Migrate FSMO Roles (INFO.DUMP)

I recently installed a few new Server 2012  servers to my existing Server 2003 domain and one of them is going hold the FSMO roles for the forest. Below are my notes that I compiled on how to transfer all the important roles from a Server 2003 machine to a Server 2012 machine. Keep in mind that the processes is the same for Server 2008 migrations as well and will also work when doing 2012 to 2012 migrations.

<Begin (INFO.DUMP)>

To transfer a domain-level operations master role:
—————————————————————————-
1. Open Active Directory Users and Computers: On the Start menu, point to Administrative Tools, and then click Active Directory Users and Computers. If the User Account Control dialog box appears, provide Domain Admins credentials, if required, and then click Continue.

2. At the top of the console tree, right-click Active Directory Users and Computers, and then click Change Active Directory Domain Controller.

3. Ensure that the correct domain name is entered in Look in this domain. The available domain controllers from this domain are listed.

4. In the Name column, click the name of the domain controller to which you want to transfer the role, and then click OK.

5. At the top of the console tree, right-click Active Directory Users and Computers, click All Tasks, and then click Operations Masters.

6. The name of the current operations master role holder appears in the Operations master box. The name of the domain controller to which you want to transfer the role appears in the lower box.

7. Click the tab for the operations master role that you want to transfer: RID, PDC, or Infrastructure. Verify the computer names that appear, and then click Change. Click Yes to transfer the role, and then click OK.

8. Repeat steps 5 and 6 for each role that you want to transfer.
# Note: If you are creating multiple domains you will want the ‘Infrastructure’ master role to be seperate from the ‘Global Catalog’ server. If you are creating a single domain then it does not matter.

Transfer the schema master role:
—————————————————————————-
1. Open the Active Directory Schema snap-in. If you have not already installed the Active Directory Schema snap-in, please see Install the Active Directory Schema snap-in (http://go.microsoft.com/fwlink/?LinkID=209652).

3. In the console tree, right-click Active Directory Schema and then click Change Domain Controller.
# Note: This must be done on the existing scehma master.

4. Click Specify Name and type the name of the domain controller that you want to hold the schema master role.

5. In the console tree, right-click Active Directory Schema, and then click Operations Master.

6. Click Change.

To transfer the domain naming master role:
—————————————————————————-
1. Open Active Directory Domains and Trusts.

2. In the console tree, right-click Active Directory Domains and Trusts, and then click Connect to Domain Controller.

3. In Enter the name of another domain controller, type the name of the domain controller you want to hold the domain naming master role.

Or, click the domain controller in the list of available domain controllers.

4. In the console tree, right-click Active Directory Domains and Trusts, and then click Operations Master.

5. Click Change.

NOTES:
—————————————————————————-
* RID Role: The RID Master FSMO role owner is the single DC responsible for processing RID Pool requests from all DCs within a given domain. It is also responsible for moving an object from one domain to another during an interdomain object move.
* http://msdn.microsoft.com/en-us/library/cc223751.aspx

* PDC Role: Handels password changes, logon authentication master, account lockout, etc.
* http://msdn.microsoft.com/en-us/library/cc223752.aspx

* Infrastrcuture Role: When an object in one domain is referenced by another object in another domain, it represents the reference as a dsname. There is one Infrastructure FSMO role per domain and application NC in a directory.
* http://msdn.microsoft.com/en-us/library/cc223753.aspx

* Instructions to identify operations master roles: http://technet.microsoft.com/en-us/library/cc758669(v=ws.10).aspx
* RID: dsquery server -hasfsmo rid
* PID: dsquery server -hasfsmo pdc
* Infrastructure: dsquery server -hasfsmo infr
* Domain Naming Master: dsquery server -hasfsmo name
* Schema Master: dsquery server -hasfsmo schema

 <End (INFO.DUMP)>

Crazy-Bad Windows 8 Metro Chrome crap.

If you can’t tell I have a little animosity towards Windows 8. A while back, before Windows 8 was released, seeing a video put out by M$ talking about how their analytic’s showed that no one was using the “Start Button”. I remember thinking that this was an insightful remark because I know that everyone who uses Windows 7 will launch applications from either the desktop or the “Task Bar” without ever even touching the “Start Menu”.

So in my mind I’m thinking they are going to end-up with something similar to the Mac OS launcher that resides at the bottom of the screen. But OH NO! That would be a good thing and M$ has to always fuck up. So what do they do? They essentially force everyone to use the “Start Button” by 1) making the start menu the default screen when you log in 2) making the start menu full screen!

But I digress….

Today I just want to do a quick post on how to get Google Chrome to open as a window on the desktop rather than full screen as a Metro style app.

In order to do this you have to edit the registry (disclaimer: you can really mess things up when editing the registry. If you don’t know what you are doing then you might want to just leave it alone.)

Here is the key that you need to edit:

HKEY_CURRENT_USER\Software\Google\Chrome\Metro\launch_mode

On my machine I had to create the “launch_mode” DWORD. (Right-click\New\DWORD (32-bit) Value).

Set the value to “0″ and then re-open Chrome. It should now open in the sane windows desktop mode rather than the insane Metro mode.

Setup SSL (https) for ownCloud (info.dump)

Here is another info.dump with directions on how to setup SSL on your ownCloud server.  This will greatly improve the security of your server by not allowing an attacker to intercept your password in plain text over the internet. If you are going to be using the ownCloud outside of a private LAN, this is a must!

NOTE: Most of these directions where found here on the ‘Ubuntu Server Guide’ site…

http://ubuntuserverguide.com/2013/04/how-to-setup-owncloud-server-5-with-ssl-connection.html

Server is assumed to be running Linux (Ubuntu 12.04).

Change to ‘root’:
sudo -i

Edit file /etc/apache2/sites-enabled/000-default,  change AllowOverride None to AllowOverride All.

You should edit the section of the file to looks like this:
DocumentRoot /var/www
Options FollowSymLinks
AllowOverride All

You will need to enable apache module mod_rewrite, mod_headers and mod_ssl to enable both modules use the following command:
a2enmod rewrite && a2enmod headers && a2enmod ssl

Restart apache2 daemon:
service apache2 restart

Edit the configuration file /ect/ssl/openssl.cnf:
Change the following lines in the document with the following information:

dir = /root/SSLCertAuth
default_days = 3650
default_bits = 2048
countryName_default = US
0.organizationName_default = "Organization Name"

Create Directory to save the SSL Certificate Authority, in this case make the directory name SSLCertAuth:

mkdir /root/SSLCertAuth
chmod 700 /root/SSLCertAuth
cd /root/SSLCertAuth
mkdir certs private newcerts
echo 1000 > serial
touch index.txt

To generate the Certificate Authority (CA) run the following:
Note: Be sure to enter in your PEM passphrase and log it in a secure location. Also, you should make sure that you fill in the correct information for your cert. The common name will be your sites external site address.

openssl req -new -x509 -days 3650 -extensions v3_ca \
-keyout private/cakey.pem -out cacert.pem \
-config /etc/ssl/openssl.cnf

Create a Certificate Signing Request:

openssl req -new -nodes \
-out apache-req.pem \
-keyout private/apache-key.pem \
-config /etc/ssl/openssl.cnf

Generate the certificate:

openssl ca \
-config /etc/ssl/openssl.cnf \
-out apache-cert.pem \
-infiles apache-req.pem

Copy the files to directory /etc/ssl:

mkdir /etc/ssl/crt
mkdir /etc/ssl/key
cp /root/SSLCertAuth/apache-cert.pem /etc/ssl/crt
cp /root/SSLCertAuth/private/apache-key.pem /etc/ssl/key

Configure HTTPS apache2 web server, create the SSL log and create a new file /etc/apache2/conf.d/owncloud5-ssl.conf to add the SSL virtualhost:

mkdir/var/www/logs
touch /etc/apache2/conf.d/owncloud5-ssl.conf

Edit the file with the following info:

ServerName "Server IP"
SSLEngine on
SSLCertificateFile /etc/ssl/crt/apache-cert.pem
SSLCertificateKeyFile /etc/ssl/key/apache-key.pem
DocumentRoot /var/www/owncloud
CustomLog /var/www/logs/ssl-access_log combined
ErrorLog /var/www/logs/ssl-error_log

Restart the apache2 server:

service apache2 restart

That is it! Now goto your ownCloud page with https:// and you should have a secure connection!

NOTES:

  • You will need to make sure that you have your NAT forwarding port 443 to your server to allow the secure traffic to reach it.
  • If this does not work (EX. You dont get a webpage) you may need to make sure that you have the correct info entered in the /etc/apache2/conf.d/owncloud5-ssl.conf under DocumentRoot /var/www/owncloud. I have seen this location possibly be different if you did not install using the ownCloud repo (see me other post on installing ownCloud for the right way to do it: http://atari911.com/2013/07/29/install-owncloud-info-dump/).
  • You will see a red X over the https://. This is because we are using a “self signed certificate” and it was not verified with a trusted authority. All this means is that the world wide web does not trust you because you are not a big, money hungry corporation. This message can be safely ignored because if you cant trust yourself, who can you trust?

Install ownCloud (info.dump)

Here is a quick info.dump that lays out the commands required for installation of ownCloud 5.0.x on a server running Ubuntu 12.04.

Run the following as root (EX sudo -i):

Add the repository key to apt:
wget http://download.opensuse.org/repositories/isv:ownCloud:community/xUbuntu_12.04/Release.key
apt-key add - < Release.key

Add the PPA:
echo 'deb http://download.opensuse.org/repositories/isv:ownCloud:community/xUbuntu_12.04/ /' >> /etc/apt/sources.list.d/owncloud.list

Install:
sudo apt-get update
sudo apt-get install owncloud

That is about it!

Notes:
./var/www/owncloud/data is where the info is stored.
./var/www/owncloud/config/config.php is where the configuration file is located.

Check active internet connections

Every once in a while I will notice the network light on my laptop is flashing when I am not doing anything that I know of online that would cause this. Wouldn’t it be nice to be able to see what programs are communicating with the network?

By using the ‘netstat’ command you can! Just use the following switches to get a nice list of what programs are communicating with what remote server and on what port:

netstat -tunp

You should get an output similar to this:
outputofnetstat

PLEX Media Server

I recently setup PLEX on my home media server. Here I will go over the setup and configuration required to allow PLEX to serve your media files and then push them to your Roku for TV viewing.

There where a few things to note about PLEX:

* I could find no solution for adding authentication to your PLEX server. This means I would not recommend that you point your PLEX server to the outside world. If you do, anyone who knows your IP address could brows and watch your media. Also, this may open up a plethora of attack vectors to your server.

* PLEX is a great solution if you have a ‘headless’ server. Headless means that you only have the server connected via network connection and do not have a monitor attached. In this case I would connect the PLEX server to something like a Roku box (http://www.roku.com).

* It is very important to the PLEX server how you organize your media. Once setup (see below), PLEX does an excellent job of searching various databases for media information and it displays that information seamlessly. Once everything is configured it does all the work for you.

This being said I am going to go over how to install PLEX on an Ubuntu 12.10 (Most other versions of Ubuntu and flavors of Linux should be similar, if not the same) configure it and organize your media files.

Install PLEX:

Installation of PLEX as a breeze because they support Linux from the start so no compiling of source code is required. They also make it easy for Debian based distributions (EX Ubuntu) by including a .deb on their site.

First thing you will want to do is download the package:

Version 0.9.7.28.3 64-bit: 
wget http://plex.r.worldssl.net/plex-media-server/0.9.7.28.33-f80a4a2/plexmediaserver_0.9.7.28.33-f80a4a2_amd64.deb

Version 0.9.7.28.3 32-bit:
wget http://plex.r.worldssl.net/plex-media-server/0.9.7.28.33-f80a4a2/plexmediaserver_0.9.7.28.33-f80a4a2_i386.deb

NOTE: They also have RPM packages for CentOS and Fedora available on the site: http://www.plexapp.com/getplex/

Now that you have the package downloaded on your server you are going to want to install that package:

dpkg -i <package.deb>
Where <package.deb> is the name of the package you downloaded.

This will install the PLEX server onto your system. That’s really all there is to it.

Configuration of PLEX:

Once PLEX is installed on your server you can check to make sure it is running, as well as configure the server by pointing your browser to:

http://localhost:32400/web/index.html

To begin adding content to your PLEX server you will have to point the server to where you have your media stored. You can do this by going to the “My Library” section at the top of the page and clicking on the “+” sign to path a location. When you press the “+” button you will be presented with the following window:
 
1_PLEX Add Library Section
It is important here to point out the different options that you are able to select because each option will tell the server what ‘type’ of media is stored at the location.

For instance, if you point the Movies section of the PLEX server to a folder that contains all of your Simpsons episodes, the server will not display the media in the correct format. It will think that every episode is a movie and will attempt to download movie information about each episode and fail, leaving you with a mess of content and no media info.

You can refer to the Wiki to get a good idea of the proper naming conventions here:

http://wiki.plexapp.com/index.php/Media_Naming_and_Organization_Guide

Once I pointed PLEX’s “Movies” option to the folder that contained all my movies, it picked it up and automatically added the meta data without any special re-naming of the actual sub-folders or video files.

Also, PLEX has dealt with just about every video format and container that I have thrown at it without a problem.

Future Posts…

I really need to get back in the swing of things concerning posting on this blog. My life has been busy over the past couple of months. Getting married at the end of the year and it seems like the date is approaching so fast. 

I did however take the time over the past two days to get “Plex” up and running on my Ubuntu server at home. http://www.plexapp.com/

It has turned out to be an excellent solution for streaming my media (movies, episodes, music…) to our Roku. The installation and setup was a breeze and I will be posting a complete how-to on getting it up and running. 

The other thing that I need to get done here is the BackupPC write up I started. If you go back over some of my past posts you should have everything that you need to get the system up and running and staged for the BackupPC installation…. Now I just have to write that. :/

This post is mostly just a, “Hey Im still here and Ive got more info!” post. Should be back to posting real soon!

Mount a disk permanently with ‘fstab’.

Having a hard drive in your Linux system is no fun unless you mount it! So why would you want to have to manually mount the drives after every reboot? In today’s article I will go over the steps of writing your disk information to the Linux ‘fstab’ file to allow you to automatically mount a drive’s partition every time you reboot your system.

Linux uses a file named ‘fstab’ to keep track of what partitions should be mounted when the system starts-up and the location to mount said partitions. The ‘fstab’ file is located in ‘/etc/’ and can be edited directly. To edit the file you can use any text editor; in this article I will be using the ‘Vim’ editor which can be obtained in Ubuntu by using the following command:

sudo apt-get install vim 

In order to put your drives information into the ‘fstab’ file you will need the following information:

1) The file system that the partition has been formatted with. (e.g. ext4)

2) The UUID of the partition. This can be obtained by issuing the following command:

blkid -p /dev/<drive>

3) The mount point (aka, the place where you would like to mount the disk.) This can be any folder that you choose as long as it has the correct permissions and is empty. It is best that you make a new folder in ‘/mnt/’ using the mkdir command.

Once you have compiled a list of the above info, you can open the file and take a look at the contents. Use the following command to do so:

vim /etc/fstab

Your file should look similar to the following:

fstab

Note: Your file may be opened as “read-only”. Depending on the distribution you are using, you may have to enter the ‘sudo’ command before opening the file in Vim.

As you can see there are three entries in my ‘fstab’ file; proc, / (root) and swap (which has no mount point.). The entries are written in the following format:

<file system> <mount point> <type> <options> <dump> <pass>

The file system is either the drive designation in the format /dev/<drive> (e.g. /dev/sdb1), the “Label” of the drive or the UUID of the drive.

The mount point is the place where you would like the partition to be mounted and therefor accessible to the system and the user.

The type is the file system that the partition is formatted with ( e.g. ext4)

The options, dump and pass tell the system what options the partition should be mounted with, whether or not to copy the drive to a backup (this is hardly used in modern times) and what order to mount the disks. The pass command can have three values with the following designations:

0 = no check (basically the entry is ignored)

1 = root file system (this drive should be mounted before other drives)

2 = other file system (this drive is not a system drive and should be mounted after the system drives)

Using the example drive we installed in my previous posts, we should create and entry for our new drive. To do so from within Vim, press ‘i’ to enter ‘insert’ mode so you can edit the file. Once you are in ‘insert’ mode enter the following information at the bottom of the ‘fstab’ file:

Note: You will be using the UUID of the drive. You should obtain the UUID with the command shown previously in this post.

 UUID=<UUID> /mnt/mountpoint ext4 defaults 0 0

Where <UUID> is the UUID of the partition you would like to mount.

After you have entered the above information exit out of ‘insert’ mode by pressing the ‘Esc’ key and then save and exit the file with by typing ‘:wq’.

In order to test the entry you should reboot your system and then use the ‘df’ command to view the mounted drives. You disk should show up as mounted to the location you specified as the mount point. If the drive is not shown in the output of the ‘df ‘ command then you should double check to make sure that you entered the correct information in ‘fstab’.

This article completes the series of posts that shows you, step-by-step, how to get a drive up and running from scratch on your Linux system. If you have any questions or comments, or you find any mistakes, please let me know!

Format a hard drive in Linux.

In the past couple of articles I have shown how to detect a new drive under Linux as well as how to partition the disk and prepare it for use. I have also gone over how to test a disk to make sure that it is reliable. Now I am going to cover how to format a drive using the Linux utility ‘mkfs’. In this post I will go over formatting a drive with the ‘ext4′ file-system which is a commonly used and (somewhat) modern file-system.

Note: Most of the commands shown below require you to have ‘root’ privileges. If you are running Ubuntu you will want to preface the commands with ‘sudo’ to get elevated privileges. I have kept the commands simple by not including the ‘sudo’ preface. 

In order to format the disk drive we must know a few things about the disk. First, you need to have the hard drive designation (e.g. sda). Secondly, you should have the number of the partition that you would like to format (e.g. sda1). I have shown how to find this information in my previous posts. In the following examples I will be using the first partition on ‘sdb’, so we will be formatting ‘sdb1′.

Once you have that information on hand you can execute the following command to format the disk drive:

mkfs.ext4 /dev/sdb1

Keep in mind that by using the ‘ext4′ file system your drive will most likely not be able to be read or written to by a Windows based system. If you are formatting a thumb drive using this method you will want to format the disk using FAT32 file-system, in which case you would use the mkfs.vfat command. If you are going to be preparing a hard drive for use on a Windows machine, you would want to format the disk using the ‘ntfs’ file-system by using the mkfs.ntfs command.

You will have to wait for a while depending on the size of the partition you are formatting. When the format is complete you will be presented with a command prompt as shown below.

mkfs.ext4

Now that you have a formatted disk you are going to want to be able to write and read data to and from the disk. In order to be able to do this you will have to ‘mount’ the disk to a directory on your system. This is a relatively simple processes which includes creating a mount point (a folder) and then mounting the file-system you just created to that directory.

To create a directory enter the following:

mkdir <location>

For example you could create a mount point in the ‘/mnt’ directory named ‘mountpoint’ with the following:

mkdir /mnt/mountpoint

Lastly, you will want to mount the disk to the mount-point you just created.

mount /dev/sdb1 /mnt/mountpoint

To ensure that the disk was correctly mounted, run the ‘df’ command by simply typing:

df

In addition to viewing the disk you mounted above, you can also use the ‘df’ command to view the location of all currently mounted file-systems as shown below.

df_command

Now you can browse to the disk using the ‘cd’, or “change directory” command as follows:

cd /mnt/mountpoint

Keep in mind that once you reboot your computer the drive will be un-mounted and you will have to manually re-mount the drive using the ‘mount’ command. In tomorrows article I will show you how to permanently mount the disk by using the ‘fstab’ file.