At the end, the solution was super simple. Right-click, properties on the downloaded zip package, and click UNBLOCK. Damn you security feature, wasted half a day just figuring this out!
A Systems Engineer National University of Singapore. Currently, I spend most of my time at work on AD, Powershell, Exchange, and Office 365 design. But my interest for technology means that I will not limit myself from anything new.
Monday, December 9, 2013
Of PowerShell, dotNET, and unblocking DLLs
I've been trying like crazy to get my System.data.SQLite to load into Powershell. I tried all the versions, checked and double checked versions and dependencies...
Friday, May 3, 2013
Changing the Primary and other emails for DirSync Office 365 users (with no exchange on premise)
OK, the idea is that if you are using DirSync for user objects on office 365, there is no way to change the SMTP address on office 365 portal. You can't even do it on the exchange management console, and you'll get almost the same luck if you try using Remote Powershell to O365 or even Exchange Management shell.
After hunting all around the community forums, I finally found a few good way we can do this via powershell (after all, you don't want to go mess with ADSIEdit if you're in an enterprise environment, having hundreds of accounts to provision or modify each day).
Simple method 1 (only set Primary Email - SMTP):
Using Remote PS, run the following command
After hunting all around the community forums, I finally found a few good way we can do this via powershell (after all, you don't want to go mess with ADSIEdit if you're in an enterprise environment, having hundreds of accounts to provision or modify each day).
Simple method 1 (only set Primary Email - SMTP):
Using Remote PS, run the following command
Set-Mailbox user -WindowsEmailAddress user@domain.comThis is pretty good, as it just sets the primary email to what you want it to be, and forget about everything else. But if you are one who have exchange on premises, the "ProxyAddressess" field in your on premise, federating AD will overwrite that. So this is the only way to modify it:
Get-ADUser $sAMAccountName -properties ProxyAddresses | %{$_.ProxyAddresses += @('SMTP:primary@domain.com', 'smtp:secondary@domain.com'); Set-Aduser -Instance $_ }For more complicated requirements, you may have to parse through the ProxyAddresses array to remove SMTP fields you don't want, add in smtp fields you want, etc. Maybe if I have some extra time in the future, I shall write a little helper script to do just that. I may even have a need to write such a script in the future, who knows ;-)
Sunday, April 21, 2013
Hyper-V virtual disk on external USB hard disk
I was having so much problem with creating a Hyper-V VM on my windows 8 maching, the error I kept getting was
This was so irritating, until a colleague told me to turn off my antivirus, and tada! It worked like a charm. He says I can turn it on again after the VM is created and running...
failed to add device 'Synthetic Disk Drive'
This was so irritating, until a colleague told me to turn off my antivirus, and tada! It worked like a charm. He says I can turn it on again after the VM is created and running...
Friday, March 22, 2013
Mailbox enable a user in Office 365 using PowerShell
I was searching high and low for this all around the internet. Enable-mailbox doesn't seem to work, New-Mailbox also doesn't do it... It turns out that the solution is one that doesn't make sense at all.
Apparently all you need to do in Office 365 is to assign a license (an MsolAccountSku) to the user, and the mailbox will be automatically provisioned based on the UPN. That easy!
Here are the commands...
First, get your Account SkuID:
$sku = Get-MsolAccountSku
Then set a location for the user (else you can add a license):
Set-MsolUser -UserPrincipalName user@domain.onmicrosoft.com \
-UsageLocation "SG"
Then, add the account SkuID to the user:
Set-MsolUserLicense -UserPrincipalName \
user@domain.onmicrosoft.com -AddLicenses $sku.AccountSkuId
Then you wait as the mailbox is provisioned in the background.
Apparently all you need to do in Office 365 is to assign a license (an MsolAccountSku) to the user, and the mailbox will be automatically provisioned based on the UPN. That easy!
Here are the commands...
First, get your Account SkuID:
$sku = Get-MsolAccountSku
Then set a location for the user (else you can add a license):
Set-MsolUser -UserPrincipalName user@domain.onmicrosoft.com \
-UsageLocation "SG"
Then, add the account SkuID to the user:
Set-MsolUserLicense -UserPrincipalName \
user@domain.onmicrosoft.com -AddLicenses $sku.AccountSkuId
Then you wait as the mailbox is provisioned in the background.
Wednesday, March 20, 2013
FreeBSD 9 Authenticate to 802.1X Wired Ethernet (LAN)
I've been searching high and low for a single solution to this problem, but there seem to be no good blog/guide that answers this.
The scenario is that my workplace, NUS is slowly rolling up 802.1X authentication for wired ethernet, that's the LAN socket on the wall you connect your computer to. Yes, we now have to use our AD username and password to authenticate before we can get any sort of network connectivity after connecting to the LAN socket. Now, of course, there are guides for staff/students to get connectivity, but the guides are only for windows, mac, and (surprise!) Ubuntu. And even the Ubuntu guide is only configuring through the GUI, nothing on the actual command-line and configuration files stuff.
After spending more than half a day (spread out in a 2-3 days period) hunting high and low, plus a little bit of reading and digging through the rc.d scripts, I finally managed to get my FreeBSD box to automatically authenticate, and obtain a DHCP lease from the wall socket. Phew!
It's actually only a 2 step process. First, create a /etc/wpa_supplicant.conf
Basically, the important thing you need is ap_scan=0. Also, I believe keymgmt=IEEE8021X will ensure you're not using WPA or WEP or something of those sorts. The following lines are pretty well documented. My organisation uses PEAP, as for eapol_flags, I have no idea what it does. You can try taking it out, I believe it worked for me either way. The first two lines are just to create an admin listening socket so that wpa_cli can poll it for changes, or just to query the status of the wpa_supplicant daemon. For my case, I am limiting the admin interface to members of group 'wheel' only.
Then, configure /etc/rc.conf like so:
Where bge0 is your network interface. At first, I was wondering how to include the -Dwired in the rc.conf, but apparently, the rc.d/wpa_supplicant script has already catered that for wired interfaces. How neat!
Oh, by the way, if you want to test whether your configuration is right, you can run wpa_supplicant with verbose debugging as below:
Next up, I'd wanna get it to join AD, register its IP address in AD's built-in DDNS, disallow AD user to login, but allow AD user to access Samba file share.
The scenario is that my workplace, NUS is slowly rolling up 802.1X authentication for wired ethernet, that's the LAN socket on the wall you connect your computer to. Yes, we now have to use our AD username and password to authenticate before we can get any sort of network connectivity after connecting to the LAN socket. Now, of course, there are guides for staff/students to get connectivity, but the guides are only for windows, mac, and (surprise!) Ubuntu. And even the Ubuntu guide is only configuring through the GUI, nothing on the actual command-line and configuration files stuff.
After spending more than half a day (spread out in a 2-3 days period) hunting high and low, plus a little bit of reading and digging through the rc.d scripts, I finally managed to get my FreeBSD box to automatically authenticate, and obtain a DHCP lease from the wall socket. Phew!
It's actually only a 2 step process. First, create a /etc/wpa_supplicant.conf
ctrl_interface=/var/run/wpa_supplicantUPDATE: keymgmt should be key_mgmt with an underscore (ref). Thanks, Ryan Stark
ctrl_interface_group=wheel
ap_scan=0
network={
key_mgmt=IEEE8021X
eap=PEAP
identity="Username"
password="secretpassword"
eapol_flags=0
}
Basically, the important thing you need is ap_scan=0. Also, I believe keymgmt=IEEE8021X will ensure you're not using WPA or WEP or something of those sorts. The following lines are pretty well documented. My organisation uses PEAP, as for eapol_flags, I have no idea what it does. You can try taking it out, I believe it worked for me either way. The first two lines are just to create an admin listening socket so that wpa_cli can poll it for changes, or just to query the status of the wpa_supplicant daemon. For my case, I am limiting the admin interface to members of group 'wheel' only.
Then, configure /etc/rc.conf like so:
ifconfig_bge0="WPA DHCP"UPDATE: should be WPA instead of WAP (ref), thanks Thor Erik!
Where bge0 is your network interface. At first, I was wondering how to include the -Dwired in the rc.conf, but apparently, the rc.d/wpa_supplicant script has already catered that for wired interfaces. How neat!
Oh, by the way, if you want to test whether your configuration is right, you can run wpa_supplicant with verbose debugging as below:
wpa_supplicant -dd -Dwired -c /etc/wpa_supplicant.conf \Bear in mind that if it succeeds, the daemon will be in the foreground and will not return you to shell, you will need to Ctrl-Z it, and bg it to the background if you wish to continue working.
-i bge0
Next up, I'd wanna get it to join AD, register its IP address in AD's built-in DDNS, disallow AD user to login, but allow AD user to access Samba file share.
Installing (and optimizing) FreeBSD 9 on SSD drive
I've setup to install FreeBSD on one of the old desktop computers lying around. It has a Pentium D and GB or so of RAM. Am planning to use it for a ZFS file server using SAMBA.
Anyway, to fully optimize the partitioning process, I opted for the "Shell" mode. These are the commands I ran:
My SSD is on /dev/ada0.
Firstly, destroy the current partition table on the disk:
Anyway, to fully optimize the partitioning process, I opted for the "Shell" mode. These are the commands I ran:
My SSD is on /dev/ada0.
Firstly, destroy the current partition table on the disk:
gpart destroy -F /dev/ada0Next, create a GPT disk and add the partitions. I'm using a Crucial m4 SSD, and it's said to use 2 controllers and have a block size of 1024k, so let's align it to 1024k:
gpart create -s gpt ada0Now, install the bootcode:
gpart add -s 64k -t freebsd-boot -a 1024k -l boot0 ada0
gpart add -s 8G -t freebsd-swap -a 1024k -l swap0 ada0
gpart add -s 20G -t freebsd-ufs -a 1024k -l root0 ada0
gpart add -s 10G -t freebsd-ufs -a 1024k -l var0 ada0
gpart add -s 4G -t freebsd-ufs -a 1024k -l tmp0 ada0
gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 1 ada0Next, format the partitions with softupdate (no point journaling for SSD as fsck will already be fast anyway). Also, turn on TRIM (important):
newfs -U -t /dev/ada0p3Now that it's all done, let's mount them properly in /mnt for the installer to continue with the installation.
newfs -U -t /dev/ada0p4
newfs -U -t /dev/ada0p5
mount /dev/ada0p3 /mntDon't forget to edit fstab:
mkdir /mnt/var /mnt/tmp
mount /dev/ada0p4 /mnt/var
mount /dev/ada0p5 /mnt/tmp
vi /tmp/bsdinstall_etc/fstabThis is how my fstab looks like:
# Device MntPnt FSType Options Dump Pass#Finally, we can now continue with the installation:
/dev/ada0p2 none swap sw 0 0
/dev/ada0p3 / ufs sw 1 1
/dev/ada0p4 /var ufs sw 1 2
/dev/ada0p5 /tmp ufs sw 0 3
exit
Thursday, February 28, 2013
Solaris 11 update with Oracle support repo
Was having lots of problem doing pkg update on Solaris 11 (SRU 7.5)
The whole download and creating of BE will work and then bootadm will fail, and won't be able to boot into new BE.
Solution: update to SRU10.5 first
pkg update --accept entire@0.5.11,5.11-0.175.
Then update pkg:
pkg update pkg:/package/pkg
Then only do the patch proper to update to Solaris 11.1
pkg update --be-name s11.1ga --accept
Crossing my fingers hoping it works.
Subscribe to:
Posts (Atom)