This script creates a list of all AD users with a logon script and outputs to a CSV file.

Call the script like this: cscript list-logon-scripts.vbs > logon-scripts.csv

Option Explicit

Dim adoCommand, adoConnection, strBase, strFilter, strAttributes

Dim objRootDSE, strDNSDomain, strQuery, adoRecordset, strName, strScript



' Setup ADO objects.

Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection



' Search entire Active Directory domain.

Set objRootDSE = GetObject("LDAP://RootDSE")

strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"


' Filter on user objects.
strFilter = "(&(objectCategory=person)(objectClass=user))"



' Comma delimited list of attribute values to retrieve.
strAttributes = "sAMAccountName,scriptPath"



' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False



' Run the query.
Set adoRecordset = adoCommand.Execute


' Enumerate the resulting recordset.
Do Until adoRecordset.EOF

' Retrieve values and display.
strName = adoRecordset.Fields("sAMAccountName").Value

strScript = adoRecordset.Fields("scriptPath").value

Wscript.Echo strName & "," & strScript

' Move to the next record in the recordset.
adoRecordset.MoveNext
Loop



' Clean up.

adoRecordset.Close

adoConnection.Close

Event Type:     Error
Event Source:       Service Control Manager
Event Category: None
Event ID:           7003
Date:           30/11/2011
Time:           1:57:57 PM
User:           N/A
Computer:       COMPUTERNAME
Description:
The DHCP Server service depends on the following nonexistent service: EventSystem

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Fix: Run "regsvr32 es.dll" and then restart the computer. (Source: MSKB 961938)

Here is another fix that I didn't try: http://smallvoid.com/article/winnt-com-event-system-config.html

FTP servers operate in either Active or Passive mode.

Active mode FTP uses port 21 for control and port 20 for data, but it doesn't work with NAT.

Passive mode FTP works with NAT and uses port 21 for control. Passive mode FTP traditionally uses random ports between 1024 and 35535 for data. Instead of allowing ports 1024-35535 through your firewall, you can configure a custom range for the data ports.

There will be a different way of changing the data ports depending on which version of IIS that you're using. See this article for more info: Limiting Passive FTP Port Range on IIS 7.6 / IIS 6.0 / IIS 5.0

Limiting Passive FTP Port Range on IIS 7 in Server 2008 R2

In IIS Manager, click on the server object and then open FTP Firewall Support.

Enter the data channel port range. Make sure you put your router's public IP address in the "External IP Address of Firewall" field.

If you find the Data Channel Port Range box is greyed out, click on the server node above [Application Pools], then open the FTP Firewall Support tool.

Then just restart the Microsoft FTP Service.

Finally you'll need to forward the ports on the Cisco and allow them in your ACL:

ip nat inside source static tcp 192.168.1.4 21 interface Dialer0 21
ip nat inside source static tcp 192.168.1.4 5500 interface Dialer0 5500
ip nat inside source static tcp 192.168.1.4 5501 interface Dialer0 5501
ip nat inside source static tcp 192.168.1.4 5502 interface Dialer0 5502
ip nat inside source static tcp 192.168.1.4 5503 interface Dialer0 5503
ip nat inside source static tcp 192.168.1.4 5504 interface Dialer0 5504
ip nat inside source static tcp 192.168.1.4 5505 interface Dialer0 5505

ip access-list extended in-from-world
permit tcp any any eq ftp
permit tcp any any range 5500 5505

If you have a remote site that requires AD / Exchange connectivity there are three options for DNS:

1. Use the head office as the only DNS server
   • Pro: Can resolve mail.mydomain.com.au
   • Con: No internet connectivity if the link to head office goes down.
2. Use the head office as the primary DNS server and a third party as a secondary DNS server
   • Pro: Remote site still has internet connectivity even if the link to head office goes down
   • Con: May learn the external address for mail.mydomain.com.au instead of the internal address
3. Use the Cisco as a DNS server, forwarding queries to a third party
   • Pro: Can always resolve internet addresses even if the link to head office goes down, but will always resolve domain resources to their local address
   • Con: More manual setup

Everything following in this article deals with option 3.

Basic config to use Cisco as DNS Server

ip name-server 208.67.220.220 208.67.222.222
ip domain-lookup
ip dns server
ip host mail.mydomain.com.au 192.168.1.1

There's some more info here

Adding records to support domain connectivity

Disclaimer: I haven't actually tried this in production yet.

It's possible to add the records to support domain connectivity. Quickly looking through the article, I think that all I'd need is to add the following records on the Cisco at the branch office:

dc1.ad.mydom.com. A 4.2.2.3

Host record for the domain controller.

_ldap._tcp.ad.mydom.com. SRV 0 0 389 dc1.ad.mydom.com.

Allows a client to find an LDAP server in the ad.mydom.com domain to submit queries to in order to find objects in the Active Directory. All Windows NT domain controllers in the ad.mydom.com domain will register this name.

_kerberos._tcp.ad.mydom.com. SRV 0 0 88 dc1.ad.mydom.com.

Allows a client to locate a Kerberos KDC for the domain. All DCs domain controllers providing the Kerberos service (used for authentication and resource access) will register this name. All domain controllers running the Kerberos KDC service in the ad.mydom.com domain will register this name.

_ldap._tcp.dc._msdcs.ad.mydom.com. SRV 0 0 389 dc1.ad.mydom.com.

Allows a client to find a domain controller in the ad.mydom.com domain. All Windows NT Ddomain controllers in ad.mydom.com will register this name.

_kerberos._tcp.dc._msdcs.ad.mydom.com. SRV 0 0 88 dc1.ad.mydom.com.

Allows a client to find a domain controller running a Kerberos KDC for the domain named ad.mydom.com. All Windows NT domain controllers running the Kerberos service in the ad.mydom.com domain will register this name.

gc._msdcs.ad.mydom.com SRV 0 0 3268 dc1.ad.mydom.com.

Allows a client to find any global catalog server in the Active Directory forest via a normal A record lookup. Global catalogs in the forest will register this record.

The Airport Express was reverse engineered to make a program called Shairport. This lets you stream music from a Mac or iOS device to a PC running Shairport.

Linux

Download the tar.gz, extract it, read the INSTALL.md file for instructions: There is an apt-get command to run, then you run make. You can just run ./shareport.pl and it will work. I didn't need to install the PERL modules, I guess Ubuntu already has them.

Windows

There's a Windows port called shairport4w

Reading through the CCNA books I was confused about the difference between a root port and a designated port. An article on Cisco's website about how STP / RSTP works cleared it up for me. I've copied the relevant info below.

Root Port Roles

The port that receives the best BPDU on a bridge is the root port. This is the port that is the closest to the root bridge in terms of path cost. The STA elects a single root bridge in the whole bridged network (per-VLAN). The root bridge sends BPDUs that are more useful than the ones any other bridge sends. The root bridge is the only bridge in the network that does not have a root port. All other bridges receive BPDUs on at least one port.

Designated Port Role

A port is designated if it can send the best BPDU on the segment to which it is connected. 802.1D bridges link together different segments, such as Ethernet segments, to create a bridged domain. On a given segment, there can only be one path toward the root bridge. If there are two, there is a bridging loop in the network. All bridges connected to a given segment listen to the BPDUs of each and agree on the bridge that sends the best BPDU as the designated bridge for the segment. The port on that bridge that corresponds is the designated port for that segment.

Using TFTP

The recommended way to save and load config files is directly to/from a TFTP or FTP server. First you'll need to install a TFTP server program like tftpd32 for Windows on your PC.

To export config: copy startup-configuration tftp

To import config: copy tftp startup-config

Using PuTTY to save a log file

A quick and dirty way to save the config is to use the logging feature of PuTTY.

First, configure PuTTY to save a log file: Go to Session > Logging, supply a log file name, and change "Session logging" to "All session output".

Then show the running config. To show the running config without having to acknowledge the "MORE" each time, do this:

# terminal length 0
# show run