One App Service Plan can host multiple web apps.
How do I see how much CPU is consumed by each individual web app in the app service plan?
Ideally, I want to see a line graph with each web app as it's own line.
How do I do that?
I am trying to export a list of all DL's, and I need to be able to have a column with the samaccountname of the ManagedBy value (first entry if multiple).
Get-DistributionGroup | Select-Object Name, ManagedBy | Export-Csv C:\out.txt
Unsurprisingly, this gives me something like this:
"Name","ManagedBy"
"DL-SOMETHING-SOMETHING","Microsoft.Exchange.Data.Directory.ADMultiValuedProperty`1[Microsoft.Exchange.Data.Directory.ADObjectId]"
If this was not a one-liner, I could loop through the ManagedBy values, use GET-AdUser and extract what I need.
But can I do this in a one-liner, if I only care about the first ManagedBy?
Something like...
Get-DistributionGroup | Select-Object Name, ManagedBy[0].Samaccountname | Export-Csv C:\out.txt
If I could even get the same string as I get when I run this in the console, I could work with that:
Get-DistributionGroup | Select-Object Name, ManagedBy
Output
DL-SOMETHING-SOMETHING, {somedomain.com/Accounts/SomeAccount}
My DNS registrar and DNS provider recently had a long outage, rendering all my domains unusable (email, own+client websites etc).
They have 3 DNS server, who are all in the same co-hosting facility!
I know just enough about networking to make my spidey-sense supertingle, but not enough to condemn this. Is that not an atrocious design?
Should they not have been spread across lines, networks - even continents?
If you have set up a fresh Azure AD Connect installation (latest version as of today), go to add a new inbound sync rule, and you get the wonderful error message "Object reference not set to an instance of an object", where should I look for the root cause of the problem?
The client runs, I got no errors during installation, there is no info in event log. I have tried creating very simple rules, but I doubt it has anything to do with the actual rule - and I suspect something with permissions, but I have no idea permissions for what.
My account is in the ADSyncAdmins group and I have tried with a service account, that also is in that group - same error.
Reporting
Sometimes stuff in meeting rooms break. This needs to be easy for people to report, like "the projector is not working", "speaker phone not working", "room very dirty" or whatever we can think of.
This information needs to be stored somewhere, in a database or something, so it can be cleared once it is fixed - and somebody should be notified about it (facility management DL, email or whatever).
Notification for other bookers
If I have booked a meeting room, that is now marked with an issue, I should get a notification. Preferably while booking, it would be visible in the interface, but if not, then maybe I would get an email stating the issue, so I can consider rebooking.
The question
Does software like this exist, maybe even some functionality in Exchange/Outlook, that I am not aware of? Third-party?
I have read that to IP-restrict a website in IIS8 to allow only one or more IPs and deny everybody else, you do this:
- Set "Access for unspecified clients" to "Deny"
- Add IP-address for "Allow"
(as specified in below screenshot)
However, when I do this (as specified in below screenshot), I am still able to access the site from other IPs.
What is missing here? Is there something else, that needs to be done?
I tried iisreset and the page is not browser cached on the test-machines, that should not have access.
Does a web service exist for performing management tasks against Exchange 2013 - equivalent to powershell commands such as:
Enable-Mailbox
Add-MailboxPermission
Set-Mailbox
...
I am aware of options like wrapping remote powershell code etc, but from a development standpoint that is a terrible way to integrate. I am also aware of the Exchange Web Service for creating clients (like OWA), but that does not cover administrative tasks.
I have googled and found nothing, so I assume there is nothing better for Exchange 2013 - but I would like it confirmed. :)
In Active Directory, we populate the Mailnickname with a single, suitable value (EmployeeId in this case).
When a user goes to outlook, enters the mailnickname (employeeId), Outlook will look in the GAL (and a local cache first, but that is irrelevant to this question). See Example 1.
If we wanted to implement several "mailnicknames" per user, how could that be done? Forget about the specific field "mailnickname", which is a single string property - but some other way to enter one of a series of "mailnicknames"/aliases into outlook - and have it find the right person. See example 2.
Example 1 (standard functionality)
- User: Bob
- Mailnickname(s): {123}
In outlook to-field, I enter: 123 - and it finds Bob's account.
Example 2 (desired functionality)
Properties
- User: Bob
- Mailnickname(s): {123,456,789}
In outlook to-field, I enter: 123 - and it finds Bob's account.
In outlook to-field, I enter: 456 - and it finds Bob's account.
In outlook to-field, I enter: 789 - and it finds Bob's account.
Are there any fields in AD/Exchange, that are suitable for this scenario? Are there other ways to accomplish the same functionality?
Explanation
I can appreciate why this sounds like a strange requirement. I will explain the background.
In the company HR system, people get assigned an ID (123, 456 etc). That ID is then used as their login (samaccountname).
Certain changes in their employment status will trigger that they need to get assigned an additional HR ID to deal with taxes, reporting etc. To avoid the end user having to remember a new ID, having to rename their AD account and a bunch of accounts in other related systems, we keep using their first ID as their samaacountname. We also set this HR ID as a mailnickname.
If I want to send an email to somebody, I will ask for their HR ID and enter it in the to-field, and it will resolve. That works very well, and people outside HR rarely see the second (or third) HR ID.
But on some reports and screens in the HR system, what is visible is the second (or third) HR ID, not the one that corresponds with their samaccountname and mailnickname.
So then the question then is, can we add these second and third HR IDs as some sort of alias, so they would resolve. We already have full integration between HR system and management of AD accounts, so if we can find an exchange/AD way of doing it, implementing it is straight-forward.
Let's say a company has a large number of users, and each user has a home area.
On each share used for home area folders, I would like to define some rules saying who is supposed to have which permissions on the folder.
Then I would like to audit automatically, that this is actually the case and get some sort of report on deviations.
So a rule for \MegaServer\Home01 could be defined something like:
- Domain Admins - Full Control
- Backup Agent - Read
- [Home folder owner] - Full Control
I am talking about Windows platform and Windows servers, although I think it would most likely also work for *nix machines that expose Windows shares.
Does software like this exist?
I could roll my own basic version, but if something already exists, that is usually a better option.
I am aware of tools to make displaying permissions easier (AccessEnum, DumpSec), but that is not what I am looking for.
A console-app runs on a single server in a domain and is tasked with deleting some home areas of users, who are no longer active. These homeareas are located on 50+ different servers spread around the network.
The account runs under the context of an account, that is also a member of the Local Administrator group on each storage server, which has "Full Control" access to the relevant folders.
This works great on a bunch of older servers, but on Windows 2008 it runs into problems. On these servers, "Admin Approval Mode" is enabled for the "Local Administrator" group.
For instance, if I right-click a folder and try to access properties/security (using the same service account), I get this prompt:
I can press continue, and then proceed to use the full control permissions. If I do the same when deleting files, things work like intended.
Is it possible to disable this on a per-user/per server basis, so it would continue to apply to all other accounts - but not to the service-account in question here?
Forgive me if I mess up some of the terminology here. I am just a developer. :)
Edit: Made it clear, that I was talking about a console app on a single server, accessing homeareas on many different servers on the network.
How do I restart a single website in IIS7+ using commandline only?
Same functionality as the circled menu item in the image - but from the commandline.
Iisreset does not have any options to deal with individual sites, and I found some ancient references to Iisweb.vbs, which seems to be outdated.
I want to take a complete copy of an existing site with files, IIS-settings (virtual direktory mappings, child applications etc) and restore it as a new site, that runs on another url, same server.
I tried using the "backup application" thing in IIS7, and it generated a zip-file of all the files. I then created a new blank site and tried to restore. But when restoring it, it does not really restore anything. It asks for a "parameter1" that I am not sure what is, but then it does nothing and the new site is left untouched.
Where can I find out how to use this feature correctly, or is this feature not applicable for what I am trying to do?
I am trying to install an ASP.Net app on an IIS6 webserver. The site requires the user to authenticate with windows, and this works on several other apps on the same server.
In IIS I have enabled anonymous access and windows authentication.
In web.config, authentication is set to:
<authentication mode="Windows"/>
and authorization...:
<authorization>
<allow roles="Users"/>
<deny users="*"/>
</authorization>
Ie. allow all users in role "Users" and deny everybody else. This is the approach that is working with several other apps on the same server.
If I run the site, I am prompted for username and password.
If I remove the line:
<deny users="*"/>
I can access the site and everything works - but the user credentials are not passed to the site (Page.User.Identity.Name returns a blank string in ASP.Net).
The site has identical (inherited) file permissions as other working sites on the server.
The only difference in authentication/authorization between this site and the other working sites is, that this runs Asp.Net 4 (but there are other working asp.net 4 sites on the server as well).
What am I missing here?
Where should I look?
Looking over my ftp-server logfiles, I find a lot of brute force attacks, where the same IP-address tries 100s of username/password combinations.
Is there something I can do to make life harder on these brute force attackers? Something like an IP is locked out for x time if it has y failed login-attempts?
Server is Microsoft Windows Server 2008.
I downloaded and installed Windows Server 2008 Trial. It expires after 60 days, but is extendable to 240 days all in all by logging into the server and running a command.
Here is how I should extend my trial according to MS Support.
My problem is, that I just came back from a vacation to find the server will no longer allow me to log in without activating (ie the 60 days passed while I was away) - so I cannot perform the steps specified in the link.
Is there something I can do, or do I have to reinstall it from scratch?
What are the most common things that will cause a Windows Server 2003/2008 to stop responding to Remote Desktop connections, even though other services on the computer are running fine?
I would like to access my office-network from remote via VPN.
My router is a Zyxel Prestige 600, and from what I have been able to google, does not support VPN in itself.
What would be a cheap and easy way to set up VPN?
What port(s) should I open/NAT to allow me to use Remote Desktop?
I have a shared hosted SQL Server 2005 at an ISP, that I can connect to from SQL Server 2005 Management Studio. However, I cannot connect from SQL Server 2008 Management Studio.
I log on with SQL Server authentication (username+password).
When I connect, I get the error:
The server principal "MyUserName" is not able to access the database [name of first database on server - 00_something - not mine] under the current security context.
How can I get around this, and just get straight to the one database I do have access to on this server? I tried setting the "Default database" for the connection to the name of my database, but it does not change anything.
I would really like to not have to install SQL Server 2005 Management studio to connect to this one database...
How do I enable remote connections on an SQL Server 2008 installation?
I have created a rule in the windows firewall to allow traffic through port 1433, but that does not seem to be enough.