walt @ truman :: blog

"Is e-mail running slow?"

"I'm supposed to have an e-mail, but I haven't seen it yet?"

If you have ever had to answer any of these questions or related queries then these scripts may be for you. These two perl scripts monitor email latency in seconds and let you know time it takes for mail to process through your mail server and back to you.

You can then tie the output to create a MRTG, RRDTool or Zabbix graph such as the one below:


The script also reports absolute and relative latency. Absolute is the total amount of time that has elapsed from when the message was sent. Relative is the amount of time in seconds from the last non local mail server to your mail server. This lets you separate out issues from external mail servers that may be out of your control.


Requirements:

• Perl installation with the following modules:
• Mail::POP3Client
• Net::SMTP
  
• Date::Parse
• Getopt::Long
• External mail host to send your messages from - OR -
  
• External account set to bounce messages back to your mailserver
• I use a free GMail account that is setup to bounce mail back to my local test account

Instructions:
Modify the following lines to fit your enviroment:

checkEmail.pl
---
###############################################
## Configuration Variables
###############################################
$dnsDomain = "domain.com";
$mailServer = "mail.domain.com";
$mailPort = "995";
$mailUser = "username";
$mailPassword = "password";
$mailSubject = "MailLatency";
$mailSSL = "true";

sendOutToInTestEmail.pl
---
###############################################
## Configuration Variables
###############################################
@serverList = qw(mail spam-firewall);
$dnsDomain = "domain.com";
$mailTo = 'MailLatencyTest@gmail.com';
$mailServer = 'mail.domain.com';
$mailSubject = 'MailLatency';
$mailFrom = 'username';
$LOG = "/var/log/emailout.log";

Setup sendOutToTestEmail.pl to run from cron to periodically send your test messages. Configure checkEmail.pl to run on a slightly longer interval to retrieve the test messages and graph the time.

Usage:
./checkEmail.pl mailserver.domain.com --measure=absolute
./checkEmail.pl spamfilter.domain.com --measure=relative
./checkEmail.pl mailserver --measure=absolute --debug=yes

Download

• checkEmail.pl
• sendOutToInTestEmail.pl
  

This is an extensive script designed to set the UNIX attributes for user and groups objects in Active Directory. This script currently sets the values from the Microsoft Services for UNIX 3.5 (MSFU3.5) schema extensions to Active Directory. However it should be trivial to modify this to the attributes in Windows Server 2003 R2, MSFU3.0 or other third party schema extensions.

This script is designed to ease the pain of using Active Directory for your centralized account information. All users and groups must have a Unix ID (UID or GID) assigned along with some other meta information. Rather then using the antiquated NIS as recommended by Microsoft with MSFU3.5 we are using nss_ldap with kerberos authentication. Microsoft does supply a snap in for Active Directory Users and Computers (nisprop.dll) that allows you to set and modify these UNIX attributes. However in my environment this snapin did not function correctly. Also setting the attributes for a large number of users would be quite tedious if all done manually.

This script is designed to be called from the command line to set attributes for a specific user or group. For example:

cscript /nologo setuid.vbs jdoe user

This would set the UNIX attributes for the jdoe user. The numeric UID set would be current highest UID value plus one or ten thousand if no UID is currently defined. The default shell (msSFU30LoginShell), default home directory (msSFU30HomeDirectory), default GID (msSFU30GidNumber) are all based off default values defined as global variables.

Alternatively you can set the UNIX attributes for all users and groups in your Active directory tree with the following command:

cscript /nologo setuid.vbs ALL

This will perform a search for all users and groups that do not currently have UNIX attributes defined and then add these same attributes. We have this command scheduled as a cron job to run periodically to add attributes to new created users and groups.

Thirdly, it is possible to use this script directly from Active Directory Users and Computers as a replacement for the nisprop.dll snap in. I would recommend using the snapin if possible, but this script does offer some benefits such as being able to define sensible defaults. For more details please see the source code.

Requirements:
- Active Directory schema extended with Microsoft Services for UNIX 3.5 Schema Extensions
- Run by an account with security permissions to modify targeted user and group objects

Instructions:
Modify these lines below to your desired settings and to match your enviroment:

' ---------------------------------------------------------
' Configuration Variables
' ---------------------------------------------------------
ldapBase = "DC=DOMAIN,DC=COM"
domainName = "DOMAIN"
defaultShell = "/bin/sh"
defaultGidNumber = "10000"
studentGidNumber = "10122"
defaultBaseHomeDir = "/home/staff/"
studentBaseHomeDir = "/home/student/"
studentIdentifier = "OU=Students"
alumnIdentifier = "OU=Alumn"
maxsetIDTries = 20
defaultBaseID = "9999"

Download:
setuid.vbs

Here is a simple perl script to monitor the number of locked accounts in your Active Directory domain. This script uses unlock.exe which is availabe from JoeWare.net.

If the number of locked accounts exceeds the defined threshold the script will notify you via e-mail.

Requirements:

1. Windows 2003 / Windows XP / Windows 2000
2. Perl installed
3. Unlock.exe in path
4. SMTP server for e-mail notificaiton

Instructions:
Modify these lines below to your desired settings and to match your enviroment:

$lockedThreshold = 10;
$unlockCmd = "unlock.exe . * -view 2>NUL";
@notifyList = qw(
admin
);
$mailFrom = "AccountLockout";
$mailSubject = "Account Lockout Alert";
$mailServer = "mailserver.domain.com";

Download:
Locked Account Monitor.pl

Here is a utility to help users joining a computer to an Active Directory domain. It provides similiar functionality to the netdom.exe utility in that it was designed to allow you to specify an OU (organizational unit) when you're joining the domain.

In our enviroment we have a well structured list of organizational units. The workstation objects should all be placed in the OU where the user object resides. However as the default join places the computers in the "Computers" container technicians can sometimes forget to move the workstation object to it's proper destination.

Screenshot:


Requirements:
Latest version of AutoIT with COM Support
(AutoIT is a small VBScript like lanaguage. It was used in this project as a test and to sample the easy GUI controls it offers.)

Download the Utility:
Download JoinDomain.au3

Instructions:
1. Download and install the latest beta of AutoIt
2. Download JoinDomain.au3
3. Edit JoinDomain.au3 in a text editor and change the following lines:

$adDefaultContext = "DC=DOMAIN,DC=COM"
$adDomainController = "dc.domain.com"
$adDomain = "DOMAIN"
$adUsername = ""
$adPassword = ""

(If you leave the username and password variable blank, you will be prompted for these each time you run the program)

4. Right click on JoinDomain.au3 and choose "Compile Script"
5. Distribute resulting JoinDomain.exe to your technicians or deploy on corporate image

Graphical Usage Demonstration:

Here's a perl script that will automatically logon to your Luminis / uPortal site and navigate through any content tabs. We've used this to do some basic load testing of the system by distributing this script out to campus systems. You can configure the content tabs you want in the rotation and the number of total rounds to run.

Download LuminisLoadTest.pl

Another GreaseMonkey script that will display the Truman State library status of a book in Google Books. It will also check to see if the book is available in our online Safari subscription, and if so it will let you read it online (if you are on the Truman network, or connected via VPN)

Install Google Books TSU Linky

Here's a quick and dirty script that will check for known CME-24 virus files. As this virus does not use any cloaking techniques this should be an easy way to see if any of your users are affected. A normal return code (ERRORLEVEL) is returned if the system is clean and a return code of 1000 is returned if the system had one of the associated files. We're using this script via SMS to quickly check and validate that our systems are clean.

Download Script

Begin Code (checkBlackworm.vbs):

' ---------------------------------------------------------
'
' checkBlackworm
'
' Version 1.0
'
' Walt Howd
'
'
' This script will check to see if any of the known files
' for the Blackworm/Nyxem worms are present on the machine.
'
' If the files are found, then the script will exit with
' a custom error level. This can be used in SMS reporting
' to see systems that might be at risk.
'
' ---------------------------------------------------------

' ---------------------------------------------------------
' Initialize variables
' ---------------------------------------------------------
On Error Resume Next
dim objShell, filesys, windir, system32, blackworm_files

Set objShell = WScript.CreateObject("WScript.Shell")
Set filesys = CreateObject("Scripting.FileSystemObject")

windir = objShell.Environment("Process").Item("windir") & "\"
system32 = windir & "system32\"

' ---------------------------------------------------------
' Known Blackworm files
' ---------------------------------------------------------
blackworm_files = Array("rundll16.exe", "scanregw.exe", "update.exe", "winzip.exe", "WINZIP_TMP.exe")

' ---------------------------------------------------------
' Check for files in WINDOWS and SYSTEM32 directories
' ---------------------------------------------------------
For Each file in blackworm_files

If filesys.FileExists(windir & file) OR filesys.FileExists(system32 & file) Then
wscript.quit(1000)
End If

Next

' ---------------------------------------------------------
' If no files were found, quit with the normal errorlevel
' ---------------------------------------------------------
wscript.quit(0)

Here's an administrative template for Microsoft Active Directory Group Policy that will allow you to setup systems to automatically logon. We use this for public terminal web browsing machines to allow them to automatically logon and start a web browser. To use this first add the adm template to your group policy and then under the view menu select "Filtering" and make sure "Only show policy settings that can be fully managed" is not checked. See screenshot here.

Download AutoLogon.adm

Begin Code (autologon.adm)

CLASS MACHINE
CATEGORY "System"
CATEGORY "Logon"
POLICY "AutoLogon"
EXPLAIN "These settings can be used to allow the system to logon automatically. To enable autologon, set the first two settings (AutoAdminLogon and ForceAutologon) to 1, and then fill in the appropriate account information. Keep in mind that this information will be stored in cleartext in the systems registry."
KEYNAME "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"

PART "AutoAdminLogon" NUMERIC REQUIRED TXTCONVERT
VALUENAME "AutoAdminLogon"
MIN 0 MAX 1 DEFAULT "0" SPIN 1
END PART

PART "ForceAutoLogon" NUMERIC REQUIRED TXTCONVERT
VALUENAME "ForceAutoLogon"
MIN 0 MAX 1 DEFAULT "0" SPIN 1
END PART

PART "DefaultUserName" EDITTEXT REQUIRED
VALUENAME "DefaultUserName"
DEFAULT "Username" MAXLEN 128
END PART


PART "DefaultPassword" EDITTEXT REQUIRED
VALUENAME "DefaultPassword"
DEFAULT "Password" MAXLEN 128
END PART

PART "DefaultDomainName" EDITTEXT REQUIRED
VALUENAME "DefaultDomainName"
DEFAULT "Domain" MAXLEN 128
END PART

PART "AltDefaultUserName" EDITTEXT REQUIRED
VALUENAME "AltDefaultUserName"
DEFAULT "Should match username above" MAXLEN 128
END PART

PART "AltDefaultDomainName" EDITTEXT REQUIRED
VALUENAME "AltDefaultDomainName"
DEFAULT "Should match domain above" MAXLEN 128
END PART

END POLICY
END CATEGORY
END CATEGORY

Here's my first attempt at writing a UDF in T-SQL for Microsoft SQL Server 2000. We had a third party application that used a Microsoft SQL server backend. The application couldn't be customized but we needed a checkdigit added to the database when it added a record. To do this, I hacked out this ugly luhn function and then added some triggers to the table.

Sample Trigger:

CREATE Trigger AutoCheckDigitInsert
ON dbo.tablename
FOR INSERT
AS
UPDATE [tablename] SET checkdigit = dbo.luhn(isonumber.isonumber+''+tablename.idnumber) FROM
tablename, isonumber, inserted WHERE tablename.checkdigit IS null) AND (tablename.idnumber = inserted.idnumber)

This function will return the checkdigit for whatever argument you pass. For more information about the Luhn function, also known as Mod 10, see the Wikipedia article.

Download Luhn Function

CREATE FUNCTION luhn (@s varchar(20) )
RETURNS int
AS
BEGIN
DECLARE @i int, @j int, @total int, @final int, @tmp int, @result bit

SELECT @i = 2
SELECT @final = 0
SELECT @total = 0
SELECT @s =ltrim(@s)
SELECT @s =rtrim(@s)
WHILE @i < (len(@s) + 2) BEGIN SELECT @j=(ASCII(substring(@s,@i-1,1))-48) IF @i % 2 = 0 SELECT @j = @j * 2 IF @j > 9
SELECT @j = @j - 9
SELECT @tmp = @total
SELECT @total=@tmp+@j
SELECT @i=@i+1
END
IF @total % 10 = 0
SELECT @final = 0
ELSE
SELECT @final = 10 - (@total % 10)
RETURN (@final)
END

If you manage Windows XP images you may find that the default behavior of sysprep changed after SP2 is installed. If you customized the default profile on the system you might find some of these settings missing or overwritten by settings from the administrator profile.

To fix this you can see Microsoft KB article 887816. An non public released hotfix is available (WindowsXP-KB887816-x86-enu.exe) that will restore the original behavior.

In our environment we make heavy changes to the Default User profile to disable the nag and startup configuration of our global applications. Using this hotfix we can continue that model and not have to worry about unwanted settings from the Administrator profile being introduced into the normal users environment.