Increase NextCloud 13 VM Storage

NextCloud

NextCloud is one of the most popular ways for users to take control of their data again. Users can use NextCloud to manage their Contacts, Calendars, Files, and a number of other types of data with the available Apps. NextCloud is a fork of the original ownCloud, but advocates more of an emphasis on the community’s needs.

The pre-configured NextCloud 13 VM uses the ZFS file system to manage storage, and it makes increasing storage incredibly easy. Previous versions of the NextCloud VM required many steps of expanding, partitioning, extending, and resizing to increase storage. To increase NextCloud 13 VM storage is much simpler:

  1. Add new hard disk
  2. Scan for new hard disk
  3. Add new disk to the ZFS pool “ncdata”
  4. Verify ZFS pool “ncdata” size

Below are screenshots and a walkthrough, including sample output of the commands, to increase NextCloud 13 VM storage running on VMWare ESXi. You will need to either have console or SSH access to your NextCloud host as well as sudo access.

First, run df -Th to verify the “ncdata” size; in my environment it is 39G, as seen on line 8.

Filesystem                     Type      Size  Used Avail Use% Mounted on
udev                           devtmpfs  1.9G     0  1.9G   0% /dev
tmpfs                          tmpfs     393M  1.5M  391M   1% /run
/dev/mapper/nextcloud--vg-root ext4       39G  3.0G   34G   9% /
tmpfs                          tmpfs     2.0G  8.0K  2.0G   1% /dev/shm
tmpfs                          tmpfs     5.0M     0  5.0M   0% /run/lock
tmpfs                          tmpfs     2.0G     0  2.0G   0% /sys/fs/cgroup
ncdata                         zfs        39G   24M   39G   1% /mnt/ncdata
tmpfs                          tmpfs     393M     0  393M   0% /run/user/1000

1. Add new hard disk

Add a new disk to the VM. Because NextCloud 13 VM uses ZFS pools, it is easier to increase your storage by adding new drives rather than expanding or extending existing drives. We are adding a 60 GB hard drive in our example.
ESXi New Hard Disk

2. Scan for new hard disk

After adding the drive, either reboot or scan for the new disk with the below command, replacing “host0” with the appropriate host number.

echo "- - -" > /sys/class/scsi_host/host0/scan

If you have many hosts like me, you can use the below bash script to just scan through them all.

#! /bin/bash
for host in "/sys/class/scsi_host"/*
do
    echo "- - -" > $host/scan
done
exit 0

After scanning or rebooting, run fdisk -l to view all the partitions, including the new one. In my environment, you will see that the 60G partition appears as “sdc” beginning on line 36 below. Note the partition for the next step.

Disk /dev/sda: 40 GiB, 42949672960 bytes, 83886080 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x01a86cc8

Device     Boot Start      End  Sectors Size Id Type
/dev/sda1  *     2048 83884031 83881984  40G 8e Linux LVM


Disk /dev/sdb: 40 GiB, 42949672960 bytes, 83886080 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 840790A0-AC2C-E045-97C5-E7F3CFD52BE4

Device        Start      End  Sectors Size Type
/dev/sdb1      2048 83867647 83865600  40G Solaris /usr & Apple ZFS
/dev/sdb9  83867648 83884031    16384   8M Solaris reserved 1


Disk /dev/mapper/nextcloud--vg-root: 39 GiB, 41875931136 bytes, 81788928 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/mapper/nextcloud--vg-swap_1: 976 MiB, 1023410176 bytes, 1998848 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/sdc: 60 GiB, 64424509440 bytes, 125829120 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

3. Add new disk to the ZFS pool “ncdata”

Next, verify the current “ncdata” size using zpool list. You can also verify the partitions in the pool first using zpool status ncdata seen further below.

NAME     SIZE  ALLOC   FREE  EXPANDSZ   FRAG    CAP  DEDUP  HEALTH  ALTROOT
ncdata  39.8G  23.7M  39.7G         -     0%     0%  1.00x  ONLINE  -

When you are ready, use the below command to add the new partition to the ZFS Pool. In our example, we are adding the partition “sdc” to the ZFS Pool “ncdata”.

zpool add ncdata /dev/sdc

4. Verify ZFS pool “ncdata” size

Run zpool list again afterwards to verify the increased size.

NAME     SIZE  ALLOC   FREE  EXPANDSZ   FRAG    CAP  DEDUP  HEALTH  ALTROOT
ncdata  99.2G  24.1M  99.2G         -     0%     0%  1.00x  ONLINE  -

As suggested above, you can use zpool status ncdata to verify the new partition has been added to the pool as well.

  pool: ncdata
 state: ONLINE
  scan: none requested
config:

	NAME        STATE     READ WRITE CKSUM
	ncdata      ONLINE       0     0     0
	  sdb       ONLINE       0     0     0
	  sdc       ONLINE       0     0     0

errors: No known data errors

Google Play Music Manager on a Virtual Machine

Google Play Music Manager Login Failed

The first time you install Google Play Music Manager on a virtual machine you will probably receive the error, “Login failed. Could not identify your computer.” You’ll definitely experience this on any VMware ESXi virtual machines. Google currently doesn’t support virtual machines. Therefore, Music Manager on a virtual machine in Hyper-V or XenServer will likely encounter this problem as well.

Google Play Music Manager Login Failed

Installing Google Play Music Manager on a virtual machine is a great idea if you have a home server for streaming and storing media. Google Play Music is still one of the best free options for keeping a copy of your library in the cloud. But you will need to install Google Play’s Music Manager software if you want to automatically keep songs in sync (up to 50,000 songs). Just be aware that it is a great cloud option for streaming, but not archiving or backup, particularly if you are an audiophile. Google’s system will convert loseless FLAC and ALAC down to 320kbps MP3 files.

Manually Assign a MAC Address

The standard VMware OUI MAC addresses will NOT work, i.e., the following three-byte prefixes will not work: 00:0C:29 and 00:50:56. We have had no issues using a randomly generated MAC address. There is the small chance that it will overlap with another device on your network, but that is very unlikely, and you can easily use another MAC from the generated list.

  • Generate a random MAC address for the virtual machine
  • Manually assign the address
  • Start/restart the virtual machine and you should be able to login to Google Play Music Manager now

Managing Office 365 via Active Directory

How Azure AD Connect works

The company has moved from an on-premise Exchange Server to Office 365. You have set up AD Connect to sync all your data and passwords. You have decommissioned and uninstalled all local instances of Exchange Server. Suddenly you discover that you must manage Office 365 via Active Directory, and it seems impossible to because many settings must be changed in the Active Directory Users and Computers Attribute Editor.

Your options for management are essentially the following:

  1. Disable AD Connect – Your data in AD and Azure AD will no longer be synced, but you can easily manage everything from https://portal.office.com/adminportal/home#/homepage.
  2. Install Exchange Server locally – Your data will be in sync. You can set up Mail-Enabled Users to manage users with mailboxes, and groups and contacts will be managed the same way as before via the Exchange Management Console.
  3. Manage mailboxes through Active Directory Users and Computers – Your data will be in sync, and you will have the turn on “Advanced Features” to access the Attribute Editor.

This is a reference table with examples choose Option 3, and manage Office 365 via Active Directory.

TypeFunctionAD AttributeExample
UserHide User from Address BookmsExchHideFromAddressListsTRUE
UserSet alias emailproxyAddressessmtp:information@pandatech.co
UserSet primary emailproxyAddressesSMTP:info@pandatech.co
UserSet Exchange AliasmailNicknameinfo
GroupPermitted SendersauthOrigCN=First Last,OU=IT,OU=Panda Tech,DC=pandatech,DC=co

Frequently used Office 365 settings that are difficult to find in the AD Attribute Editor will continue to be added to the table in the future.

Block Spam and Phishing from Spoofed Emails in Office 365

Spoofing block rule for Office 365

The more we rely on email, the more susceptible we are to spam and phishing attempts by cyber frauders. Recently, yet another company lost 3.8 million when they made a bank transfer requested by a spoofed email. How did it happen?

The attackers set up an email account that mirrored [Alutiiq CEO] Hambright’s email address and sent an email to Alutiiq’s controller that gave instructions about a “confidential transaction” by a person who called minutes later.

Pretending to be an attorney, the co-conspirator requested an “urgent” transfer of the $3.8 million “to an entity later revealed to be a fictitious third party company based in Hong Kong,” Hambright wrote. Hambright and the chief financial officer discovered the transfer two days later.

All companies small and large are susceptible to scams like this. Fortunately for Office 365 users, there is an easy way to effectively block spam and spoofing attempts by blocking senders from “Outside the organization”. Microsoft TechNet Blogger Caltaru Mihai also mentions this technique near the end of his Block Spoofing in Office 365 post and appropriately cautions “that this is a dangerous rule if not configured correctly, but it is very effective at blocking spoofing“.

Office 365 Exchange Admin Center

  1. Log into your Office 365 Exchange Admin Center
  2. Navigate to mailflow, then rules, and add a new rule
  3. Click “More Options…” near the bottom of the new window
  4. Add two conditions:

       The sender’s domain is… yourdomain.com
    AND
       The sender is located… Outside the organization

  5. Add one action:

       Reject the message with the explanation… Message has been blocked as an email spoofing attempt.

    Or

       Modify the message properties… Set the spam confidence level (SCL) to… 9

  6. Add an exception(s)
    • This is not necessary, but it is usually a good idea to whitelist your company’s WAN IPs as well as any other legitimate services that may be sending emails on your company’s behalf. If you have SPF set up, then you can use the same IPs listed in the SPF TXT record
Spoofing block rule for Office 365
Spoofing block rule for Office 365
Spoofing spam rule for Office 365
Spoofing spam rule for Office 365

Let me know if this rule works out for your organization, or if you find some new ways to improve it!

Configure a Custom Domain for Single Sign-On in Azure

Azure AD 1

Azure AD is a great new subscription based product from Microsoft, perfect for Apps and Cloud Backups, however adding a custom domain and configuring it for single sign-on with you local Active Directory can be tricky. After deleting my custom domain twice and all my synced users once, we discovered this to be the easiest way to setup single sign-on in Azure.

Prerequisites

  • Active Directory Federation Services must be installed and configured
  • A Global Administrator on Azure Active Directory
  • A Enterprise Administrator on your domain

Instructions

  1. Add the domain to Azure Active Directory. Check the “I plan to configure this domain for single sign-on with my local Active Directory.”
  2. Add a User. The user will be a “New user in your organization” and must have Global Administrator priveleges. We created “azure@pandatech.onmicrosoft.com
  3. Sign in with the new user and update the password.
  4. Get the code for verifying the custom domain by opening an elevated PowerShell session and running the following commands:
    $cred = Get-Credential
    Connect-MsolService -Credential $cred
    Get-MsolDomainVerificationDns -DomainName "pandatech.co" -Mode -DnsTxtRecord

    Enter the new user’s credentials in the prompt that opens after the first command. Then replace the last command with your own custom domain name. See the example output below:
    Azure DNS 2

  5. Create TXT record with the Alias or Hostname @ and the Address from the PowerShell results. Below is my record:
    Azure DNS
  6. Depending on your host and the internet, it may take a while before the DNS records update. Once they do you will need to run the following command:
    New-MsolFederatedDomain -DomainName "pandatech.co"

    If the DNS records have not updated yet, you will get an error. Once completed, the custom domain should appear as “Verified” in Azure AD. Successful PowerShell results look like this:
    Azure AD 3

  7. On a Domain Controller, install download and install Microsoft Azure Active Directory Connect.
  8. Run Azure AD Connect using the Express Settings, and sign in with the account you created in Step 3 on the first page. Sign in with an Enterprise Administrator on your domain in the second page. Check “Start the synchronization process as soon as the configuration completes”, and click Install.
    Azure AD Global AdministratorAzure Enterprise Administrator
  9. Installation should complete within a few minutes. The sync will automatically begin afterwards, and it may take some time depending on the size of your domain and your internet speed.
  10. Verify that accounts appear in Azure AD afterwards, and try signing into the Azure Portal with one of your local accounts.

Hopefully this helps you configure single sign-on in Azure with your local Active Directory. Post any questions in the comments. You may also find Microsoft’s Azure AD Directory Integration documentation helpful as well.

Adding Multiple Users to Active Directory

ImportBulkUsers ps1

Adding Multiple Users to Active Directory can be done very simply by creating a CSV file, which administrators can easily edit using Excel, and running the PowerShell script below. (CSV template and script download at the bottom) Someone will still have to fill out every user’s information and ensure that the proper OU exists, but after that it is smooth sailing. This is just a starting point for administrators though; it is easy to specify more categories such as Department, Telephone, E-mail, etc. by adding columns to the CSV and lines to the PowerShell script.

The CSV

This CSV (download) is a starter template for adding multiple users to Active Directory. If you need to add more AD attributes, simply create a column, note the Ldap-Display-Name, and add the details for each user. Once this is complete, save it to a directory on a Domain Controller, and get ready to run the script below. We used the directory C:\ADtest in our example.

ImportBulkUsers CSV

The PowerShell script

The PowerShell script (download) has been written to with the CSV template above, but administrators will still need to make at least 1 edit to the script—in Line 4, administrators will need to edit “pandatech.co” to be there domain, such as “contoso.net”. Be sure to keep the quotation marks around the domain, otherwise you will run into syntax errors. The script also assumes that you saved the CSV file to C:\ADtest. Administrators can change this -Path to existing location in Line 2.

ImportBulkUsers ps1

The above shows the results from running it in PowerShell ISE. If you don’t want it to display successful results when adding multiple users to Active Directory, delete -PassThru from Line 17. If the user already exists, an error will be displayed, but the script will continue to process other users contained in the CSV. If you added more columns and attributes in the CSV, you’ll have to include the Ldap-Display-Name and column name between Lines 7-17.

Import-Module ActiveDirectory
Import-Csv -Path "C:\ADtest\importbulkusers.csv" | ForEach-Object {
    $SAM = $_.GivenName[0] + $_.Surname
    $UserPrincipalName = $SAM + "@pandatech.co"
    $Name = $_.GivenName + " " + $_.Surname
    New-ADUser `
        -UserPrincipalName $UserPrincipalName `
        -SamAccountName $SAM `
        -Name $Name `
        -DisplayName $Name `
        -GivenName $_.GivenName `
        -Surname $_.Surname `
        -Description $_.Description `
        -Path $_.Path `
        -AccountPassword (ConvertTo-SecureString $_.Password -AsPlainText -Force) `
        -Enabled $true `
        -PassThru
}

Download the CSV template
Download the PowerShell script

Download A File Using PowerShell

messing with PowerShell (1)

Someday you may find yourself unable to download a file the normal way—clicking a link in a browser. You may be infected with a ZeroAccess rootkit or other malware, have Internet Explorer Enhanced Security Configuration turned on, or just have issues launching the browser. At that point, you should download a file using PowerShell. To download a file using PowerShell, users can run the following cmdlet:

(New-Object System.Net.WebClient).DownloadFile("http://domain/file", "C:\folder\file")

I’ve had to use this numerous times to download either anti-malware software or a different, non-Internet Explorer browser. However, on occasion, the PowerShell’s execution policy may be set to restricted, then users will have to run this cmdlet before they can download a file using PowerShell:

powershell Set-ExecutionPolicy Unrestricted

Download Music From Your iPod

iPod(s)

Since 2001, Apple iPods have been considered the best MP3 player year after year, including 2014. The hardware is intuitive to use, and it integrates seamlessly with iTunes, most of the time…

But, once in a while, your computer crashes; you lose your iTunes; and you can’t sync your iPod anymore without losing part or all of your music collection. This is how you salvage your collection with either a Mac or a Windows workstation. Just follow the steps below to download music from your iPod to your computer:

On a Mac

  1. Open iTunes and turn off automatic syncing
  2. Connect your iPod
  3. Enable disk use from iTunes:
    iTunes - Enable disk use
  4. Open Terminal, and run the following command, noting the name of your iPod:
    ls /Volumes
  5. Then run the following commands, replacing “IPOD_NAME” with your iPod name. Remember to escape any spaces in the name with \, or else you will get an error:
    rsync -arv /Volumes/IPOD_NAME/iPod_Control/Music ~/Desktop/Music/
    chflags -Rv nohidden ~/Desktop/iPod
  6. All your iPod music will be available in a folder called Music on your Desktop now

On Windows

  1. Open iTunes and turn off automatic syncing
  2. Connect your iPod
  3. Enable disk use from iTunes:
    iTunes - Enable disk use (PC)
  4. Under Tools > Folder Options…, click to the View tab and check Show hidden files, folders, and drives:
    Folder OptionsHidden Files
  5. Browse into the folder iPod_Control on your iPod. Move the Music folder to your Desktop.
  6. Once the transfer has finished, right-click the Music folder on your Desktop, and select Properties
  7. Unhide the folder and all folders and documents within the folder:
    Unhide Files
  8. All your iPod music will be available in a folder called Music on your Desktop now. Afterwards, you may choose to hide other files again as in Step 4.