Powershell Query – get-ADObject filter for Bitlocker

The following command returns all objects in the specified OU (replace XXX with your own values) which have Bitlocker recovery information and what the recovery key is.

Get-ADObject -Filter "objectClass -eq 'msFVE-RecoveryInformation'" -SearchBase "OU=XXX, OU=XXX, OU=XXX, DC=XXX, DC=XXX, DC=XXX, DC=XXX" -Properties msFVE-RecoveryPassword,whenCreated

I’m only really interested in the machine name for review so the following command both chops the Distinguished name field and returns just the second part and then chops that part removing the “CN=” section whilst also returning just that column name from the above query.

Get-ADObject -Filter "objectClass -eq 'msFVE-RecoveryInformation'" -SearchBase "OU=XXX, OU=XXX, OU=XXX, DC=XXX, DC=XXX, DC=XXX, DC=XXX" | Select @{l='ComputerName';e={$_.DistinguishedName.split(',')[1].split('=')[1]}}

The tricky part was the select statement, here’s a brief breakdown of what it’s doing.

@{} defines an array to be returned, which we’ll expect although it could end up being an array of 1 or 0 with no results.

“l” is shorthand for “label” which is the column header.
“e” is shorthand for “expression”.
“$_.” indicates a single item in the pipeline, the results of Get-ADObject are then piped and this catches them one at a time.
“DistinguishedName.split(‘,’)[1].split(‘=’)[1]” takes the value of the name DistinguishedName being piped and splits it first by “,”, selecting the second item in the array that forms “[1]” is second when counting from 0. It then splits that string again on the “=” sign, returning the second part (the actual computer name alone!).

Phew!

 

Learned a little more, powershell syntax understanding on the up!

VMWare Workstation 14 Ubuntu

I recently encountered a  minor issue attempting to create additional VMs in VMWare Workstation 14 on Ubuntu. The error I received suggested there wasn’t enough memory free to power on an additional VM but the host has 32GB of RAM and I’d allocated 20GB across all VMs.

Inspecting the /etc/vmware/config file revealed the value:

prefvmx.allVMMemoryLimit = "12954"

Which is a hard upper limit for all VMs, adjusting it to the following with VMWare closed and then start VMWare resolved the problem:

prefvmx.allVMMemoryLimit = "20480"

 

eSXi update storage drivers

1. Power down all running VMs on host (or migrate to another eSXi host if using vCenter)

2. Enable SSH on the eSXi host

3. SSH to the host

4. Enter maintenance mode via:

esxcli system maintenanceMode set --enable true

5. Uninstall the previous storage driver via:

esxcli software vib remove -n scsi-hpvsa -f

6. Reboot the eSXi host via:

esxcli system shutdown reboot --reason "your reason here" 

7. When the eSXi host is back SSH back in and ensure Maintenance Mode is enabled through the same command in step 4.

8. SCP / SFTP copy the new storage driver to /tmp/ on the eSXi host

9. Install the new storage drive via:

esxcli software vib install -v file:/tmp/name-of-driver-file-here.vib --force --no-sig-check --maintenance-mode

10. Reboot

11. Disable SSH

12. Exit Maintenance Mode

13. Power on / migrate back VMs

Powershell : Query for user’s last logon date

I needed to work out some AD accounts’ last logon dates to make a further assessment, in powershell I found this was fairly simple:

To get a list of all user attributes available for query:

$> get-aduser -identity <USERNAME_HERE> -Properties *

To query for last logon date:

$> get-aduser -identity <USERNAME_HERE> -Properties LastLogonDate

 

Ubuntu, Kernel 4.14+, VMWare Workstation 14

I was unable to compile the ubuntu kernel patches for VMWare Workstation 14.0 for a couple of reasons on Ubuntu 16.04 with an updated kernel v4.14:

 

1. Launching VMWare Workstation resulted in a GUI window complaining no GCC-7.2 was available, solved by the following commands (thanks to https://askubuntu.com/questions/859256/how-to-install-gcc-7-or-clang-4-0) :

sudo add-apt-repository ppa:jonathonf/gcc-7.1
sudo apt-get update
sudo apt-get install gcc-7 g++-7
 

2. The next failure was with further kernel compiling modules with the vmmonitor service failing. This needed a patch on the install scripts to support the latest kernel, resolved by the following commands (thanks to https://github.com/mkubecek/vmware-host-modules/commit/770c7ffe611520ac96490d235399554c64e87d9f for the patch and https://superuser.com/questions/1255099/vmware-workstation-not-enough-physical-memory-since-last-update/1255963 for guidance on applying it):


~$ sudo cd /tmp
~$  cp /usr/lib/vmware/modules/source/vmmon.tar .
~$  tar xf vmmon.tar
~$  rm vmmon.tar
~$  wget https://raw.gi 
thubusercontent.com/mkubecek/vmware-host-modules/fadedd9c8a4dd23f74da2b448572df95666dfe12/vmmon-only/linux/hostif.c
~$  mv -f hostif.c vmmon-only/linux/hostif.c
~$  tar cf vmmon.tar vmmon-only
~$  rm -fr vmmon-only
~$  mv -f vmmon.tar /usr/lib/vmware/modules/source/vmmon.tar
~$  vmware-modconfig --console --install-all

Ubuntu, LVM, Partitions

Ubuntu disk partition extension under LVM:

1/ extend the LVM volume (cheated with gparted but parted would work fine, this is the container partition for the “Volume Group”.

 

2/ Next launch LVM and use “lvdisplay” to print the current output, mine was a container group with a single logical volume named “root”

 

3/ Now I know the location and name of the LV I can issue the following command to expand it into the available free space created in step 1:

lvextend -l +100%FREE /dev/Container1/root

 

4/ Finally exit lvm and expand the file system to fill the LV:

sudo resize2fs /dev/Container1/root

Ubuntu

Issuing “apt-get update” or “apt-get upgrade” commands resulted in the following error:

E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)
E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?

I couldn’t locate any running processes which would be locking these files so went ahead and removed the lock files via:

sudo rm /var/lib/apt/lists/lock
sudo rm /var/cache/apt/archives/lock
sudo rm /var/lib/dpkg/lock

And then repeated the commands successfully.

 

Ubuntu & Virtualbox

Ubuntu 16.04 (kernel 4.14), Virtualbox

I was trying to install Oracle VirtualBox either from their repo or from the Ubuntu repo but both failed to compile the Kernel Module.

I tried various guides before actually reading the error log whereupon I found the “libelf-dev” package was required (at least for installing virtualbox-5.2 from Oracle directly!).

Microsoft Office 2016 Licensed via KMS but with Activation Splash Screen on launch

Resolved by following https://support.office.com/en-us/article/Office-repeatedly-prompts-you-to-activate-on-a-new-PC-a9a6b05f-f6ce-4d1f-8d49-eb5007b64ba1

 

 

  • Close the activation window and all Office apps.

  • Right-click the Start button Windows Start button in Windows 8 and Windows 10 on the lower-left corner of your screen, and select Run.
  • Type regedit, and then press Enter. Select Yes when prompted to open the Registry Editor.
  • On the left side of the Registry Editor, under Computer, navigate to the following key in the registry:

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\16.0\Common\OEM

  • Right click the OEM value and click File>Export.
  • Save the key.
  • After the key is backed up, select Edit>Delete.
  • Repeat steps 3-6 for the following key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Common\OEM

  • Close the Registry Editor and start Office again.