As part of the upgrade from vSphere 4.1 to 5 we needed a list of users who access the VI via a shortcut (mainly external Third Party's) so we could contact them and explain how they can access the console in vSphere 5 (Web Client).
Each VM that requires other staff, or Third Party's, to access the console has an AD group created with the appropriate Virtual Center permissions. Each AD group is then populated with the appropriate accounts.
The first thought was just to have a script that listed the user account plus email address but no Group listing. The drawback to this was that external accounts didn't have any email accounts listed and it didn't list which VM the user needed to access.
New approach was to identify and list the Group in the output along with Users names. This would enable us to contact the Application Support people and explain the change and how to now connect. Then they would pass this information onto their Third Party suppliers.
Script
import-module activeDirectory
$vmwareGroups = get-adGroup -filter 'name -like "VMware*Console Access"'
## output object
$output = @()
$vmwareGroups | foreach {
$groupName = $_.name
$groupMembers = $_ | get-adGroupMember
$groupMembers | foreach {
$memberName = $_.name
$obj = new-object System.Management.Automation.PSObject
$obj = $obj | add-member -memberType NoteProperty -name groupName -value $groupName -passthru
$obj = $obj | add-member -memberType NoteProperty -name userName -value $memberName -passthru
$output += $obj
}
}
$output | export-csv "c:\vwmareGroups.csv" -NoTypeInformation
Thanks go to Klaas Vandenberghe (powershell.org) who helped with the initial script then one of my colleagues, Damian Shiell, who created the final script.
Friday 23 November 2012
Thursday 15 November 2012
Solaris - checking whether an account is locked or not
Recently we needed to be able to check what the account status on one of the servers was as there was an access problem.
Was it locked out? How do we check from a terminal session?
# passwd -s <account_name>
This comes back with the accounts status. In this instance it came back with:
# <account_name> LK
Status information:
PS = a normal working account.
LK = locked out account.
NP = account has no password.
Okay, so the account is locked. How do I unlock it?
# passwd -u <account_name>
Account is now unlocked - now to find the script that locked the account in the first place......
NOTE: If you want to lock the account on purpose
# passwd -l <account_name>
Was it locked out? How do we check from a terminal session?
# passwd -s <account_name>
This comes back with the accounts status. In this instance it came back with:
# <account_name> LK
Status information:
PS = a normal working account.
LK = locked out account.
NP = account has no password.
Okay, so the account is locked. How do I unlock it?
# passwd -u <account_name>
Account is now unlocked - now to find the script that locked the account in the first place......
NOTE: If you want to lock the account on purpose
# passwd -l <account_name>
Friday 9 November 2012
Solaris - Projects
Had to apply a Project to an account so that Oracle could be installed. 4Gb of memory was required:
Steps:
1. Create the user account (oracle)
2. Apply project settings
# projadd -U oracle -K "project.max-shm-memory=(privileged,4096,deny)" 'user.oracle'
# projmod -s -K "project.max-sem-nsems=(priv,256,deny)" user.oracle
# projmod -s -K "project.max-sem-ids=(priv,100,deny)" user.oracle
# projmod -s -K "project.max-shm-ids=(priv,100,deny)" user.oracle
3. Check settings
# projects -l
or
# cat /etc/project
I found a useful article where they applied the same settings but to a group.
Steps:
1. Create the user account (oracle)
2. Apply project settings
# projadd -U oracle -K "project.max-shm-memory=(privileged,4096,deny)" 'user.oracle'
# projmod -s -K "project.max-sem-nsems=(priv,256,deny)" user.oracle
# projmod -s -K "project.max-sem-ids=(priv,100,deny)" user.oracle
# projmod -s -K "project.max-shm-ids=(priv,100,deny)" user.oracle
3. Check settings
# projects -l
or
# cat /etc/project
I found a useful article where they applied the same settings but to a group.
Wednesday 7 November 2012
Solaris - adding a Legal Warning message
Creating a Legal Warning message:
# vi /etc/issue
###########################################################
# #
# Use of this computer system (including email and internet access) #
# is monitored and recorded. Unauthorised or improper use may result in #
# disciplinary action, which could lead to criminal prosecution. #
# #
##########################################################
# vi /etc/ssh/sshd_config
Remove the comment from the line:
# Banner to be printed before authentication starts
# Banner /etc/issue
# svcadm restart /network/ssh
1. Create the file with appropriate text.
# vi /etc/issue
###########################################################
# #
# Use of this computer system (including email and internet access) #
# is monitored and recorded. Unauthorised or improper use may result in #
# disciplinary action, which could lead to criminal prosecution. #
# #
##########################################################
2. Edit the sshd_config file.
# vi /etc/ssh/sshd_config
Remove the comment from the line:
# Banner to be printed before authentication starts
# Banner /etc/issue
3. Restart the ssh service.
# svcadm restart /network/ssh
4. Log in to test
Subscribe to:
Posts (Atom)