PowerShell: Recursively Show User Membership in an Active Directory Group

A little bit of PowerShell for you today. This function uses the Microsoft Active Directory cmdlets to query Active Directory and recursively list the users that are members. This is handy if you want to know all the users in a group without having to dig down through the groups in the ADUC (Active Directory Users and Computers) interface.

I have tested this on Windows 7, Server 2008, Server 2008 R2, and Server 2012. So long as the Active Directory module is installed (part of the RSAT package) then it should work.

First, let’s import the ActiveDirectory module:

Now we add the function to the environment:

And test it out:

Note that the function expects the Distinguished Name of the group…I think the above is the easiest way to pass that information, but I’m no expert 🙂

Also, this function does not deduplicate names…if a user is in multiple groups that are sub-members of the group, then their name will appear multiple times.

Glutton for punishment: Using Plink to do Key Based Authentication from Windows

Occasionally, it’s good for everyone to question their own sanity. Using the Windows “cmd” command line utility for anything is one of those times. I have nothing against Windows, despite being a Linux administrator, but the command line utility is just, well, awful. It doesn’t resize well, it doesn’t line wrap well, it’s ugly, it’s just all around hard to use.

That being said, if you are a masochist you can use Plink, a utility provided by the same guy who does PuTTY, to do key based authention and remote execution of commands against a NetApp (or any host for that matter).

I’m going to assume you have installed the PuTTY suite of applications. Obviously Plink is required, but we will also need PuTTYgen for this exercise.

  1. First, get your private key. If you have already generated one (like in my previous post), then the simplest way is to show the contents (hint: cat ~/.ssh/id_rsa) and copy/paste them to a text file in a convenient location.
  2. Import the key to PuTTYgen, export it in the .ppk format. Start the utility, then click “Load” and browse to the file you created in step one. It will import the key and you will see something similar to the following:
    Click the “Save Private Key” button and pick your favorite location (make sure to remember!).
  3. Open a command prompt and enter your hell. Here is how to use Plink to execute commands via SSH from Windows:

    Whew! That’s a lot of typing! Here is what it looks like…

Stupid Bash Tricks for SSH

My last post explained how to set up SSH key based authentication for connecting to a NetApp. If you have multiple/many systems to administer this makes it easy to quickly connect to and execute commands against your systems.

However, I’m lazy. I don’t want to type ssh some_system_name or ssh some.ip.add.ress for every system. Also, on some of my systems I have to specify the private key and username to use for connecting, which further lengthens the amount of typing I have to do: ssh -i ~/.ssh/some_special_id my_account@some.netapp.lan.

I have found it to be convenient and easy to create bash aliases for these systems. It’s simple to do:

Now, whenever I type na01 version it will automatically expand the “na01” to be the full command.

To make the alias permanent, add it to .bashrc file in your home directory…

If you are feeling particularly fancy, you can configure SSH for autocomplete of the hostnames also.

SSH to a NetApp Using Key Based Authentication

EDIT 2014-03-03: An updated post for Clustered Data ONTAP is here.

I find it quite handy to use a *nix server as a management host for my NetApp systems. Using key based authentication and SSH the whole process is easy and secure. With the addition of bash aliases for the hosts, I can even quickly run commands against multiple hosts.

A couple of pre-requesites…you need to have either CIFS or NFS enabled and the root volume exported/shared. Also, you must have SSH enabled. I will refer you to the documentation on how to get these tasks done. I recommend you create a non-root user for any administrators to use for access (for accountability reasons). If you are ok with using root for everything, then don’t execute the following: useradmin user add some_username -g Administrators.

This will work with OnTAP 7 and OnTAP 8 7-mode. I haven’t had the priviledge of using a Clustered OnTAP system at this time, so I don’t know the process.

Read more