Linux AD computer object operating system values

Posted on by
Reply

Introduction

So, why am I dealing with Linux AD computer object operating system values? OK, here is some background. In geographic services, engineering, etc. people often run GIS and CAD software from various big-name vendors on Windows Servers. But it also has a rich and varied open source ecosystem driven by academic efforts. Often a lot of these handy tools only run in Linux.

The Windows Linux Subsystem might be an option for client-based or interactive tools. But when running a service I tend to use Ubuntu. It is the most approachable for me and, you can buy support for it in an enterprise setting if so desired or required.

To keep things as easy as possible and try to safeguard the concept of single sign-on we join these Ubuntu servers to Active Directory (AD) so they can log with their AD credentials.

Pre-staging computer objects

When joining an Ubuntu server to AD it partially fills out the Operating System values.

Not too detailed and only partially filled out.

However, we tend to pre-stage the computer accounts in the correct OU and not create them automatically in the default Computer OU when joining. In that case, the Operating System values seem to be left all blank. We can fix that with PowerShell.

Don’t worry, the screenshot is from my lab with my fictitious Active Directory forest/domain. You also have a lab right?

Linux AD computer object operating system values
Fill out the operating system info for pre-staged computer objects of Active Directory joined Ubuntu servers

Actually we need PowerShell Core

Now, this all very good and well, but how do we find out the values for the operating system. During deployment, we know, but over time they will update and upgrade. So it would be nice to figure out those values automatically and remotely.

PowerShell Core to the rescue! With PowerShell Core, we can do PowerShell Remoting Over SSH to run a remote session on our Linux server over SSH and get all the information we need. To make this automation-friendly you must certificate bases authentication for your SSH connection. Setting that up can be a bit tricky, especially on Windows. That is a subject for a future blog post I hope. You can also use the SecretStore to securely store the AD automation account credentials. Note that I also use a dedicated automation account on all my Linux systems for this purpose. Here is a “quick & dirty” code snippet to give you some inspiration on how to do that for Ubuntu.

#Grab the AD automation account credentials - please don't use a domain admin for this.
#Use a dedicated account with just enough privileges to get the job done.
$Creds = Get-Credential -UserName 'DATAWISETECH\dwtautomationaccount'
 
#Connect to a remote PowerShell session on our Linux server using certificate authentication.
#Setting this up is beyond the scope of this article but I will try to post a blog post on this later.
#Note you need to configure all Linux servers and desktops with the $public cert and allow the user to authenticate with it.
#We use a cert as that is very automation friendly! You will not get #prompted for a password for the Linux host.
$RemoteSession = New-PSSession -Hostname GRIZZLY -UserName autusrli
 
#Grab the OS information. Note that $PSVersionTable.OS only exist on PowerShell Core.
#which is OK as that is the version that is available for Linux.
 
$OS = Invoke-command -Session $RemoteSession { $PSVersionTable.OS }
 
#Grab the OSVersion.VersionString.
$VersionString = Invoke-command -Session $RemoteSession { [System.environment]::OSversion.VersionString }
 
#Clean up, we no longer need the remote session.
Remove-PSSession $RemoteSession
 
#Sanitize the strings for filling out the Active Directory computer object operating system values.
$UbuntuVersionFull = ($OS | Select-String -pattern '(\d+\.)(\d+\.)(\d)-Ubuntu').Matches.Value
$OperatingSystem = $UbuntuVersionFull.Split('-')[1] + " " + (($UbuntuVersionFull.Split('-')[0])).Substring(0, 5)
 
#Grab the Active Directory computer object and fill out the operating system values.
$Instance = (Get-AdComputer -Credential $Creds -Identity GRIZZLY -Server datawisetech.corp)
$Instance.OperatingSystem = $OperatingSystem
$Instance.OperatingSystemVersion = $VersionString
$Instance.OperatingSystemServicePack = $UbuntuVersionFull
Set-AdComputer -Instance $Instance

That’s it! Pretty cool huh?!

Conclusion

While you cannot edit the Linux AD computer object operating system values in the GUI you can do this via PowerShell. With Windows, this is not needed. This is handled for you. When joining Ubuntu to Active Directory this only gets set if you do not pre-stage the computer accounts. When you do pre-stage them, these are left blank. I showed you a way of adding that info via PowerShell. The drawback is that you need to maintain this and as such you will want to automate it further by querying those computers and updating the values as you update or upgrade these Ubuntu servers. Remote PowerShell over SSH and PowerShell Core on Linux are your friends for this. Good luck!

Windows Server 2022 Preview License Keys

Posted on by
3

Windows Server 2022 Preview License Keys

To test the Windows Server 2022 Preview builds you need to register as a Windows Insider, log in and download the ISO or the VDHDX. With the ISO for a clean install or an upgrade, you need the Windows Server 2022 preview license keys. I have listed these below. Do note that since Windows Server 2022 Preview build 20334 those keys have changed.

Windows Server 2022 Preview License Keys
Get the preview builds and start testing!

As I build or upgrade some VMs in the labs weekly I decided to put these keys in a little blog post for me to find them easily. I intend to update this post if and when new keys are needed. Do not worry, these are public, so I do not break any license agreement here.

From Windows Server 2022 Preview before build 20344

Standard:MFY9F-XBN2F-TYFMP-CCV49-RMYVH

Datacenter: 2KNJJ-33Y9H-2GXGX-KMQWH-G6H67

From Windows Server 2022 Preview since build 20344

Standard:VDYBN-27WPP-V4HQT-9VMD4-VMK7H

Datacenter: WX4NM-KYWYW-QJJR4-XV3QB-6VM33

A short reminder that this is prerelease software

First of all, I will quote Microsoft here.

Windows Server Insider Preview builds may be substantially modified before they are commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. Some product features and functionality may require additional hardware or software. These builds are for testing purposes only. Microsoft is not obligated to provide any support services for this preview software.

Secondly, I remind you that Microsoft loves that you test the builds and provide feedback. Just do not use this for anything in production. That’s it folks, happy testing folks.

There has been an error cropping your image

Posted on by
Reply

There has been an error cropping your image

Recently I was greeted with the following error on WordPress: There has been an error cropping your image. On Windows PHP 8.0 changed php_gd2.dll to php_gd.dll. That breaks picture cropping functionality in WordPress. How do I know? Funny you should ask! Well, because I ran into this issue soon after upgrading my PHP version to 8.0 on my WordPress blog server. Instead of success, I was greeted with the above-mentioned error message: There has been an error cropping your image.

There has been an error cropping your image

I was researching how to fix this and while I found some possible causes, nothing applied to my situation. So, I kept digging deeper until I stumbled upon the fact that in PHP 8.0 for the GD extension on Windows the DLL file name changed from php_gd2.dll to php_gd.dll. Read up on this on PHP Watch.

Fixing it

I needed to edit the php.ini file in PHP 8 and alter the GD extension changed from php_gd2.dll to php_gd.dll. In its extension-less format change to extension=gd instead of extension=gd2.

As on Linux the GD extension is loaded with the name gd.so, which means that no changes are needed on Linux

What I did was edit the php.ini file under C:\Program Files\PHP\php-8.0.3-nts-Win32-vs16-x64 ( I run the x64 bit version, if you also have the 32 bit version change it there as well).

I changed the following lines:

[PHP_GD2]
extension=php_gd2.dll

to

[PHP_GD]
extension=php_gd.dll

I saved the file and that fixed it. No need even to restart IIS or the web site, that was it. I could crop my files again!

Conclusion

It’s the small things that get you. In this case just a small detail, that might also trip you up. I just hope that this helps some of you out there. The good news is it was fixed quickly, and it was the first issue I had since upgrading to PHP 8.0.3. So far, so good.

Response and feedback about the Veeam hardened repository presentation

Posted on by
Reply

Veeam hardened repository presentation

It is great to get so much response and feedback about the Veeam hardened repository presentation. So, first of all, I thank all those reaching out to me in regards to the TechNine virtual user group session I gave on this subject.

Response and feedback about the Veeam hardened repository presentation
Immutability and backup chains – this was a well received presentation!

Most of you did so via the contact e-mail on my blog and not via a comment on the original blog post here. Many of you asked for a recording. Let’s address that first.

Where is the recording?

There is no recording. The TechNine user group tries to bring people together for the events and promote interactive discussions afterward. Hence, no recording is available. They do this to stimulate participation.

I did not make this presentation exclusively for TechNine, but they did get the world premiere. The good news is that I will be giving this session again and I will even be doing a webcast with my fellow Microsoft MVP and Veeam Vanguard Carsten Rachfahl about this. In the webcast, we will discuss the hardened repository at length and it will be published online.

So, nothing to worry about, you will get other opportunities to attend and you will have a recoding of the content reasonably soon.

Reaching out to me

Lately, I have noticed that my readers and social media followers seem to have gotten increasingly shy and do not ask their questions publicly via the blog comments section or social media.

That poses a challenge to me. While I would like to help you all individually, that approach just doesn’t scale. I have a job, family, life, and interest to pursue. I just cannot allocate the time to do so.

Veeam hardened repository presentation
I do explain this on my contact page!

Please ask you questions in the comments section of the relevant blog post and I will normally get to it. The benefit is that that public answer can help others as well with limited effort from myself. If the answer to a super interesting question is lengthy, I can decide to turn it into a blog post. That also helps all people out there. Thank you for being respectful of my time and sharing with the community yourself!