 © Rakhesh Sasidharan
|
Posted: June 29th, 2016 | Tags: group policy, powershell | Category: PowerShell | § Must have seen this recent Windows update that broke GPOs which were missing the Read permission for the “Authenticated Users” group. Solution is to get a list of these GPOs and add the “Authenticated Users” group to them. Here’s a one liner that gets you such a list –
|
|
Get-GPO -All | %{ $GPO = $_.DisplayName; $Perms = (Get-GPPermissions $GPO -All).Trustee.Name; if (!($Perms.Contains("Authenticated Users"))) { "$GPO" } } > GPOs.txt |
This puts it into a file called GPOs.txt in the current directory. Remove/ Modify that last re-direct as needed.
Posted: June 1st, 2016 | Tags: get-service, wmi | Category: PowerShell | § Wanted to find what account our NetBackup service is running under on a bunch of servers –
|
|
"server1", "server2", "server3", "server4" | %{ Get-WmiObject Win32_Service -ComputerName $_ | ?{ $_.Name -eq "NetBackup Client Service" } } | ft SystemName,Name,StartName |
You have to use WMI for this coz Get-Service doesn’t show the Log On As user.
Wheee!! Had a tweet from Jeffrey Snover for this post.
Following on that tweet I noticed something odd.
The following command works –
|
|
Get-WmiObject Win32_Service -cn server1,server2 -Filter 'Name= "NetBackup Client Service"' |
Or this –
|
|
Get-WmiObject Win32_Service -cn @("server1","server2") -Filter 'Name= "NetBackup Client Service"' |
In the second one I am explicitly casting the arguments as an array.
But this variant doesn’t work –
|
|
$Servers = "server1","server2" Get-WmiObject Win32_Service -cn $Server -Filter 'Name= "NetBackup Client Service"' |
That generates the following error –
Get-WmiObject : The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
At line:1 char:1
+ Get-WmiObject Win32_Service -cn $Servers -Filter ‘Name= “NetBackup Client Service …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Get-WmiObject], COMException
+ FullyQualifiedErrorId : GetWMICOMException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
Get-WmiObject : The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
At line:1 char:1
+ Get-WmiObject Win32_Service -cn $Servers -Filter ‘Name= “NetBackup Client Service …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Get-WmiObject], COMException
+ FullyQualifiedErrorId : GetWMICOMException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
The error is generated for each entry in the array.
It looks like when I pass the list of servers as an array variable PowerShell uses a different way to connect to each server (PowerShell remoting/ WinRM) while if I specify the list in-line it behaves differently. I didn’t search much on this but found this Reddit thread with the same issue. Something to keep in mind …
Posted: May 22nd, 2016 | Tags: esxi, ntp, powercli | Category: PowerShell, Virtualization | § Following on my previous post I wanted to set NTP servers for my ESX servers and also start the service & allow firewall exceptions. Here’s what I did –
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
# modify this with your vCenter server name $vcenter = "mycenterserver" $vcuser = Get-Credential Connect-VIServer -Server $vcenter -Credential $vcuser # remove the ?{ } clause if you want to target all hosts # I want to only target hosts with "xyz" in their name as I have different NTP servers per location $vmhosts = Get-VMHost | ?{ $_.Name -match "xyz" } | { $vmhost = $_.Name Write-Host -ForegroundColor Yellow "Looking at $vmhost " Write-Host -ForegroundColor Yellow "Removing all existing NTP server entries" Get-VMHostNtpServer -VMHost $vmhost | %{ Remove-VMHostNtpServer -VMHost $vmhost -NtpServer $_ -Confirm:$false} Write-Host -ForegroundColor Yellow "Adding new NTP server entries" Add-VMHostNtpServer -VMHost $vmhost -NtpServer "172.x.x.x" Add-VMHostNtpServer -VMHost $vmhost -NtpServer "192.x.x.x" Write-Host -ForegroundColor Yellow "Making firewall exceptions, starting the service, setting it to start automatically" Get-VMHostFirewallException -VMHost $vmhost| where {$_.Name -eq "NTP client"} | Set-VMHostFirewallException -Enabled:$true Get-VmHostService -VMHost $vmhost | Where-Object {$_.key -eq "ntpd"} | Start-VMHostService Get-VmHostService -VMHost $vmhost | Where-Object {$_.key -eq "ntpd"} | Set-VMHostService -policy "automatic" } |
Posted: May 17th, 2016 | Tags: powershell, remoting, security, winrm | Category: PowerShell | § Just some links I found on PowerShell remoting security –
Posted: May 2nd, 2016 | Tags: dns, powershell, server 2012 | Category: PowerShell | § I had to create multiple A DNS records of the format below –
|
|
10.240.187.21 for svr01 10.240.187.22 for svr02 ... 10.240.187.29 for svr09 |
Just 9 records, I could create them manually, but I thought let’s try and create en-mass using PowerShell. If you are on Windows Server 2012 and above, you have PowerShell cmdlets for DNS.
So I did the following –
|
|
1..9 | %{ $num = $_; Add-DnsServerResourceRecord -ComputerName dnssvr -ZoneName myzone.com -A -CreatePtr -IPv4Address "10.240.187.2$num" -Name "svr0$num" } |
To confirm they are created, the following helps –
|
|
1..9 | %{ $num = $_; Get-DnsServerResourceRecord -ComputerName dnssvr -Name "svr0$num" -ZoneName myzone.com -RRType A } |
Nice!
Posted: April 25th, 2016 | Tags: dhcp, get-service, powershell, services | Category: PowerShell, Windows | § Use PowerShell –
|
|
Get-DomainController | ft Name,@{Name="DHCP Service"; Expression={(Get-Service -ComputerName $_.Name | ?{ $_.Name -eq "DHCPServer" }).Status}} |
Result is a table of DC names and the status of the “DHCP Server” service. If the service isn’t installed (i.e. the feature isn’t enabled) you get a blank.
Posted: April 25th, 2016 | Tags: wmic | Category: PowerShell, Windows | § PowerShell:
|
|
Get-WmiObject Win32_OperatingSystem -ComputerName <computer> | fl LastBootUpTime |
Command Prompt/ WMI:
|
|
wmic /node:"<computer>" OS get LastBootUpTime |
Double quotes are important for the WMI method.
Posted: April 18th, 2016 | Tags: grep, regexp, select-string | Category: PowerShell | § Wasn’t aware of this until today when I needed to do this. The Select-String cmdlet in PowerShell can select strings based on a regexp (similar to findstr in regular command prompt) with the added benefit that it can also return context. Which is to say you can return the line that matches your pattern and also lines above or below it. Pretty cool!
In my case I needed to scan the output of portqry.exe and also get the UUIDs of the lines that match. These UUIDs are shown on the line above so I did something like this:
|
|
c:\portqryv2\portqry -n 192.168.50.50 -e 135 -p both | Select-String -Pattern "ncacn_ip_tcp" -Context 1,0 |
The -Context 1,0 switch is the key here. The first number tells the cmdlet how many lines before to show, the second number how many lines after.
Posted: February 28th, 2016 | Tags: group policy | Category: PowerShell, Windows | § To get a list of OUs and the status of GPO inheritance:
|
|
Get-ADOrganizationalUnit -SearchBase "OU=Servers,DC=domain,DC=tld" -Filter * | ft DistinguishedName,@{Name="Inheritance";Expression={(Get-GPInheritance$_.DistinguishedName).GpoInheritanceBlocked}} -Autosize |
To get a list of OUs that have GPO inheritance blocked:
|
|
Get-ADOrganizationalUnit -SearchBase "OU=Servers,DC=domain,DC=tld" -Filter * | ?{(Get-GPInheritance $_.DistinguishedName).GpoInheritanceBlocked -eq "Yes"} | ft DistinguishedName |
To get a list of OUs that have GPO inheritance blocked and a don’t have a particular GPO applied to them directly:
|
|
Get-ADOrganizationalUnit -SearchBase "OU=Servers,DC=domain,DC=tld" -Filter * | ?{(Get-GPInheritance $_.DistinguishedName).GpoInheritanceBlocked -eq "Yes"} | ft DistinguishedName,@{Name="Linked?";Expression={if (((Get-GPInheritance $_.DistinguishedName).GpoLinks | select DisplayName) -match "GPO I am Interested In") { "Yes" } else { "No" }}} -AutoSize |
There’s probably a better way to do this, but this is the best I could come up with …
Posted: October 2nd, 2015 | Tags: powercli | Category: PowerShell, Virtualization | § Wanted to get the space used by all VMs across a bunch of our newer hosts –
|
|
Get-VMHost host1,host2,host3 | Get-VM | ft Name,@{Name="Size (GB)"; Expression={$_.ProvisionedSpaceGb}; FormatString="N2"} -AutoSize |
There’s probably a way to show the total too but I used a separate pipeline for that –
|
|
Get-VMHost host1,host2,host3 | Get-VM | Measure-Object -Sum ProvisionedSpaceGb |
Posted: September 2nd, 2015 | Tags: active directory, last logged on | Category: PowerShell | § Trivial stuff. Wanted to note it down someplace for future reference –
|
|
Get-ADUser -Filter * -SearchBase "OU=Users,OU=DomainUsers,DC=mydomain,DC=com" -Properties * | Sort-Object LastLogonDate | ft Name,SamAccountName,LastLogonDate |
Posted: August 30th, 2015 | Tags: BITS | Category: PowerShell | § I had to copy some VMware templates from our head office to the branch offices. Thought I’d copy them out of the datastores manually, then do a BITS transfer to the remote offices. This way I can do the transfer during normal hours but with minimal user impact.
Since PowerShell 2.0 you had the Start-BitsTransfer cmdlet to do BITS transfers.
Oddly however, the command would just exit without any error for me. And it didn’t seem to be doing anything. Then I realized I was pointing the cmdlet to my source folder and that’s why it was failing! Start-BitsTransfer only takes files. You can specify wildcards to select multiple files but you can’t point it to a folder.
So the following doesn’t work:
|
|
Start-BitsTransfer -Source c:\MyFolder -Destination \\remote\folder |
But this works:
|
|
Start-BitsTransfer -Source c:\MyFolder\*.* -Destination \\remote\folder |
Since Start-BitsTransfer supports wildcards it’s mostly fine unless your folder contains sub-folders and you want to copy these and/ or preserve the structure. Fortunately this is PowerShell so it’s just a matter of creating some wrappers around the cmdlet to support folders too. Like this one for instance. Or use CSV files like in this MSDN article.
One thing to keep in mind – by default Start-BitsTransfer has a default priority (specified via the -Priority switch) of Foreground. This competes with other applications so is probably not what you want. You alternatives are High, Normal, or Low – each of which does the transfer in the background and uses the idle bandwidth of the client for transfer (the priority determines which transfer job gets priority over the other similar BITS transfers).
Another thing to keep in mind is that BITS only really looks at the bandwidth availability of the client (when I say “client” I am not sure if it’s the sender or receiver – I didn’t read much into this). In a LAN environment it could be the case that the WAN side is saturated but the particular client you are targeting is idle – in this case BITS will use the full client bandwidth available to it even though the network itself doesn’t have any spare bandwidth (this was the case prior to BITS 2.0 but since then BITS can use an Internet Gateway Device to try and assess the bandwidth availability on the WAN side – this requires an IGD be find-able via UPnP and also that the Internet Gateway Device support such reporting, so I am not sure how well it works in practice). You can also use GPOs to control BITS bandwidth usage.
Anyhoo, this is not a BITS intro so I’ll leave it at that. :)
Once you start a BITS transfer you can also pause it via Suspend-BitsTransfer or cancel it via Remove-BitsTransfer. The latter will also delete any files that are already transferred, so if you just want to cancel but leave the transferred files as it is use Complete-BitsTransfer instead.
That’s all for now!
p.s. Almost forgot. You can also use BITS to download HTTP files. Like in this post for instance.
Posted: June 23rd, 2015 | Tags: powercli, powershell, vsphere | Category: PowerShell, Virtualization | § More as a note to myself than anyone else, here’s a quick and dirty way to list all the VMs in a cluster with the number of snapshots, the used space, and the provisioned space. Yes you could get this information from the GUI but I like PowerShell and am trying to spend more time with PowerCLI.
|
|
Get-VM -Location (Get-Cluster -Name "My Cluster") | ft Name,PowerState,@{Name="Snapshots";Expression={(get-snapshot $_.Name | Measure-Object).Count}},@{Name="Used Space (GB)"; Expression={$_.UsedSpaceGB};FormatString="F0"},@{Name="Provisioned Space (GB)"; Expression={$_.ProvisionedSpaceGB}; FormatString="F0"},DatastoreIdList -AutoSize |
Posted: June 21st, 2015 | Tags: exchange, powershell | Category: PowerShell, Windows | § As the title says, here’s a one-liner to quickly create a list of all Exchange mailboxes in an OU with mailbox size, Inbox size, Sent Items size, and the number of items in each of these folders.
|
|
Get-ADUser -filter * -SearchBase "ou=MyOffice,ou=DomainUsers,DC=MyDomain,DC=com" -Properties * | ?{ $_.msExchHomeServerName -like "*Exchange*" } | Sort-Object DisplayName | Select-Object Name,@{Name="MailboxSize"; Expression={(Get-MailboxStatistics $_.Name).TotalItemSize}},@{Name="InboxSize"; Expression={(Get-MailboxFolderStatistics $_.Name -FolderScope Inbox | Select -First 1).FolderSize}},@{Name="InboxItems"; Expression={(Get-MailboxFolderStatistics $_.Name -FolderScope Inbox | Select -First 1).ItemsInFolder}},@{Name="SentSize"; Expression={(Get-MailboxFolderStatistics $_.Name -FolderScope SentItems | Select -First 1).FolderSize}},@{Name="SentItems"; Expression={(Get-MailboxFolderStatistics $_.Name -FolderScope SentItems | Select -First 1).ItemsInFolder}} | Export-CSV -Path \path\to\file.csv |
Posted: June 16th, 2015 | Tags: dhcp, powershell, powershell4 | Category: PowerShell, Windows | § Our deployment team needed a few DHCP options set for all our scopes. There was a brickload of these scopes, no way I was going to go to each one of them and right-click add the options! I figured this was one for PowerShell!
Yes, I ended up taking longer with PowerShell coz I didn’t know the DHCP cmdlets but hey (1) now I know! and (2) next time I got to do this I can get it done way faster. And once I get this blog post written I can refer back to it that time.
The team wanted four options set:
- Predefined Option 43 – 010400000000FF
- Custom Option 60 – String – PXEClient
- Predefined Option 66 – 10.x.x.x
- Predefined Option 67 – boot\x86\wdsnbp.com
PowerShell 4 (included in Windows 8.1 and Server 2012 R2) has a DHCP module providing a bunch of DHCP cmdlets.
First things first – I needed to filter out the scopes I had to target. Get-DhcpServerv4Scope is your friend for that. It returns an array of scope objects – filter these the usual way. For example:
|
|
Get-DhcpServerv4Scope -ComputerName MyDHCPServer | ?{ $_.Name -notmatch "Voice" -and $_.Name -notmatch "Wireless" } |
Now, notice that one of the options to be added is a custom one. Meaning it doesn’t exist by default. Via GUI you would add it by right clicking on “IPv4” and selecting “Set Predefined Options” then adding the option definition. But I am doing the whole thing via PowerShell so here’s what I did:
|
|
Add-DhcpServerv4OptionDefinition -ComputerName MyDHCPServer -Name PXEClient -Description "PXE Support" -OptionId 060 -Type String |
To add an option the Set-DhcpServerv4OptionValue is your friend. For example:
|
|
Set-DhcpServerv4OptionValue -ComputerName MyDHCPServer -ScopeId "MyScope" -OptionId 060 -Value "PXEClient" |
I had a bit of trouble with option 43 because it has a vendor defined format and I couldn’t input the value as given. From the help pages though I learnt that I have to give it in chunks of hex. Like thus:
|
|
Set-DhcpServerv4OptionValue -ComputerName MyDHCPServer -ScopeId "MyScope" -OptionId 043 -Value 0x01,0x04,0x00,0x00,0x00,0x00,0xFF |
Wrapping it all up, here’s what I did (once I added the new definition):
|
|
Get-DhcpServerv4Scope -ComputerName MyDHCPServer | ?{ $_.Name -notmatch "Voice" -and $_.Name -notmatch "Wireless" } | %{ $Scope = $_.ScopeId; Write-Host -ForegroundColor Yellow "Working on $Scope" Set-DhcpServerv4OptionValue -ComputerName MyDHCPServer -ScopeId $Scope -OptionId 043 -Value 0x01,0x04,0x00,0x00,0x00,0x00,0xFF Set-DhcpServerv4OptionValue -ComputerName MyDHCPServer -ScopeId $Scope -OptionId 060 -Value "PXEClient" Set-DhcpServerv4OptionValue -ComputerName MyDHCPServer -ScopeId $Scope -OptionId 066 -Value "10.x.x.x" Set-DhcpServerv4OptionValue -ComputerName MyDHCPServer -ScopeId $Scope -OptionId 067 -Value "boot\x86\wdsnbp.com" } |
And that’s it!
|