Skip to main content

Posts

Showing posts from 2010

Nice post on arrays

Hi I've justhad a comment from a colleague that i haven't put anything up here for a while (thanks Dimce!), which is very true - i can only hold my head in shame! Since that comment, i have found a very nice (albiet from a few years back) article about arrays from Bruce Payette http://blogs.msdn.com/b/powershell/archive/2007/01/23/array-literals-in-powershell.aspx?wa=wsignin1.0 this just says to me that for however long you use powershell, there is always something more to learn! cheers Adam

AD Bitlocker Recovery with Quest tools

It has been a while since I have posted anything, mainly due to changing jobs and the time spent with my ever growing family.  This is not to say that I have not been keeping up with scripting development...far from it! I had an interesting one today where a request came in for the following : “I need the bitlocker recovery password for a deleted computer object” As my current environment does not support the AD cmdlets, I looked to the quest tool set and was pleasantly surprised. Here is what I came up with, commented in line... #for easy editing, define the computername that has been deleted $compname = "ABC12345" #search AD including Deleted objects (-tombstone) for recovery information objects and filter where the last known parent contains the computer name. Then just return the password $recoverykey = Get-QADObject -Tombstone -Type "msFVE-RecoveryInformation" -SizeLimit 0 -Includedproperties msFVE-RecoveryPassword -SearchRoot "CN=Deleted Objects

Powergui.org

I have recently been contributing to powergui.org, an RSS feed of my posts follows: feed://powergui.org/rss/rssmessages.jspa?categoryID=55&rssUsername=adamstone  when ever searching for answers, powergui.org always seemed to come up in my google results and has proven a good resource for powershell answers.  Hopefully, I can contribute something back! cheers Adam

Enabling and Using Windows 2008 R2 AD Recycle Bin

I’ve just had a look at how to use the ad recycle bin... and guess what, you need PowerShell to use it! Once you are running at R2 forest functional level, you need to enable the recycle bin... Get-ADOptionalFeature -filter {name -eq "Recycle Bin Feature"}} | Enable-ADOptionalFeature -scope ForestOrConfigurationSet Once that is done, you can delete an object safe in the knowledge that it will be available for full restore. so, how do we restore it? get-adobject -filter {displayname -eq "Adam Stone"} -IncludeDeletedObjects | Restore-ADObject -TargetPath "cn=users,dc=domain,dc=com" It's not the way I imagined the feature will be implemented, but an improvement on the previous restore process.  Look out for a future post building this into a function!

Export Hash Tables to CSV - Powershell V2

I wrote about hash tables a while back in regards to counting OS types. The one thing I didn't lookinto back then was how to export the information to CSV. Easy, I hear you cry - just use export-csv!  Not quite as easy as you would imagine. The main thing to tackle is the fact that Hash Tables are not objects as we would usually consider them.  If you run get-member on a hash table you get the following properties : Count IsFixedSize IsReadOnly IsSynchronized Keys SyncRoot Values What is required is to create an object based on the hash table prior to exporting. Lets create a similar hash table to the one found in my previous post : $complist = get-ADcomputer -filter {enabled -eq $true} -properties operatingsystem $OSlist = @{} $complist | % {try {$OSlist.$($_.operatingsystem) ++}catch{$OSlist.None ++}} Export this to CSV and you get : PS U:\> $OSlist | Export-Csv "OScount1.csv" -NoTypeInformation PS U:\> type .\OScount1.csv "IsReadOnly",&

compare-object in Powershell - comparing mulitple values

I'm starting to use compare-object more and more, and one thing I noticed, is that you can compare 2 objects based on multiple attributes. here is how it is constructed... Compare-Object -ReferenceObject $object1 -DifferenceObject $object2 -Property a,b,c,d,e If a,b,c and d are the same, but e is different, compare object will return a difference. In the following example, I use "-eq $null" as a check because by default compare-object returns $null if the objects are the same. #create an array of objects to check against $collection = @() foreach ($entry in ("aaaaa","bbbbb","ccccc","ddddd")){    $store = "" | select "a","b","c","d","e"    $store.a = $entry*1    $store.b = $entry*2    $store.c = $entry*3    $store.d = $entry*4    $store.e = $entry*5    $collection += $store } #create an object similar to those in the array $object = "" | select &quo

Ensuring all OU's are protected from Accidental Deletion - AD Cmdlets

A new tick box was included in Active Directory Users and computer with Windows server 2008 - the ability to block the deletion of an object even if the user has admin rights to that object.  Looking behind the scenes at what that tick box does is actually add a Deny permission to the ACL of the object for you.  Without the AD management pack, when trying to script this to ensure all OU's are protected, you cannot check for this tickbox - You have to enumerate the permissions and verify all (yes, there is more than 1 permission added) exist.  Consequently, to 'tick' the box by a script, you have to add all the permissions which can be complicated.  I have managed to do this but it got too deeply involved in .net to be a simple solution. In the advent of the AD management pack for powershell though, life is made quite a lot simpler.  The following (one-liner!) will do the job for you. Get-ADOrganizationalUnit -filter {*} -searchbase (get-adrootdse).defaultnamingcontext

PowerShell 2 Try / Catch - find the right exception to catch

As my quest continues to find out more ways to get exceptions (see this last post for my first attempt), I have been sent this post  at MSDN, which greatly helps me on my way. (Thanks Peter and Swaminathan) Until now, it has been somewhat of a mystery to me how to generate the catch [class] to successfully catch the specific error you want.  As demonstrated in the above link, the following command reveals all.... $Error[0] | fl * -force As shown in the link, it reveals Microsoft.ActiveDirectory.Management.ADPasswordComplexityException as the class to catch.  so all you need to do is insert (or run) this line just after an error is generated and you will see what you need to catch! I will be noting all errors / exceptions I encounter so a future blog post will be in the making soon.  I will also be seeing if the -force option reveals anything useful elsewhere!

Elevated or not Elevated - Who is your user?

On my troubleshooting travels, I came across this link precisly addressing the problem I had encountered.  From this though, I quite liked the neat way in which the user account elevation test was completed.  I have modified it slightly to simplify the code, but it still does what it needs to.  Thanks for the post Oisin! $identity = [Security.Principal.WindowsIdentity]::GetCurrent() $principal = new-object Security.Principal.WindowsPrincipal $identity $elevated = $principal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) if ($elevated) {"elevated - continue"} else{"Not Elevated"}

Powershell 2 Try / Catch Exceptions

Powershell 2 Try / Catch Exceptions Powershell 2 has a new error handling function in Try / Catch.  The official help file for full details on how to run the command can be found here .  The part I have been looking into is how to define the exceptions which led me to a page on MSDN which lists the inheretance of the class system.exception  - essentially the values allowed in the Catch part of the Try / Catch.  Adding this page to links!

The Ultimate Windows 7 folder

A colleague (thanks Tony) sent me through an email saying ... create this folder on you c drive an take a look inside : AllControlPanels.{ED7BA470-8E54-465E-825C-99712043E01C} The folder contains all the control pannels in one place!  In doing a search on the GUID (the text in the brackets) shows that this has been nicknamed God Mode ... pretty handy I'd say.  To extend this a little further, here is a list of a few more in a format to copy and paste into a command prompt.  It creates and adds all the new folders to a tools folder on the c drive.  Enjoy! Md c:\tools Cd c:\tools md AllControlPanels.{ED7BA470-8E54-465E-825C-99712043E01C} Md LOCATION.{00C6D95F-329C-409a-81D7-C46C66EA7F33} md BIOMETRIC.{0142e4d0-fb7a-11dc-ba4a-000ffe7ab428} md POWER.{025A5937-A6BE-4686-A844-36FE4BEC8B6D} md NOTIFICATION.{05d7b0f4-2121-4eff-bf6b-ed3f69b894d9} md CREDENTIALS.{1206F5F1-0569-412C-8FEC-3204630DFB70} md NETWORKAPPS.{15eae92e-f17a-4431-9f28-805e482dafd4} md DEFAULTS.{17cd948