Windows Server 2012 IPAM Error: Unblock IPAM Access

Received the following error when attempting to provision a server to be managed by IPAM:

Unblock IPAM Access

unblockipamerror

Firewall? Nope
Network Connectivity? Yep

Since IPAM is applied through Group Policy I thought to run “gpresult /r” and lo-and-behold the policies were not being applied to the server due to security filtering. Somehow the automated provisioning task failed to add this server to policies security filter. Added the computer object to the filter and now IPAM is working.

Publish A Google Sheets Macro To Your Domain Step-by-Step

In this post I’m going to give a screenshot walk-through to publish a macro in your Google Apps (G Suite) domain.

These screenshots are current as of 11/7/2016.

PREREQUISITE #1: Accept the Chrome Web Store TOS

First things first. If you have NEVER published a macro in your G Suite domain space before, you must do this step.

Navigate to https://chrome.google.com/webstore/developer and accept the TOS.

Failure to do this step will result in this very non-descriptive error message when you attempt to publish your add-on: “Chrome Web Store system error, please try again later.”

It is only necessary to complete this step one time in your domain.

capture20161107113747495
Google Chrome Web Store Developer Agreement

Prerequisite #2: Retrieve your “Project key”

Navigate to File -> Project Properties and copy your Project Key

2016-11-08_1006

PREREQUISITE #3: Enable Google Apps Marketplace SDK

Navigate to https://console.developers.google.com to enable the Google Apps Marketplace SDK.

It is only necessary to complete this step one time in your domain.

googleappsmarketplacesdk

Click “Enable” at top

capture20161107105416942

PREREQUISITE #4: Set web store icon image file. Sizes 128×128 and 32×32.

Even though there is no visual indication that the field is required, if you try to submit the form without these fields populated, you will get notified that they are required. Whether you are creating a macro for internal use or the wide world, the presentation in the chrome web store is the same. Because of this, it is required to add an icon image for your add-on.

Open the Configuration tab of the Google Apps Marketplace SDK.

requirediconfiles

PREREQUISITE #5: Add project key

Since this macro is for a Sheet, I have the “Sheets Add-On Extension” option set. Paste your Project Key here.

Once all the required fields are satisfied, the “Save Changes” button turns dark blue indicating that it is ready to save.

projectkey

STEP 1: Register your project

Finally, if the above steps have been completed, you are ready to publish your macro.

From your script at https://script.google.com, Publish menu -> Register  in Chrome Store. In the subsequent window, click “Register Web App”

registerwebapp

STEP 2: Perform first upload of your script to web store.

Menu: Publish -> Deploy as Web add-on

Assuming the previous steps were completed, clicking “Create web store draft” will redirect your browser to the Edit Item page of your add-on in the Chrome web store*

*You can easily get back to the edit menu by re-launching the “Deploy as Web add-on” menu. At the bottom of the window there will be an “Edit” link to the item in the chrome web store.

capture20161107105049786

STEP 3: Configure web add-on options

There are several requirements that must be configured before the add-on can be made available in your domain:

  • Set an icon image (different from the web store icon we set previously)
  • A 1200×800 or 640×400 screenshot.
  • A 440×280 small tile image
  • Set Category
  • Set Language
  • Visibility options
    • Set value to “Unlisted” or “Private” so it will be internal use only.

Assuming you are ready for prime time, click “Publish changes” in the lower right corner.

edititem1

edititem2

edititem3

After clicking “Publish”, you are done.

As the end-user:

Open a blank Sheet.

Add-ons menu -> Get Add-ons

Change the drop-down menu to “For [your domain name]”

dropdownmenu

add-on

Powershell Web Access Authorization error

Received this error on my initial attempt after setup of Powershell Web Access (pswa).

An authorization failure occurred. Verify that you are authorized to connect to the destination computer.pswaerror

 

The documentation is clear that there are no authorization rules on the “out-of-the-box” install of PSWA and so you have to use the Add-PswaAuthorizationRule cmdlet. Which I did and it still wasn’t working.

Small gotcha that isn’t so clear from the documentation:

You must set the -configuration name parameter as microsoft.powershell. You can’t just use any name you want.

Add-PswaAuthorizationRule -UserName "domain\john.doe" `
-ComputerName * -ConfigurationName microsoft.powershell

Well technically you can use any configuration name you want, you just have to specify that name when you try to log in to PSWA to replace the pre-filled value in the form. So just set the configuration name to microsoft.powershell and save yourself the headache.

pswaoptions

 

 

Powershell Remove Non-Routable proxyaddresses for mailbox migration to Exchange Online

When doing a migration from onrem to Exchange Online / Office 365, the proxy addresses on the mail object must all be internet routable. If you have aliases like @domain.local, these need to be removed before the mailbox can be moved.

I used this powershell script to accomplish this in my environment:

 

<#
.Synopsis
Remove nonroutable smtp aliases in preparation for mailbox migration
.DESCRIPTION
Long description
.EXAMPLE
remove-nonRoutableSmtpAddresses -Searchbase "OU=OrgUnit,DC=Domain,DC=com" -smtpsuffix "nonroutable.domain" -Verbose
#>
function remove-nonRoutableSmtpAddresses
{
[CmdletBinding(SupportsShouldProcess)]
Param
(
# Search base of users to search for
[Parameter(Mandatory=$true,
Position=0)]
$Searchbase,

# SMTP suffix to find and remove
[Parameter(Mandatory=$true,
Position=1)]
$smtpsuffix
)


$smtpsuffix = ("*" + $smtpsuffix + "*")
$users = get-aduser -Filter {proxyaddresses -like $smtpsuffix} -Properties proxyaddresses -SearchBase $Searchbase
foreach ($u in $users){
Get-ADUser $u -Properties proxyaddresses `
| foreach {$pr = $_.proxyaddresses -like $smtpsuffix}
set-aduser $u -Remove @{proxyaddresses=$pr} -verbose
}
}

Powershell Get List of Domain Contollers

Simple is better. And this is by far the simplest way I have found to get a cleanly formatted list of domain controllers in a domain:

Encase the get-addomain cmdlet in parentheses and call the property replicadirectoryservers.

Example:

PS C:\DEV> (Get-ADDomain domain.local).ReplicaDirectoryServers
NY-DC01.domain.local
NY-DC02.domain.local
BOSTON-DC01.domain.local
BOSTON-DC02.domain.local

 

Powershell Monitor Job Status

This is the framework for a basic monitoring of a PowerShell job.

The basic steps are to store the current jobs in to a variable named $jobs. Loop through the variable and increment $jobcount if the state of the job does not equal “Completed”. The script keeps looping until $jobcount is 0.

Lines 11 and 12 are merely demonstrative. You could put anything here you want…

do
{
   $jobcount = 0
   $jobs = Get-Job
   foreach ($job in $jobs)
   {
    if ($job.state -ne &quot;Completed&quot;){
    $jobcount++
    }
   }
   Write-Verbose "Active jobs: $jobcount"
   Start-Sleep -Seconds 5
}
until ($jobcount -lt 1)