need to change the CreationDate. Since I don’t have time to touch every file, below is the PowerShell script that accomplished it for me.

 

## Simple check to search folders
Get-ChildItem -Recurse -Path '\\server\share' | Where-Object {$_.CreationTime -like '*1984*'} | Format-List FullName, CreationTime

## Get Current Date of Computer
$Date = Get-Date

## Same as before, but putting into variable, notice "|" at the end of the line
$File = Get-ChildItem -Recurse -Path '\\server\share' | Where-Object {$_.CreationTime -like '*1984*'} |
ForEach-Object {
  $_.CreationTime = $Date
}

Here is the folder structure after running the script.

Screen Shot 2014-10-30 at 11.08.25 AM

** This script comes with zero warranty and I highly recommend testing and backing up your environment before running.

Office 365 Search for Alias PowerShell

I recently came across a situation where spam was being delivered to an email address of a former employee. I was certain that the previous employee did not have a mailbox, but I wasn’t convinced that the address was not being used as an alias on another account. Since I didn’t remember where I pointed the alias, I had to do some searching.

I connected to Office 365 Exchange via PowerShell and ran the following commands:

$LiveCred = Get-Credentials
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
Import-PSSession $Session
Get-Mailbox -Identity * | Where-Object {$_.EmailAddresses -like 'smtp:ml*@domain.com'} | Format-List Identity

The Get-Mailbox searched through all of the mailboxes with the wildcard (*). After that, the Where-Object looked for similar results in the EmailAddresses attribute in all the mailboxes. Then I displayed the Identity of the user that has the alias in their account.

Pretty easy and straightforward, but it was a nice way to search through a lot of email addresses without a lot of work. If you want to see the actual email addresses, you can add EmailAddresses at the end of the Format-List.

Get-Mailbox -Identity * | Where-Object {$_.EmailAddresses -like 'smtp:ml*@domain.com'} | Format-List Identity, EmailAddresses

Backup Exec 2014 Failing After Migrating VMware Virtual Machine to vApp

The Problem

I recently hit a snag with Backup Exec 2014 V-Ray and vApps. What I noticed is once a virtual machine (I’ve only tested with Linux) is moved into a vApp, Backup Exec will not backup the virtual machine. 

I was receiving an email that gave this information:

(Server: “BackupExecServer“) (Job: “XXX-Incremental”) XXX-Incremental — The job failed with the following error: Cannot get the configuration details of a VMware virtual machine. After investigating the Backup Exec console, I found this error.

1Following the V-79-57344-38211 link gives you some awesome information, which can be found here, and actually contains the solution. But I wanted to know why it really happened. 

Solution

“The above error would occur if one or more virtual machines have been moved to a different ESX host and the previous non existent entries remain on the view selection list details.”

2

So there you have it, the solution. But, it didn’t seem quite right to me; I NEVER changed hosts, just moved the VM into a vApp.

The Test

In order to test this, I downloaded DSL and installed it in my virtual machine cluster. I let DRS choose where it wanted to put it, but did not put the VM in a vApp, as you can see below. 

4

 

I then created a backup set in Backup Exec 2014 and pointed to the virtual machine. After all that was set up, I ran the full and incremental backups, which were successful.  

3

 

Once I got everything working, it was time to test my solution in breaking the backup. First, I created the vApp named test.

 

5

Once the vApp was created, I moved the DSL VM into vApp. 

6Then I ran the Incremental backup again, which failed. 

7

Why?

If you’re like me, you just started asking why it failed. According to the BE documentation, it would have had to move hosts, in this case it didn’t. Right clicking on the job in the Backup Exec console, and selecting “Edit” will help us find out.

8

This will take us into the “Backup Definition Properties” page. Selecting “Edit” under the vCenter server will give us more information.

9Once there, select “Selection Details” tab. This will show the selection details. Then select “Modify”

10

This will show the “Include/Exclude” window, and allow you to see why, and change the setting.

If you look under “Resource name” you will see the path to the VM. Which is wrong since you moved in into a vApp. 

11

In order to fix the error, you have to insert a new selection. You need to cancel out of the previous “Modify” window and select “Insert” then “Insert Selection” from the drop down. This will take you to a similar window, from there, drill down and select the VM inside of the vApp. 

12

Select OK. You will then notice that there are two selections in the “Backup Selections” window. 

14

Select the top one, which is the oldest, and hit “Delete” 

 To verify the correct configuration, select “Modify” on the new item, you should see the “Resource name” updated to include the vApp.

13

Select OK until the configuration is saved. 

At that point I ran the backup again to verify that it worked. If you’re doing incremental backups, it will work with exceptions. In my case, the exception indicated that I needed to run a full backup first, then run an incremental backup again. I did in order to get a successful backup.

15

 

Conclusion

This process failed once you moved it into the vApp because you actually changed the path (Resource name) that Backup Exec uses to find the VM. If you don’t update the path, it’s looking for a machine that actually doesn’t exist. 

 

 

 

 

Multiple VLANs on vSwitch with HP Procurve

In the past, I’ve had very little need to run multiple VLANs over the same network card because I’ve only had my servers on the same VLAN virtualized. However, we are in the plans of virtualizing our phone system, which runs on it’s own VLAN. We’ve also deployed our wireless a little differently, which requires a separate VLAN.

Networking

First, you need to configure a trunked port.

ProCurve(config)# trunk ethernet xx trk1

Following that, you need to add the specific VLANS to the trunk port. They all need to be “trunked.”

ProCurve(config)# interface vlan xx tagged ethernet trk1
ProCurve(config)# interface vlan xx tagged ethernet trk1
ProCurve(config)# show vlans ports ethernet trk1 detail

The last line will show the configuration, it should look similar to this.

1

** Update **

If you’re using multiple NICs on the vSwitch (which you should for redundancy) you have to configure them as separate trunks, if not, it won’t work properly. 

vSphere

Now you need to move over the vSphere, since I’m on 5.5 I’m going to be using the web client.

My initial configuration looked like the image below, I had VLAN ID because everything was running on the default VLAN.

2

 

First you need to “Add Networking” and select “Virtual Machine Port Group for a Standard Switch”

3

 

At this point, you can either select and existing standard switch, or create a new one. For this demo I’m going to create a new one.

On the next screen you will need to select the adapters that you’re using.

Once you select Next, you will see the “Connection settings” screen that will allow you to name the network and provide a VLAN ID. *If this is a new VLAN, it won’t show up in the drop down menu, you have to erase the default text and enter in your VLAN ID.

4

 

Select Next and review your settings. After you are comfortable with the settings, select Finish.

This will create your vSwitch and add the network with the specified VLAN.

5

 

You’ll notice that there is only one VLAN configured by default. Now you must add more networking to the vSwitch. Like above, you need to add new networking, but this time you need to select an existing standard switch. Make sure you select the vSwitch that you’re working with. This will take you to the same screen as before to add your Network Label and VLAN. Add those and select Next then Finish.

Once you have refreshed the web client, you will see that both VLANS have been added to the vSwitch.

7

 

Now you will be able to select Demo and Demo 2 from the network settings on each virtual machine.

 

Office 365 – Hide from address lists (GAL)

I’ve recently been working on getting shared mailboxes in Office 365 to be hidden from the Global Address List (GAL) in the OWA and Outlook. I had a lot of trouble once I got the address hidden when I tried to access the shared mailbox (I’ll show the error later). After looking online, I couldn’t really find a comprehensive guide, hints writing this post. This post will cover the GUI, PowerShell and the problem that I encountered.

**Reminder, this only works for accounts in Office 365, the process is different for Active Directory synchronized accounts. Since I’m working with shared mailboxes, the accounts are NOT in my active directory.

Below is the screen shot from the OWA.
All Users

 

In order to “hide” shared mailboxes from this list, you either need to use PowerShell or access from the GUI. If you’re just doing one or two mailboxes, the GUI works well, but for larger scales, PowerShell would be recommended.

Gui

From your administrator account on Office 365, select ‘Admin’ and ‘Exchange’ from the drop down menu.

Exchange

 

After going into the Exchange Administration Center, verify that ‘recipients’ is selected and select ‘Shared’. This will bring you to all of your shared mailboxes.

Admin Center

Double click your Shared Mailbox that appears in the list or select the pencil icon to edit the properties. You will see that ‘Hide from address list’ is unselected. Since you want the account hidden from the address list, you need to select the check box. This makes your address hidden the from GAL.

PowerShell

To hide the account from the GAL using PowerShell is quite a bit more simple.

You need to connect to your Exchange Center via PowerShell by using the following:

$LiveCred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
Import-PSSession $Session

Once connected into the Exchange Center, run the following PowerShell command to edit the one account.

Set-Mailbox -Identity user@domain.com -HiddenFromAddressListsEnabled $true

This will make the desired mailbox hidden, you can verify it from the GUI if you desire.

The Problem…

Since the Shared Mailbox is now hidden from the GAL, it’s going to cause some problems if you remotely access the mailbox. We have shared mailboxes enabled for Calendars and some for Inboxes for different functions. Therefore, many different people access different aspects of the shared mailboxes.

So, what’s the problem? Well, when you try to open the mailbox it gives you an error that either (1) you don’t have permissions, or (2) the mailbox doesn’t exist. Since I do a lot in the OWA, I’m going to show all error messages in that.

To replicate the error in the OWA (again the error message might change in Outlook), go to your inbox by selecting Outlook. Then select the drop down menu by your name, and select ‘Open another mailbox…’

Open Mailbox

This will present you with a window to enter the email address for the shared mailbox.

Another Mailbox

Enter in the email address of the shared mailbox and you will see something similar to this (obviously you will have an address in the white box):

Not Found

 

It will NOT let you open the mailbox because according to your GAL, it doesn’t exist (but still receives mail).

Workaround

In order to work around this issue, there are two options (1) unhide the mailbox and deal with it being in the GAL or (2) add the contact into your personal contacts.

If you REALLY don’t care about the address being in the GAL, then leave it. But, if you don’t want it in your GAL, it’s going to be quite a bit of work, that cannot be scripted or done remotely.

Since option 2 is the option I want to proceed with, I’m going to move forward with explaining it. If you need to reverse the “Hide from address list” shown above, just uncheck the box in the GUI, or run the following if you’re working in PowerShell.

Set-Mailbox -Identity user@domain.com -HiddenFromAddressListsEnabled $false

So, option 2.

You still need to unhide the address in either the admin center, or using the above command. If you verify in the GUI, you will see the check box unchecked. Or verify in PowerShell by running the following command.

Get-Mailbox -Identity user@domain.com | Format-List Hid*

This will display either True or False. If True, that means that it IS hidden from the GAL.

Once you have the HiddenFromAddressListsEnabled set to False, you can proceed forward by opening the mailbox outlined above that gave the error. This will perform the lookup in the GAL and open the shared mailbox for you.

But, since you don’t want the address in your GAL, you need to add a local contact with the shared mailbox address into your contacts before hiding the mailbox again. Once you have created the contact in YOUR contacts, you can hide the shared mailbox again (outlined above).

Once you have hidden the mailbox, attempt to open the mailbox as outlined before. It should work.

Issue

The biggest issue I have with this, is since we have multiple people accessing the mailboxes with various permissions, I cannot add the contact remotely to the contact list, nor can I expect everyone of them to add it locally themselves. If there is a way to add contacts to users contact lists remotely, I would love to know how to do it.

 

Like I said before, I couldn’t find any of this information in a centralized location, so I decided to consolidate it all together to hopefully help someone down the road.

Moving AD Operations Master Roles

To find your PDC you need to use PowerShell. First, run:
netdom query FSMO

to gather the information. You should see similar to this:

Schema Master DC1.domain.com
Domain Naming Master DC1.domain.com
PDC DC1.domain.com
RID pool manager DC1.domain.com
Infrastructure master DC1.domain.com

Since we want the roles on DC2.domain.com, we need to run this PowerShell command:
Move-ADDirectoryServerOperationMasterRole -identity "DC2" -OperationMasterRole 0,1,2,3,4

The 0,1,2,3,4 are numeric representations of each role to move.

Now, if you run netdom query FSMO again, you should see this output.

Schema Master DC2.domain.com
Domain Naming Master DC2.domain.com
PDC DC2.domain.com
RID pool manager DC2.domain.com
Infrastructure master DC2.domain.com

70-410, My Opinion

MCP

Since I recently blogged about studying for the 70-410 Installing and Configuring Windows Server 2012 (R2) I’ve decided to give my opinion about the exam. Granted I hardly passed, I feel that the test was slightly unfair. In my opinion the exam was well written, some questions a little extreme, and there was stuff on it that actually wasn’t covered in the reading/videos I watched.

So, what can I do about the stuff that I felt wasn’t in the material? Nothing. But, I have heard that you will be best suited to study for the 70-410, 70-411 & 70-412 THEN take all 3 tests individually. Some material bleeds over into the next study material. Now I’m moving onto the 40-411 and fully plan to study for the 70-412 before taking it.

If you are planning on taking any of them, good luck!