PowerShell Tips: Group AD Members & Non-expiring Passwords

Display (enabled) members of an AD group (recursively):

Get-ADGroupMember "GROUP_NAME" -Recursive | Get-ADUser | Where-Object Enabled -EQ True | Sort -Property Name | Select Name,sAMAccountName

Display accounts with password set to never expire:

Get-ADUser -Filter 'PasswordNeverExpires -eq $true' | Sort -Property Name | Select Name,sAMAccountName

Use “Where-Object” to narrow down the list, if necessary.

You’ll need the Active Directory PowerShell module that ships with Remote Server Administration Tools (RSAT) and a Windows 2008 or newer Domain Controller with AD Web Services

tmux for MobaXterm

An old friend meets a new friend: tmux for MobaXterm!

In a previous sysadmin life, I used tmux to good effect. Today, I’m using a Windows 8.1 system as my primary work desktop and recently got into MobaXterm for my Linux/terminal/X11 needs. While my most common usage scenario for tmux is invoking it on a remote server/VM instead of directly on my local machine, I thought it would be a good exercise to install tmux for local usage on MobaXterm and sharing that work by creating a plugin.

Download: tmux 1.9a for MobaXterm (tmux.mxt3)

tmux.mxt3 includes the following software:

The licenses for the above software is included within the mxt3 (zip) file.

For additional MobaXterm plugins and installation instructions, see the MobaXterm plugins page.

Additional credits:

File Access Auditing w/ Linux NFS Server

What is the accepted/best solution for auditing file access with GNU/Linux NFS server infrastructure?

I recently received a request for auditing the basic file access patterns (read/write) for an NFS export on a RHEL 6 server. While researching the problem, I discovered that there is no apparent method to accomplish this task without reliable and trusted client side auditing. It wasn’t a priority and we didn’t have admin on all the clients so I had to politely decline with “Sorry, we are unable to support that with the existing infrastructure”.

Linux has auditd and at first it looked promising for this problem. I later learned more about the architecture of auditd and found out that the method it uses for the directory watch feature is not capable of auditing reads and writes occurring over NFS because the syscalls for those operations are happening on the client side, not the server-side. What I still don’t quite understand yet is why the Linux NFS server doesn’t have built-in auditing functionality. If such functionality does exist, it’s either undocumented or I’m simply unable to find it.

Samba provides a logging directive that enables file access auditing without client side cooperation so it seems plausible that the GNU/Linux NFS server could implement similar functionality. Disclaimer: I don’t really understand NFS architecture so I don’t know if this is a difficult problem. NetApp appears to support server-side NFS auditing so it looks possible. Wouldn’t it be nice if “enterprise” GNU/Linux vendors would also support server-side auditing of file access over NFS?