Backtrack:  
 
showing posts tagged with 'powershell'
1 · 2 · 3
by lunarg on August 4th 2016, at 10:57

Using ADUC, it can be quite a hassle to find and/or unlock AD accounts. Powershell solves this by providing some neat commands for a system administrator to use.

To list all locked out AD accounts:

Search-ADAccount -LockedOut

To get more info about these accounts, you can do a Full-List:

Search-ADAccount -LockedOut | FL

Furthermore, you can pipe the output to quickly unlock some/all AD accounts:

Search-ADAccount -LockedOut | Unlock-ADAccount
by lunarg on May 25th 2016, at 15:59

You can quickly check which mailbox has e-mail forwarding settings enabled through the EMS:

Get-Mailbox -Filter {ForwardingAddress -ne $null} | FT Name,ForwardingAddress,DeliverToMailboxAndForward -Autosize

You can use the cmdlet above and process its output or export it to a CSV (using Export-CSV).

by lunarg on March 17th 2016, at 13:30
There are a variety of methods to enable Remote Desktop and Remote Management from a script. This is particularly useful if you have many Core Servers and no SCCM or some other deployment system.

Powershell:

(Get-WmiObject Win32_TerminalServiceSetting -Namespace root\cimv2\terminalservices).SetAllowTsConnections(1,1)Set-ExecutionPolicy Unrestricted -ForceEnable-PSRemoting -Force

This enables Remote Desktop with NLA (first param), adjust the required firewall rules (second param), and finally, enables Remote Management.

Batch:

cscript %windir%\system32\scregedit.wsf /ar 0cscript %windir%\system32\scregedit.wsf /cs 1

Like the PS variant, this enables Remote Desktop while the second line   ...
by lunarg on December 15th 2015, at 15:21
Quest Rapid Recovery has a module for Powershell which allows manipulation of Rapid Recovery through several cmdlets. This comes in handy if you want to do some automation, and more importantly, it's a lot faster than the web interface.

To load the AppAssure module for PowerShell:

Import-Module appassurepowershellmodule

Then, to get a list of all available cmdlets for AppAssure, run:

Get-Command -Module appassurepowershellmodule

The majority of core and agent functions are available through PS. There are quite a few, and it would go beyond the scope of the article to explain them all. You can get (limited) help by prepending a cmdlet with the keyword help.

Suspend all backups for all m  ...
by lunarg on November 26th 2015, at 15:10
When scheduling the run of a Powershell script through Task Scheduler, it is highly recommended to set up the task to run accordingly:

powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File "path\to\script.ps1"

Scheduling Powershell scripts in this manner will prevent the dreaded 0x1 exit code from happening.

-NoProfile prevents loading of the user's profile, speeding up the startup of the script and preventing the script from depending on user-specific settings and scripts.

-NonInteractive will allow a script to exit rather than waiting indefinitely when a user prompt occurs.

Setting the -ExecutionPolicy to ByPass or Unrestricted will allow unsigned s  ...
by lunarg on November 5th 2015, at 11:03

Sometimes you may want to set or clear attributes of an AD object (e.g. the extensionAttributes of an AD user) through Powershell.

To set an attribute:

Set-ADUser -Identity "AnyADUser" -Add @{extensionAttribute15="SomeValue"}

To clear an attribute (i.e. unset the attribute):

Set-ADUser -Identity "AnyADUser" -Clear extensionAttribute15
by lunarg on November 5th 2015, at 10:49

The Office365 Admin portal clearly shows which users are synced to AD and which are cloud only. In Powershell, this is less clear. To find out which are cloud-only, you need to check the value of LastDirSyncTime. If it is empty, then the user was never synced from AD, and thus, is a cloud-only user.

Log on to your Office 365 tenant through Powershell, then run:

Get cloud-only users:

Get-MsolUser -All | Where { $_.LastDirSyncTime -eq $null }

Get synchronized-only users:

Get-MsolUser -All | Where { $_.LastDirSyncTime -ne $null }
by lunarg on September 21st 2015, at 12:40

This one-liner will output a list of installed programs, similar to what you get when looking it up through Control Panel → Add/Remove Programs.

Get-WmiObject -Class Win32_Product | Select-Object -Property Name

The advantage of this cmdlet is that you can dump it to a text file:

Get-WmiObject -Class Win32_Product | Select-Object -Property Name > Software.txt

And through PS remoting, you can also run this on remote systems.

by lunarg on September 21st 2015, at 12:31

You can easily perform 'diff' style text comparisons with Powershell:

Compare-Object -ReferenceObject (Get-Content file1.txt) -DifferenceObject (Get-Content file2.txt)
by lunarg on September 15th 2015, at 15:56
Rather than installing the Exchange 2013 management tools, you could also connect to the Exchange Management Shell (EMS) through Powershell "remoting".

Connect to EMS using the current credentials (i.e. the user running Powershell):

$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange-server-fqdn/PowerShell -Authentication KerberosImport-PSSession $session

Replace exchange-server-fqdn with the FQDN or IP address of the Exchange server you wish to connect to. With this command, you will be using the credentials of the current logged in user, and authenticate through Kerberos. If the user is not a organizational admin, you will be able to l  ...
by lunarg on September 11th 2015, at 10:39
This is a very crude script to defrag (using eseutil) Exchange mailbox databases.

The script takes the database name as a mandatory parameter. It then dismounts the database, checks whether the database state has been shutdown cleanly, performs the defrag, verifies the state again, and finally, mounts it again.

Note that this is an offline process. The specified mailbox database will be offline, meaning that all mailboxes in the database will not be accessible until the process has been completed.

Use with caution!
This script has not been tested extensively and does not account for everything that can go wrong. I merely provide it as a good starting point to extend the script to somethin  ...
by lunarg on September 11th 2015, at 10:32

You can redirect the output of a Powershell script to a file. This is called transcribing, and is very useful if you have some Powershell scripts as scheduled tasks and wish to log its output.

$ErrorActionPreference="SilentlyContinue"
Stop-Transcript | out-null
$ErrorActionPreference = "Continue"
Start-Transcript -Path "C:\transcript.log" -Append
#
# My script code goes here...
#
Stop-Transcript
by lunarg on August 31st 2015, at 12:10
To reclaim space in virtual environments and thin provisioned storage facilities, SDelete from SysInternals is probably the most used tool on Windows to clear out unused space of a volume, allowing the SAN to release these data blocks back to the storage pool.

But while SDelete is robust, it has a few (minor) limitations:

It cannot handle mount points, only logical drives (i.e. volumes mounted on a logical drive letter).

It is rather slow on very large file systems.

I found an alternative online in the form of a Powershell script at this thread, written by David Tan, who in turn based it on a script found here.

The script creates an empty ("zeroed") 1 GB file and copies that f  ...
by lunarg on August 31st 2015, at 11:45
Powershell can also handle queries through WMI, allowing you retrieve all kinds of system information from local and remote systems running Windows. This also includes information about volumes, logical drives and shares.

For this to work on remote systems, you need to have Remote Management enabled. Starting from Server 2012, this is already enabled by default.

The commands use the Get-WmiObject cmdlet to retrieve the information. If no computer name is specified, the information will be retrieved from the system running the cmdlet. In order to connect to a remote system, run the cmdlet while specifying the computer name of the remote host with the -ComputerName parameter.

For example, t  ...
by lunarg on August 26th 2015, at 10:38
Exchange 2013 has several performance counters running by default. While this is useful for diagnostic purposes, it also can take up a lot of disk space (can go over 1 GB a day). You can use Powershell to clear out older performance logs.

gci 'S:ExchangeLoggingDiagnosticsDailyPerformanceLogs','S:ExchangeLoggingDiagnosticsPerformanceLogsToBeProcessed' | gci -Include '*.log','*.blg' -Recurse | ? LastWriteTime -lt (Get-Date).AddDays(-7) | Remove-Item

Replace the paths to the daily performance logs and performance logs to be processed. You can also adjust the number of days it needs to keep (in the example, it's 1 week). In the example, we remove the files, but you could just as easily move th  ...
by lunarg on August 21st 2015, at 11:06

You can mail-enable multiple accounts with a single Powershell command. Look below for some examples:

Mail-enable AD accounts whose first name is John:

Get-ADUser -Filter * | Where {$_.GivenName -like "John"} | ForEach-Object { Enable-Mailbox -Identity $_.DistinguishedName }

Mail-enable all accounts in an OU called Engineering:

Get-ADUser -Filter * -SearchBase "OU=Engineering,DC=contoso,DC=local" | ForEach-Object { Enable-Mailbox -Identity $_.DistinguishedName }
by lunarg on August 17th 2015, at 10:10

Easily count the number of mailboxes located on an Exchange (mailbox) server with Powershell:

[PS] >Get-Mailbox | Group-Object -Property:ServerName | Select-Object Name,Count

Name                   Count
----                   -----
exchange01                43
exchange02               100
exchange03               252
by lunarg on June 15th 2015, at 11:54
When running multiple scripts in a session, which use and add the same snap-in using Add-PSSnapin, only the first one succeeds. Subsequent attempts to add the same snap-in will result in an error:

Error
Cannot add Windows PowerShell snap-in My.SnapIn because it is already added. Verify the name of the snap-in and try again.

You can resolve this issue by enclosing it in the following if-statement:

if ( (Get-PSSnapin -Name My.SnapIn -ErrorAction SilentlyContinue) -eq $null ){ Add-PsSnapin My.SnapIn}

It (silently) checks the presence of the requested snap-in. If it does not exist (i.e. the check returns $null, then it loads the snap-in.

Note: replace My.SnapIn with whatever snap-in you   ...
by lunarg on June 11th 2015, at 15:09

You can easily convert an Exchange mailbox from one type to another through the Exchange Management Shell.

Set-Mailbox -Identity user.name -Type Regular

There are four types you can use to convert to:

  • Regular (User mailbox);
  • Shared
  • Equipment
  • Room

The Equipment and Room types are used for reservations of meeting rooms and equipment (DLP).

by lunarg on May 26th 2015, at 14:49

By default, it is not possible to specify passwords (the SecureString type) directly as a plain-text cmdlet parameter because it is unsecure to do so (and they are right). But sometimes, there's no other way to run a cmdlet without specifying the password as plain text as a cmdlet parameter. Luckily, there's an easy workaround by performing a conversion from plain text and store the password in a SecureString object.

$pw = ConvertTo-SecureString -String "your-pw" -AsPlainText -Force

You can then use the $pw object to specify the password in a cmdlet.

For example: resetting the password of an AD account:

Set-ADAccountPassword -Identity my-account -NewPassword $pw
1 · 2 · 3
showing posts tagged with 'powershell'