Thursday, March 29, 2012

List of exportable AD attributes

It appears the following AD attributes are exportable from LDIFDE or CSVDE:

DN,objectClass,ou,distinguishedName,name,description,sAMAccountName,objectCategory,instanceType,whenCreated,whenChanged,uSNCreated,uSNChanged,dSCorePropagationData,cn,member,groupType,displayName,info,extensionAttribute1,managedBy,publicDelegatesBL,extensionAttribute14,extensionAttribute15,mail,sn,givenName,homeMTA,proxyAddresses,homeMDB,garbageCollPeriod,mDBUseDefaults,mailNickname,protocolSettings,internetEncoding,userAccountControl,badPwdCount,codePage,countryCode,badPasswordTime,lastLogoff,lastLogon,pwdLastSet,primaryGroupID,accountExpires,logonCount,showInAddressBook,legacyExchangeDN,userPrincipalName,textEncodedORAddress,msExchHomeServerName,msExchMailboxSecurityDescriptor,msExchUserAccountControl,msExchMailboxGuid,msExchPoliciesIncluded,msExchMailboxAuditLogAgeLimit,msExchRecipientDisplayType,msExchAddressBookFlags,msExchRBACPolicyLink,msExchDumpsterQuota,msExchArchiveQuota,msExchRecipientTypeDetails,msExchMDBRulesQuota,msExchTransportRecipientSettingsFlags,msExchArchiveWarnQuota,msExchDumpsterWarningQuota,msExchUMEnabledFlags2,msExchModerationFlags,msExchProvisioningFlags,msExchUMDtmfMap,msExchBypassAudit,msExchMailboxAuditEnable,msExchWhenMailboxCreated,msExchTextMessagingState,reportToOriginator,msExchRequireAuthToSendTo,msExchALObjectVersion,msExchArbitrationMailbox,msExchCoManagedByLink,msExchHideFromAddressLists,msExchGroupDepartRestriction,msExchGroupJoinRestriction,reportToOwner,replicatedObjectVersion,replicationSignature,msExchADCGlobalNames,dLMemDefault,oOFReplyToOriginator,msExchPoliciesExcluded,delivContLength,authOrig,dLMemSubmitPerms,dLMemSubmitPermsBL,displayNamePrintable,altRecipientBL,adminCount,hideDLMembership,managedObjects

I've exported using CSVDE using all these attributes and managed to import back into a different AD domain (and finding and replacing DC=XXX,DC=COM) and these attributes appear to import cleanly without error

Tuesday, March 13, 2012

AppV and Application Compatibility

I was having an issue with a old application that we want to run on our Citrix XenApp 6 farm; Microsoft Enterprise Reporting 7.5 SP4 (7.5.303). Namely, it wouldn't run. It's not compatible with Server 2008 R2 unless you're running SP5. Well, we're going to get rid of it in a few months but we want to get rid of our 4.5 farm. So, we need to migrate the application to XenApp 6 and Server 2008R2 from Presentation Server 4.5 and Server 2003 SP1.

First thing I did was setup a Server 2003 SP1 box and installed the AppV sequencer on it and sequenced the application. I then set it to run on 2008R2 64bit and moved the package over to it. It would crash. Analysing the crash logs would present to me the error... ERAPP32 was crashing its heap. In order to get it to work I had to set it to run in compatibility mode for XPSP3. Once I set this it worked flawlessly. So what I needed to do was push this fix to the rest of our Citrix servers before deploying the AppV application. If you've ever read ACT (application compatibilty toolkit) and merging it with AppV it's kind of a difficult job.

But there is a easier way.

Stored in the registry is the AppCompatFlags key that contains the applications and the shims you can apply to an application. If you put the path to your AppV application it will actually enable it to run in the compatibility mode that you specify. This was my registry entry:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"Q:\\Enterprise Reporting\\ErApp\\erapp32.exe"="WINXPSP3 256COLOR DISABLETHEMES DISABLEDWM HIGHDPIAWARE RUNASADMIN"

And now the application works almost wonderfully (ER is a painful application)

:)

Monday, March 05, 2012

Utilizing PowerShell to make Citrix VM Templates

Because my company doesn't utilize provisioining servers for deploy new Citrix XenApp servers, I've had to come up with a couple of PowerShell scripts to make VMWare Templates that I can then deploy multiple XenApp servers. You need VMWare PowerCLI to run this script. This is my script:

function create-template{


Param(
[CmdletBinding()]
[Parameter(ValueFromPipeline=$true,
Position=0,
Mandatory=$true,
HelpMessage="Insert Message")]
[ValidateNotNullOrEmpty()]
$InputObject,
[Parameter(Position=1,
Mandatory=$false,
HelpMessage="Insert Preferred Folder")]
$folder,
[Parameter(Position=2,
Mandatory=$false,
HelpMessage="Insert Preferred Target Datastore")]
$datastore,
[Parameter(Position=3,
Mandatory=$false,
HelpMessage="Insert Preferred Target Host")]
$vmhost,
[Parameter(Position=4,
Mandatory=$false,
HelpMessage="Insert Preferred Disk Storage Format")]
[ValidateSet("Thick","Thin")]
$format = "Thin"
)


PROCESS{
$InputObject | %{
$vm = Get-VM $_
$name = $vm.name
$newname = -join("clone-",$name)
$date = get-date -uformat "-%Y-%m-%d"
$templatename = -join("template-",$name,$date)
If ($datastore -eq $null){
$datastore = Get-Datastore -VM $vm
}
If ($folder -eq $null){
$folder = $vm.Folder
}
If ($vmhost -eq $null){
$vmhost = Get-Cluster -VM $vm | Get-VMHost | Get-Random | Where{$_ -ne $null}
}
Write-Host "VM = $vm"
Write-Host "Name = $name"
Write-Host "NewName = $newname"
Write-Host "DataStore = $datastore"
Write-Host "Folder = $folder"
Write-Host "VMHost = $vmhost"
write-Host "templatename=$templatename"
sleep 4

Write-Host "Setting up domain unjoin script..."
Remove-Item "\\$name\c$\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\remove.cmd"
Add-Content "\\$name\c$\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\remove.cmd" "netdom remove $name /Force"
Add-Content "\\$name\c$\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\remove.cmd" "netdom renamecomputer $name /newname:XA6TEMPLATE /Force"
Add-Content "\\$name\c$\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\remove.cmd" "REG ADD `"HKEY_LOCAL_MACHINE\SYSTEM\Setup\Status\SysprepStatus`" /v `"GeneralizationState`" /t

REG_DWORD /d 0x7 /f"
Add-Content "\\$name\c$\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\remove.cmd" "REG ADD `"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion

\SoftwareProtectionPlatform`" /v `"SkipRearm`" /t REG_DWORD /d 0x1 /f"
Add-Content "\\$name\c$\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\remove.cmd" "`"C:\Program Files (x86)\Citrix\XenApp\ServerConfig\XenAppConfigConsole.exe`"

/ExecutionMode:ImagePrep /PrepMsmq:True"
Add-Content "\\$name\c$\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\remove.cmd" "shutdown -s -t 90 -f"
Add-Content "\\$name\c$\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\remove.cmd" "del /q `"c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\remove.cmd"
Write-Host "Setting Autologon..."
psexec \\$name "REG.EXE" ADD `"\\$name\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon`" /v `"DefaultUserName`" /d Administrator /f`"
sleep 5
psexec \\$name "REG.EXE" ADD `"\\$name\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon`" /v `"DefaultPassword`" /d Hello /f`"
sleep 5
psexec \\$name "REG.EXE" ADD `"\\$name\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon`" /v `"AutoAdminLogon`" /t REG_DWORD /d 0x1 /F`"
sleep 5
psexec \\$name "REG.EXE" ADD `"\\$name\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon`" /v `"AutoLogonCount`" /t REG_DWORD /d 0x1 /F`"

Write-Host "Cloning"
New-VM -Name $newname -VM $vm -Location $folder -Datastore $datastore -VMHost $vmhost -DiskStorageFormat $format
Write-Host "Unplugging NIC..."
get-VM $newname | get-networkadapter | set-networkadapter -startconnected:$false -confirm:$false
Write-Host "Starting VM..."
start-vm $newname

Write-Host "Powering on clone..."
Remove-Item "\\$name\c$\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\remove.cmd"

Write-Host "We need to wait until the clone is powered off before we can template it..."

do {
sleep 1.0
Write "Waiting for shutdown of VMs"
} until (Get-VM $newname | Where { $_.PowerState -eq "poweredOff" })
write-host "System is powered on"

Write-Host "Creating NIC..."
get-VM $newname | get-networkadapter | set-networkadapter -startconnected:$true -confirm:$false
Write-Host "Removing any stale template-VM's"
remove-template $templatename -confirm:$false
Write-Host "Creating Template VM from clone"
new-template -VM $newname -name $templatename -Location $folder

Write-Host "Removing Clone VM"
remove-vm $newname -DeletePermanently -confirm:$false
}
}
}

This script does the following:
1) Sets the inputs from a piped in object (get-vm VMTOTEMPLATE | create-template)
2) Sets a series of variables ($vm, $name, $newname, $date, $templatename, etc.)
3) We setup a startup script on the target server to make into a template that:
a) Removes the computer from the domain
b) renames the computer to a generic name (XATEMPLATE)
c) Adds registry keys that will allow sysprep to run
d) Configures XenApp to "Image" mode
e) Shuts itself down once running the script is complete
f) deletes the script from running on startup
4) We then set the target to autologin with the local admin user name and password so the startup script in step 3 will be run
5) Begins the cloning by making a new-vm with the target machine
6) We unplug the NIC from VMWare so that when it starts up the script won't actually remove the machine from the domain, but will remove itself from the domain
7) start the clone
8) the PowerCLI will now wait till the machine turns itself off...
9) Then it will reconnect the NIC, remove any stale templates and then makes a new template and then removes the clone VM.

Done! :)

Utilizing PowerShell to make Citrix VM Templates

Because my company doesn't utilize provisioining servers for deploy new Citrix XenApp servers, I've had to come up with a couple of PowerShell scripts to make VMWare Templates that I can then deploy multiple XenApp servers. You need VMWare PowerCLI to run this script. This is my script:

function create-template{


Param(
[CmdletBinding()]
[Parameter(ValueFromPipeline=$true,
Position=0,
Mandatory=$true,
HelpMessage="Insert Message")]
[ValidateNotNullOrEmpty()]
$InputObject,
[Parameter(Position=1,
Mandatory=$false,
HelpMessage="Insert Preferred Folder")]
$folder,
[Parameter(Position=2,
Mandatory=$false,
HelpMessage="Insert Preferred Target Datastore")]
$datastore,
[Parameter(Position=3,
Mandatory=$false,
HelpMessage="Insert Preferred Target Host")]
$vmhost,
[Parameter(Position=4,
Mandatory=$false,
HelpMessage="Insert Preferred Disk Storage Format")]
[ValidateSet("Thick","Thin")]
$format = "Thin"
)


PROCESS{
$InputObject | %{
$vm = Get-VM $_
$name = $vm.name
$newname = -join("clone-",$name)
$date = get-date -uformat "-%Y-%m-%d"
$templatename = -join("template-",$name,$date)
If ($datastore -eq $null){
$datastore = Get-Datastore -VM $vm
}
If ($folder -eq $null){
$folder = $vm.Folder
}
If ($vmhost -eq $null){
$vmhost = Get-Cluster -VM $vm | Get-VMHost | Get-Random | Where{$_ -ne $null}
}
Write-Host "VM = $vm"
Write-Host "Name = $name"
Write-Host "NewName = $newname"
Write-Host "DataStore = $datastore"
Write-Host "Folder = $folder"
Write-Host "VMHost = $vmhost"
write-Host "templatename=$templatename"
sleep 4

Write-Host "Setting up domain unjoin script..."
Remove-Item "\\$name\c$\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\remove.cmd"
Add-Content "\\$name\c$\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\remove.cmd" "netdom remove $name /Force"
Add-Content "\\$name\c$\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\remove.cmd" "netdom renamecomputer $name /newname:XA6TEMPLATE /Force"
Add-Content "\\$name\c$\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\remove.cmd" "REG ADD `"HKEY_LOCAL_MACHINE\SYSTEM\Setup\Status\SysprepStatus`" /v `"GeneralizationState`" /t

REG_DWORD /d 0x7 /f"
Add-Content "\\$name\c$\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\remove.cmd" "REG ADD `"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion

\SoftwareProtectionPlatform`" /v `"SkipRearm`" /t REG_DWORD /d 0x1 /f"
Add-Content "\\$name\c$\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\remove.cmd" "`"C:\Program Files (x86)\Citrix\XenApp\ServerConfig\XenAppConfigConsole.exe`"

/ExecutionMode:ImagePrep /PrepMsmq:True"
Add-Content "\\$name\c$\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\remove.cmd" "shutdown -s -t 90 -f"
Add-Content "\\$name\c$\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\remove.cmd" "del /q `"c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\remove.cmd"
Write-Host "Setting Autologon..."
psexec \\$name "REG.EXE" ADD `"\\$name\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon`" /v `"DefaultUserName`" /d Administrator /f`"
sleep 5
psexec \\$name "REG.EXE" ADD `"\\$name\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon`" /v `"DefaultPassword`" /d Hello /f`"
sleep 5
psexec \\$name "REG.EXE" ADD `"\\$name\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon`" /v `"AutoAdminLogon`" /t REG_DWORD /d 0x1 /F`"
sleep 5
psexec \\$name "REG.EXE" ADD `"\\$name\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon`" /v `"AutoLogonCount`" /t REG_DWORD /d 0x1 /F`"

Write-Host "Cloning"
New-VM -Name $newname -VM $vm -Location $folder -Datastore $datastore -VMHost $vmhost -DiskStorageFormat $format
Write-Host "Unplugging NIC..."
get-VM $newname | get-networkadapter | set-networkadapter -startconnected:$false -confirm:$false
Write-Host "Starting VM..."
start-vm $newname

Write-Host "Powering on clone..."
Remove-Item "\\$name\c$\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\remove.cmd"

Write-Host "We need to wait until the clone is powered off before we can template it..."

do {
sleep 1.0
Write "Waiting for shutdown of VMs"
} until (Get-VM $newname | Where { $_.PowerState -eq "poweredOff" })
write-host "System is powered on"

Write-Host "Creating NIC..."
get-VM $newname | get-networkadapter | set-networkadapter -startconnected:$true -confirm:$false
Write-Host "Removing any stale template-VM's"
remove-template $templatename -confirm:$false
Write-Host "Creating Template VM from clone"
new-template -VM $newname -name $templatename -Location $folder

Write-Host "Removing Clone VM"
remove-vm $newname -DeletePermanently -confirm:$false
}
}
}

This script does the following:
1) Sets the inputs from a piped in object (get-vm VMTOTEMPLATE | create-template)
2) Sets a series of variables ($vm, $name, $newname, $date, $templatename, etc.)
3) We setup a startup script on the target server to make into a template that:
a) Removes the computer from the domain
b) renames the computer to a generic name (XATEMPLATE)
c) Adds registry keys that will allow sysprep to run
d) Configures XenApp to "Image" mode
e) Shuts itself down once running the script is complete
f) deletes the script from running on startup
4) We then set the target to autologin with the local admin user name and password so the startup script in step 3 will be run
5) Begins the cloning by making a new-vm with the target machine
6) We unplug the NIC from VMWare so that when it starts up the script won't actually remove the machine from the domain, but will remove itself from the domain
7) start the clone
8) the PowerCLI will now wait till the machine turns itself off...
9) Then it will reconnect the NIC, remove any stale templates and then makes a new template and then removes the clone VM.

Done! :)

Citrix IMA service issues

If Citrix is giving you grief because IMA won't start after unjoining and rejoining a farm, do the following:
IMA Service Fails to Start and MFCOM Service Hangs in a Starting State
Document ID: CTX127922 / Created On: 20-Jan-2011 / Updated On: 20-Oct-2011
Average Rating: (5 ratings)
View products this document applies to

Symptoms
IMA Service fails to start and MFCOM Service hangs in a Starting state.
Event ID: 7024
The Independent Management Architecture service terminated with service-specific error: 2147483649 (0x80000001).
- Or –
The IMA service terminated with service-specific error: 2147483647
Cause
When looking into the services manager, the MFCOM Service is in status “starting”. MFCOM and IMA Service fail to start because of a corrupt radeoffline DB.
Note: This issue also occurs after an incomplete or corrupted install of a Citrix Hotfix. Make sure you terminate the MFCOM32.exe as instructed below and re-install the hotfix properly. This can also ensure that the MFCOM Service will start successfully.
Resolution
Stop the mfcom.exe service using Task Manager.
Execute the following commands:
Dsmaint recreatelhc
Dsmaint recreaterade
Start the IMA Service and MFCOM Service.