How to add a list of domains to a Send Connector in Exchange 2007 (Forced TLS) (CSV File)

I had a client with a scoped send connector to enforce outbound TLS to their partner company.  I needed to add a huge list of domains to the send connector.  I only tested this with Exchange 2007 but I'm sure it's similar for 2010/2013.

Create a file with Notepad and name the file with the extension .csv.  For my example, we'll use test.csv and we'll save it in C:\temp.  The format of the file should be-

Name
test1.com
test2.com
test3.com
test4.com

Use the following commands in powershell o import the domains to your Send Connector.  For my example, our send connector will be called "TestSend".

$al = (Get-SendConnector -Identity TestSend).AddressSpaces

$al += (Import-CSV c:\temp\test.csv) | ForEach {$_.Name}

Set-SendConnector TestSend -AddressSpace $al3

Changing Ubuntu Server IP address from DHCP to Static (including DNS)

I know this is a silly one but some seem to struggle with this and there are some conflicting instructions out there.

sudo nano /etc/network/interfaces


Change this-
auto eth0
iface eth0 inet dhcp

To your static ip-
auto eth0
iface eth0 inet static
        address 192.168.0.3
        netmask 255.255.255.0
        network 192.168.0.0
        broadcast 192.168.0.255
        gateway 192.168.0.1
        dns-search example.com
        dns-nameservers 8.8.8.8 4.2.2.2

(You can omit the dns-search if you don't need a domain suffix,)

Simply restart your server.  If you'd prefer not to, you can restart the networking with this command-

sudo ifdown eth0 && sudo ifup eth0

Cisco ASA Restrict VPN traffic to 1 IP on Site to Site (L2L) Tunnel

I was recently asked to restrict access on a VPN tunnel to one IP address, 192.168.240.13.  Here is how I did it-



access-list restrict extended permit ip host 192.168.240.13 any

group-policy Tunnel internal
group-policy Tunnel attributes
 vpn-filter value restrict

tunnel-group 2.2.2.2 general-attributes
 default-group-policy Tunnel

Setting up a Site to Site (L2L) VPN Tunnel on a Cisco ASA 5505 when the remote end has an overlapping (conflicting) IP Range

A scenario I commonly run into is a client who wants to set up a Site to Site IPSec VPN tunnel to a vendor but cannot use their current IP scheme because it overlaps with another one of their business partners.  This is a fairly simple setup.

Public IP- 1.1.1.1
Private LAN- 192.168.0.0/24
Remote VPN LAN- 192.168.250.0/24
Remote Host IP- 2.2.2.2
Pre-Shared-Key- Key

So we're going to make up a "Natted" LAN for use on this tunnel.  We will use- 192.168.100.0/24.
Natted LAN- 192.168.100.0

First thing, create some object groups.

ASA (config)# object network LocalSubnet

ASA(config-network-object)# subnet 192.168.0.0 255.255.255.0

ASA (config)# object network LocalSubnetNAT

ASA(config-network-object)# subnet 192.168.100.0 255.255.255.0

ASA (config)# object network RemoteSubnet

ASA(config-network-object)# subnet 192.168.250.0 255.255.255.0

Next we create a NAT rule to un-NAT to that address.

ASA (config)# nat (inside,outside) source static LocalSubnet LocalSubnetNAT destination static RemoteSubnet RemoteSubnet

Now we create an ACL for the VPN tunnel.  Since VPN tunnels are processed after NAT, it will be from the Natted subnet to the remote subnet.

ASA (config)# access-list Tunnel extended permit ip object LocalSubnetNAT object RemoteSubnet

Now we build the tunnel like we normally would-

ASA (config)# crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

ASA (config)# crypto map outside_map 10 match address Tunnel

ASA (config)# crypto map outside_map 10 set peer 2.2.2.2

ASA (config)# crypto map outside_map 10 set ikev1 transform-set ESP-3DES-SHA

ASA (config)# crypto map outside_map interface outside

ASA (config)# crypto ikev1 enable outside

ASA (config)# crypto ikev1 policy 10

ASA(config-ikev1-policy)# authentication pre-share

ASA(config-ikev1-policy)# encryption 3des

ASA(config-ikev1-policy)# hash sha

ASA(config-ikev1-policy)# group 2

ASA(config-ikev1-policy)# lifetime 86400

ASA (config)# tunnel-group 2.2.2.2 type ipsec-l2l

ASA (config)# tunnel-group 2,2,2,2 ipsec-attributes

ASA(config-tunnel-ipsec)# ikev1 pre-shared-key Key

That's it!  

Windows Time Hell

I'm kind of over windows time issues, so I found this little bad boy!  This thing is great, rock solid time sync, no headaches.

http://www.timesynctool.com/

You move a mailbox from Exchange 2010 / 2013 to a new server or Office 365 and you can't get rid of a shared mailbox that is automapped.

So you move a shared mailbox from Exchange to either a new server or to Office 365.  After, a user still sees a shared mailbox automapped to their profile due to the exchange automapping feature.  You aren't able to map the moved mailbox to their profile.

An easy solution is to simply remove it from the attributes in Active Directory.

 - Open Active Directory Users and Computers.
 - Click the View menu and select Advanced Features.
 - Open the user in question.
 - Click on the Attribute editor tab.
 - Scroll down to msExchDelegateListLink, open it.
 - Remote the mailbox that is automapped.

How to set up an Ubuntu Secondary (Slave) DNS Server as a Secondary DNS Server to your Windows Active Directory Environment

Recently I had a client ask me to configure an Ubuntu server as a secondary DNS server to their AD environment to give a remote office local DNS.  Here is how I did it-

sudo apt-get install bind9

cd /etc/bind
sudo nano named.conf.local

     zone "domain.local" IN {
             type slave;
             file "/var/cache/bind/domain.local.db";
             allow-transfer { 192.168.0.0/16; };
             allow-notify { 192.168.2.97; };
             check-names ignore;
             masters { 192.168.2.97; };
     };

     zone "2.168.192.in-addr.arpa" IN {
             type slave;

             file "/var/cache/bind/2.168.192.db";

             allow-transfer { 192.168.0.0/16; };

             allow-notify { 192.168.2.97; };

             masters { 192.168.2.97; };

     };

(Note- Replace domain.local with your AD domain, replace the 192.168.0.0/16 with your internal IP subnet, replaced 192.168.2.97 with your internal DC that you want to transfer DNS from.)

sudo nano named.conf.options

     allow-query { any; };

     allow-recursion { any; };

     forwarders {

             8.8.8.8;

             4.2.2.2;

     };

On your AD server, go into DNS, right click on the internal DNZ zone, and add the IP of your Ubuntu box to the zone transfers tab.  Do the same for the reverse zone.

Restart Bind
sudo /etc/init.d/bind9 restart

That's it!!!