$domain = "corp.local"
$myForest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
$dc_list = $myforest.Sites | % { $_.Servers } | Select Name

foreach ($dc in $dc_list) {
    $DCName = $dc.Name
    $Server = Get-WMIObject -Computer $DCName -Namespace "root\MicrosoftDNS" -Class "MicrosoftDNS_Server"
    $Forwarders = $Server.Forwarders
    Write-Host $DCName ":" $Forwarders
}

Especially in cases where the rollout is not company-wide and users aren’t sure who has Lync and who doesn’t, having groups provisioned administratively is very handy. So I spent a couple of evenings solving this topic and it turned out that it’s not really *that* difficult

After poking a bit in the DB I noticed some handy stored procedures that would be quite handy. So I cooked up a script that takes a folder and for every csv file stored in that folder (one samaccount per line), it creates a group named as the file and it populates it with the users contained in that file. I.e.: the file IT-Dept.csv that contains users jon123 and joe456, will create a group called “IT-Dept” which contains both users and only for those two users.

Disclaimer: this script is still buggy, it’s coded horrendously and it’s a very quick hack. Backup your db before toying with it. I won’t have time to clean it up or refine it so feel free to tweak it, put it on github etc

Here it is: sync-lync-rosters.ps1

It’s my first stab at something with powershell, so I do appreciate any feedback on this. If anyone has better approaches to check the issue of certificates for a user that is now disabled or expired, that would be cool too

The only documentation on the Fortigate HA Mibs I was able to find is here: http://www.oidview.com/mibs/12356/FORTINET-MIB-280.html

Interestingly enough the OID that contains the names of the nodes in the cluster (SNMPv2-SMI::enterprises.12356.1.100.6.1.11.) is nowhere mentioned there. The standard Fortigate cluster is a fairly strange beast in the sense that there is only one ip address (no physical ip’s plus the virtual one like in most clusters) and the firewalls exchange all the configuration and info through multicast on a separate link. That’s why the first time the script runs it stores the names and the serial numbers of the nodes in a file and then checks that the order is the same in its subsequent runs.

Here is the script: fortinet-ha.py

I didn’t add any snmp v1 or snmp v3 support as I have no time at the moment, but that should be quite trivial to add.

When you pull a full disk image (sda.disk) with dd and it contains more than one partition just do the following (multiply times 512 bytes the sector start, mount will figure the rest out by itself):

bazz:/mnt/ntfs/# sfdisk -l -uS sda.disk
Disk sda.disk: cannot get geometry

Disk sda.disk: 9729 cylinders, 255 heads, 63 sectors/track
Units = sectors of 512 bytes, counting from 0

 Device Boot    Start       End   #sectors  Id  System
sda.disk1            63 156296384  156296322   7  HPFS/NTFS
sda.disk2   *  19438650  19470779      32130   e  W95 FAT16 (LBA)
 start: (c,h,s) expected (1023,254,63) found (1023,0,1)
sda.disk3             0         -          0   0  Empty
sda.disk4             0         -          0   0  Empty
bazz:/mnt/ntfs/# mount -oloop,offset=$(echo "63*512" | bc) sda.disk /mnt/foo

diff -up ./includes/db/Database.php.orig ./includes/db/Database.php
--- ./includes/db/Database.php.orig    2011-01-15 20:31:07.000000000 +0100
+++ ./includes/db/Database.php    2011-01-15 20:31:48.000000000 +0100
@@ -473,19 +473,19 @@ abstract class DatabaseBase {

 # Add a comment for easy SHOW PROCESSLIST interpretation
 #if ( $fname ) {
-            global $wgUser;
-            if ( is_object( $wgUser ) && !($wgUser instanceof StubObject) ) {
-                $userName = $wgUser->getName();
-                if ( mb_strlen( $userName ) > 15 ) {
-                    $userName = mb_substr( $userName, 0, 15 ) . '...';
-                }
-                $userName = str_replace( '/', '', $userName );
-            } else {
-                $userName = '';
-            }
-            $commentedSql = preg_replace('/\s/', " /* $fname $userName */ ", $sql, 1);
+        #    global $wgUser;
+        #    if ( is_object( $wgUser ) && !($wgUser instanceof StubObject) ) {
+        #        $userName = $wgUser->getName();
+        #        if ( mb_strlen( $userName ) > 15 ) {
+        #            $userName = mb_substr( $userName, 0, 15 ) . '...';
+        #        }
+        #        $userName = str_replace( '/', '', $userName );
+        #    } else {
+        #        $userName = '';
+        #    }
+    #    #    $commentedSql = preg_replace('/\s/', " /* $fname $userName */ ", $sql, 1);
 #} else {
-        #    $commentedSql = $sql;
+            $commentedSql = $sql;
 #}

 # If DBO_TRX is set, start a transaction

 <match target="font" >
   <edit mode="assign" name="hintstyle" >
     <const>hintnone</const>
   </edit>
</match>

The problem is known in the Firefox community but it’s not solved. This is especially useful if you use mozilla2ps in Xvfb on your server and the problem is noticeable.

Note:

Updated it to python3 and with correct exit codes. Not too tested still.

After having read a few chapters, I needed to get my feet wet with IPv6 and so I went for the hunt for an IPv6 tunnel broker… First I checked if my current ISP (Telecom Italia..[sic]) had something available. Apparently, they had a project called ngnet.it going on for their ipv6 testbed, but their site seems to be down so I presume that it has been discontinued. The choice came down to SixXS and Hurricane Electric. I chose Hurricane Electric because they seemed less intrusive with the registration process. The setup was trivial and everything was up and running quite smoothly.

The only hiccup was to remember to clamp the mss to the mtu also with ip6tables and not only with iptables. Once I figured that out the whole IPv6 experience was pretty smooth:

ip6tables -t mangle -A FORWARD -o hurricane -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1250:1536 -j TCPMSS --clamp-mss-to-mtu

Setting up IPv6 connectivity on my server was trivial since no IPv6-in-IPv4 tunnels were needed. A couple of AAAA records and Imap, Dns, Ssh and Http were working without any problems at all.

Just for the fun of it I took their quiz

I will still be reading my mail to the old domain for some time, but please use the new one if you read this.

As an added bonus smtp, www and imap are now reachable via IPv6