script that sends mail when password expires in X days

 
#———- Made By: Mark Arnoldus, For PowerShell 3.0 Script —————-

Import-Module ActiveDirectory
Start-Sleep -s 10

function sendMail{

Write-Host “Sending Email”
$EmailSender = “demo@sender.com”
$Emailaddress = “demo@sender.com”
$Bodytext = “Your text ”

$Subjecttext = “subject”

$smtpServer = “smtp.demo.local”

#Creating a Mail object
$msg = new-object Net.Mail.MailMessage

#Creating SMTP server object
$smtp = new-object Net.Mail.SmtpClient($smtpServer)

#Email structure
$msg.From = $EmailSender
$msg.ReplyTo = $EmailSender
$msg.To.Add($emailaddress)
$msg.subject = $Subjecttext
$msg.body = $Bodytext

#Sending email
$smtp.Send($msg)
}

#Get All users with password cannot expire
$PasswordCannotExpire = (get-aduser -ldapfilter “(&(&(objectCategory=user)(userAccountControl=66048)))”).samaccountname

#Get All users in AD that are enabled
#
$AllEnabledUsers = (get-aduser -ldapfilter “(&(&(objectCategory=user)(userAccountControl=512)))”).samaccountname

#For each users
foreach ($EnabledUser in $AllEnabledUsers) {

#Get GivenName
$GivenName = (get-aduser -Identity $EnabledUser).GivenName

# Set parameters
$Expnotificationdays = 5
$IsIttrue = “True”

# Users with Password cannot expire
$IsUserInCannotExpire = $PasswordCannotExpire -contains $EnabledUser

# Max password age
$MaxPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge.days

# Password last set
$PasswordLastSet = (get-aduser -identity $EnabledUser -properties *).PasswordLastSet

# Date that password will expire
$ExpiryDate = ($PasswordLastSet).AddDays($MaxPasswordAge)

# Current Date
$CurrentDate = Get-Date

# Difference in expirydate minus the current date
$DifferenceExpiryDateCurrentDate = ($ExpiryDate-$CurrentDate).Days

# If $DifferenceExpiryDateCurrentDate is less or equal to 0 than it is zero.
if ($DifferenceExpiryDateCurrentDate -le 0) {$DifferenceExpiryDateCurrentDate = 0}

# If x days to expire is less or equil to warning tresshold date for expiration and User is not an cannot expire User Then mail the user and give output to command prompt.
if ($DifferenceExpiryDateCurrentDate -le $Expnotificationdays -And $IsUserInCannotExpire -ne $IsItTrue) {$EnabledUser + ” ” + $GivenName +” ” + $DifferenceExpiryDateCurrentDate
sendMail
}
}

Advertisements

Active Directory PowerShell Get-ADUser -LDAPFILTER userAccountControl

It is very easy to query with ldapfilter  with the AD powershell command Get-ADuser.

 

For example:

(get-aduser -ldapfilter “(&(&(objectCategory=user)(userAccountControl=512)))”).samaccountname

 

Active Directory userAccountControl Values:

Normal Day to Day Values:
===========================
512 – Enable Account
514 – Disable account
544 – Account Enabled – Require user to change password at first logon
4096 – Workstation/server
66048 – Enabled, password never expires
66050 – Disabled, password never expires
262656 – Smart Card Logon Required
532480 – Domain controller

All Other Values:
===========================
1 – script
2 – accountdisable
8 – homedir_required
16 – lockout
32 – passwd_notreqd
64 – passwd_cant_change
128 – encrypted_text_pwd_allowed
256 – temp_duplicate_account
512 – normal_account
2048 – interdomain_trust_account
4096 – workstation_trust_account
8192 – server_trust_account
65536 – dont_expire_password
131072 – mns_logon_account
262144 – smartcard_required
524288 – trusted_for_delegation
1048576 – not_delegated
2097152 – use_des_key_only
4194304 – dont_req_preauth
8388608 – password_expired
16777216 – trusted_to_auth_for_delegation

 

List is from here

How to: Upgrade NetScaler 10.1 Build to 10.5 Build

Pre-Phase

0. If you have a custom theme change the custom theme to the default theme.

Gui NetScaler Gateway – Global Settings – change global settings 

Backup the custom theme. check this article 

1. Check supported Upgrade path

2. Check if you have NSROOT Access with SSH(Putty)

3. Check if you can transfer files(WinSCP) with NSROOT

4. NS has to reboot so get some  maintanance downtime

5. Run the following command: Show techsupport or in the gui System > Diagnostics > Generate support file

6. Create a backup of the following files on each appliance:

> create system backup -level full

Verify

> show system backup

Additional backup the following.

Standard Files
/nsconfig/ns.conf
/nsconfig/license/*
/nsconfig/ssl/*
/var/nslog/*
Files you might have customized
/nsconfig/monitors/*.pl
/nsconfig/htmlinjection/*
/nsconfig/rc.netscaler

7. Do a filesystem integrity check: http://support.citrix.com/article/CTX122845

Upgrade

8. make the folder /var/nsinstall/<NS Version>/<NS Build>/

9.  Upload the build file to the folder /var/nsinstall/<NS Version>/<NS Build>/

10. Decompress the firmware tar -zxf <filename>

11. Install the firmware: ./installns

12. Reboot Y

13. Check version number: sh version

 

 

 

 

 

 

 

How to create reverse proxy on the NetScaler

Prerequisites

– For HTTPS reverse proxy you need a certificate. For external usage you need a certificate that is trusted bij a external CA.

– Add Feature Content Switching, Load Balancing. (I Forgot it first time… always had a 503 error code….  i was sure the policy for content switching was ok….)

DontForgetAddFeatureCSW

 

1. Make a Load Balanced Reverse Proxy.
1.1 Add a server. your real Webserver

AddServer
1.2 Add a service. Choose a monitor or create a monitor. Best monitor is a monitor that checks if some content is on the site report UP.

AddService
1.3 Add a LB virtual server. And choose for example CookieInsert for persistancy.

1.4 Add your internal Certificate(from your internal domain CA) when it is a https connection to the back-end webserver. Bit length restriction for windows is 1024 bits. I recommend to use as low as possible for internal traffic. Less encrryption/decryption = less CPU usage.

 

AddVirtualLBServerAddVirtualLBServerCookieInsert
1.5 Create a Content switching Policy.

ADDCSWPolicy

 

1.6 Create a Content Switching Virtual Server. Bind the CSW policy. Select the created LB virtual server as Target.

1.7 Add the Cert that is trusted by a public CA to the SSL Settings

ADDCSWVServer

1.8 Add  DNS entry CSWDEMO.DEMO.LOCAL 192.168.2.22

PingCSWIP

1.9 Successful!!!!

successfullCSW

 

 

solution: downloading or opening PDF not working and encrypted pages cant open or save files.

In an customer environment there were issues with opening PDF files on a HTTPS page. Downloading – save as didnt work either.

After investigation my KPN Consulting collegue Tim Nieuwenhuys has found the solution:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

 

“DisableCachingOfSSLPages”=dword:00000000

 

See also Ingmar Verheij blog post and Microsoft Article. This solution also helps when you want to open or save files like PDF or WORD files and you are confronted with Default_aspx.
Thank you Tim 🙂

Citrix StoreFront 2.5 Anti multiple click :)

In Real world users click icons one or multiple time when a desktop or published app is loading in Citrix Storefront webportal. Result is multiple sessions and there is no option to set a time-out on clicking in Storefront < 2.5.

A simple modification in StoreFront 2.5 gives a time-out on clicking!

\inetpub\wwwroot\Citrix\IntraAppsWeb\contrib\ custom.script.js

Add

$(document).ready(function() {

     CTXS.Resources.multiClickTimeout = 20;

});

20 is 20 seconds