Mounting CIFS Share with specific user and group in Linux

Working with Linux in a Microsoft environment is not always easy.
Even a simple share can be tricky. Luckily, there’s always a solution with Linux.

In the scenario where a Windows Share is needed, running “mount” with CIFS is no surprise, however, if the Linux mount point has to be made available for a specific user, then, it’s necessary to pass the option for the local user and group of the mount point being created.

Ex.: (as root or sudo) mount -t cifs -v //IP_or_DNS_name/Share_Name /mnt/Local_Folder -o user=ShareAuthUser,pass=ShareAuthUserPW,domain=ShareAuthUserDomainOrLocalMaShareMachine,uid=LinuxUID,gid=LinuxGID

Using the above command will mount under /mnt/Local_Folder the CIFS share, but will do it making the Linux user an group owner of that mount point.

This is very usefull when you need to backup Linux files or databases (that only a service user can access) but the backup server is Windows based. So one makes a backup to a folder, that happens to be a CIFS share and the Windows machine can backup that folder.

Hope it helps.

Windows 8 and Windows Server 2012 – Problems with activation

The new versions of Windows are out, and with them come a whole new set of little challenges.

So let’s start from the beginning.

You just installed your new OS and you get a DNS error when trying to activate it.

Well, here’s how you go about it.


Open a command line with Administrative privileges and type:

slmgr.vbs /ipk followed by your serial key. Press enter and there you have it. A brand new activated Windows.


Linux – What distro am I using?

Let’s say you’ve been given access to a Linux machine (SSH or any other plain terminal), but you have no idea of version or distro you are using.

Even though Linux is mostly the same, there are some diferences. So, to find out, here’s a couple of commands that can be usefull.

head -n1 /etc/issue 
uname -a
Note that the first command can be deceiving. /etc/issue is a text file that can be altered.

Logoff on a Windows 2008 Server Core

Windows Core has no Start button, and obviously, there’s no logoff button. So, how does one logoff?

Well, it’s actually very easy. On the Windows Core command prompt just type logoff.

If, by some reason you’ve closed the command prompt and are feeling a bit lost, just open some other server, or even your own workstation command prompt and type logoff 1/server: W2K8Core, where the number 1 is the number of session,  0 (zero) is the console and remote are 1 and 2.

Now you can simply login again and open the command prompt.

Killing a Windows Service that seems to hang on “Stopping”

When a service hangs in a “Stopping” state, a SysAdmin can kill the service using this procedure:

  1. Open a command-prompt, in Administrator Mode, and query the service (e.g. the BITS service)
    sc queryex BITS
  2. This will give you the following information:

NOTE: In the STATE field, it should mention stopping.

  1. In the sc queryex results you can find the process identifier (PID). With it, you can kill the associated process either by using the task manager or by using taskkill:

taskkill /PID 420 /F

The /F flag is needed to force the process kill.

Another way to go about it is to identify the Displayname of the service, using the services console   (services.msc):

and use:

taskkill /IM “Displayname” /F

This is very useful for emergencies but you shouldn’t use it on a regular basis (use it as a last chance to solve the problem or to avoid the need of a reboot in an exceptional situation).

More info on sc.exe can be found via


Who’s listening

When you want to find out what port is that service running on there’s a nice command to help you.

It’s called netstat and it’s available on Windows and Linux.

Here’s a couple of usage examples:

  • Find who’s connected to your port 25 (Usually SMTP Server).
  • Windows: netstat -ano | findstr :25 | findstr ESTABLISHED
  • Linux: netstat -ano | grep :25 | grep ESTABLISHED
  • Find what port’s are listening.
  • Windows: netstat -ano |  findstr LISTENING
  • Linux: netstat -ano | grep LISTENING

You can use multiple combinations of this command with regular expression filters to get what you need. This is a great tool to find what ports are being used and from where.


How to monitor Active Directory Global Catalog replication

If you just added a new global catalog, and you want to know how the replication is going along, here’s what you do.

  1. Open a Command Prompt as an administrator: On the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. At the command prompt, type the following command, and then press ENTER:

    dcdiag /s:<servername> /v | find "%"

Verify replication with other domain controllers

When you need to test your domain replication, you can run a couple of tests from the command line.

To verify replication is functioning

  1. Open a Command Prompt.
  2. Type dcdiag /test:replication and press Enter.
  3. To verify that the proper permissions are set for replication, type dcdiag /test:netlogonsand then press Enter.Messages indicate if the connectivity and netlogons tests passed.

Active Directory replication fails Event ID 1265

If you get the Event ID 1265 from NTDS KCC in your Domain Controller Event Viewer or you get the error: “The naming context is in the process of being removed or is not replicated from the specified server.” when replicating from Active Directory Sites and Services, that is caused by a missing SRV record in your DNS.
To fix this issue just there a couple of simple steps.
1. Open a CMD prompt.

2. ping <YourDomainController>.<>. If the PING could NOT find the host, the DNS database does NOT have a SRV resource record for <YourDomainController>.<>.

3. Open Administrative Tools / DNS and expand the DNS server.

4. Expand Forward Lookup Zones.

5. Right-click each zone and press Properties.

6. Set Allow dynamic updates to Yes or Only secure updates.

7. Press OK.

8. Open a CMD prompt on your DNS server and type net stop dns followed by net start dns.

9. Open a CMD prompt on your <YourDomainController> and type net stop netlogon followed by net start netlogon.

Delete Failed DCs from Active Directory

S#!” Happens!!!
The hardware failed, some software installation killed you DC or you just formatted it without demoting it first.
This will leave the entries in you Active Directory database and will eventually give you some trouble.
So, to remove this information all you need is to open a command line and be a member of the Enterprise Admins universal group.
So, open a command line and type ntdsutil. This will give you a new prompt.
At the ntdsutil: prompt, type metadata cleanup and press Enter.
At the metadata cleanup: prompt, type connections and press Enter.
At the server connections: prompt, type connect to server <servername>, where <servername> is the domain controller (any functional domain controller in the domain) from which you plan to clean up the metadata of the failed domain controller. Press Enter.
Type quit and press Enter to return you to the metadata cleanup: prompt.
Type select operation target and press Enter.
Type list domains and press Enter. This lists all domains in the forest with a number associated with each.
Type select domain <number>, where <number> is the number corresponding to the domain in which the failed server was located. Press Enter.
Type list sites and press Enter.
Type select site <number>, where <number> refers to the number of the site in which the domain controller was a member. Press Enter.
Type list servers in site and press Enter. This will list all servers in that site with a corresponding number.
Type select server <number> and press Enter, where <number> refers to the domain controller to be removed.
Type quit and press Enter. The Metadata cleanup menu is displayed.
Type remove selected server and press Enter.

You will receive a warning message. Read it, and if you agree, press Yes.

At this point, Active Directory confirms that the domain controller was removed successfully. If you receive an error that the object could not be found, Active Directory might have already removed from the domain controller.

Type quit, and press Enter until you return to the command prompt.

After you just need to confirm if the object was completely removed from Active Directory.

To remove the failed server object from the sites

In Active Directory Sites and Services, expand the appropriate site.

If the object exists, delete the server object associated with the failed domain controller, then open Active Directory Users and Computers go to the Domain Controllers container and, again, if exists, delete the computer object associated with the failed domain controller

You might get a warning asking you if you want to delete the server object without performing a DCPROMO operation (which, of course, you cannot perform). Just select “This DC is permanently offline…” and click on the Delete button.AD will display another confirmation window. If you’re sure that you want to delete the failed object, click Yes.

All that’s missing now is the DNS entries. So open the DNS mmc console.

In the DNS snap-in, expand the zone that is related to the domain from where the server has been removed.
Remove the CNAME record in the _msdcs.root domain of forest zone in DNS. You should also delete the HOSTNAME and other DNS records.
If you have reverse lookup zones, also remove the server from these zones.
Just a couple of word of advice.
Using the ntdsutil utility incorrectly may result in partial or complete loss of Active Directory functionality.
If the Domain Controller was responsible for any FSMO, don’t forget to seize the roles first.