PowerShell Tips & Tricks | Explore PowerShell

Get only the required parameters when using Get-Help

February 24, 2013

If you type down A cmdlet and forget to include A required parameter (within A parameter set – each parameter set has its own required parameters) than PowerShell will produce an error with the relevant parameter that’s missing.
This trial and error scenario, and carefully reading all of the cmdlet’s help file, is the effective way to get comfortable with A cmdlet.
but sometimes you’ll just want A quick refresher of the required parameters, that’s when I’ll pipe Get-Help -Parameters * to Where-Object:

PS C:\> Get-Help Get-ADUser -Parameter * | where {$_.required -eq “true”}

The output will be the required parameters help content that lives inside the cmdlet’s help XML file.
Again, that’s a little “trick” I use from time to time when I want A quick refresher about the required parameters.
Don’t forget, not all the parameters you see in the output can work together – some cmdlets have more than 1 property sets. In the case of Get-ADUser, you can’t use “-Filter” alongside “-Identity”.

Do you also need to remind yourself from time to time what are the required parameters?

Tell me what you think!

Leave a Comment » | PowerShell Tips & Tricks | Tagged: active directory, Filtering, Get-Help, Powershell V2, Powershell v3 | Permalink
Posted by nachumella

Find Active Directory computer objects by their Operating System

January 15, 2013

Find out if you still have any Windows 2000 objects left in your domain

I was recently asked by a friend how to find Windows 2000 computers with PowerShell.

While its very easy to accomplish with ADUC, he needed a script.

Every computer object in Active Directory has an Operating System attribute (simply called “OperatingSystem”).

All you need to do is to use Get-ADComputer cmdlet and provide an expression for its filter parameter.

PS C:\> Get-ADComputer -Filter ‘OperatingSystem -like “Windows 2000*”‘

Leave a Comment » | PowerShell Tips & Tricks | Tagged: active directory, PowerShell Tips | Permalink
Posted by nachumella

Checking \ Setting Remote Desktop Services Profile Settings

December 24, 2012

Check or Set Remote Desktop Services Profile Settings With PowerShell

Many Administrators and Helpdesk teams are assigned with the task of configuring their clients RDP Settings. from the GUI, It is done through the “Remote Desktop Services Profile” tab in the ADUC user settings (that’s in Windows Server 2008 R2. in earlier versions, its called “Terminal Services Profile”)

Like most IT tasks (when it comes to Microsoft’s products), this task can be automated with PowerShell.
Personally, I like to use Microsoft’s ActiveDirectory PowerShell module for all PowerShell AD tasks.

In order to retrieve Remote Desktop settings, the Classic “Get-ADUser -Identity SomeUser -Properties *” wont help us find properties with relevant info, because Get-ADUser can’t get them all.

Another built-in solution is to use the old-fashioned ADSI adapter type. the .NET frameworks wraps the adapter like a PowerShell object. its accessible through the .psbase member set which let us access the objects public members.
Not as friendly as a Cmdlet, but it will give us properties and methods to work with.

The ADSI adapter is operated using LDAP queries (it can also query other LDAP instances than Active Directory), which means I have to use a Distinguished Name (DN) in order to get the user object:

PS C:\> $ADUser = [ADSI]”LDAP://CN=UserName,OU=Users,DC=TestDomain,DC=com”

But I got many OU’s… and typing down DN’s is so V1…

PS C:\> $ADUser = Get-ADUser UserName | select -ExpandProperty disting*
PS C:\> $ADUser = [ADSI]”LDAP://$ADUser”

(Notice that LDAP is all upper-case!)

Next, I query the object received with its InvokeGet() method.
First, I see if the Profile Path attribute is populated:

PS C:\> $ADUser.psbase.InvokeGet(“terminalservicesprofilepath”)
\\TSServer\Profiles\UserName

And make sure that the “Deny this user permissions to log on to Remote Desktop Sessions host server”
is UN-checked (“1” stands for allow, “0” for denied):

$ADUser.psbase.InvokeGet(‘allowlogon’)
1

So I can also check bulks of users:

PS C:\> Get-ADGroupMember Sales_Team | ForEach-Object {
>> Write-Host $_.samaccountname + ” RDP Configuration:”
>> $x = [ADSI]”LDAP://$($_.DistinguishedName)”
>> $x.psbase.invokeget(“terminalservicesprofilepath”)
>> $x.psbase.invokeget(“allowLogon”)
>> }

Thats pretty useful, but how do I configure those attributes? similar to the last example, I use the InvokeSet() method.

PS C:\> $x.psbase.invokeset(“terminalservicesprofilepath”,”\\TSServer\Profiles\UserName”)
PS C:\> $x.psbase.invokeSet(“allowLogon”,1)
PS C:\> $x.setinfo()

Do you find it helpful?
Let me know what you think!
Happy scripting 🙂

3 Comments | PowerShell Tips & Tricks | Tagged: active directory, ADSI, Powershell V2, remote desktop services profile, terminal services | Permalink
Posted by nachumella

Easily create a daily mail report using PowerShell V3 scheduled tasks

December 7, 2012

Use PowerShell scheduled tasks to create daily mail reports with the scripts you have written

Today I’ll show you a really cool thing in PowerShell V3, and its the simplicity of creating a scheduled task

If you’re enthusiastic and excited about automating your daily admin tasks with PowerShell as much as I am, you have probably written a decent amount of scripts for you and your team.

Here is an example of a script I wrote back in V2 that draw’s data from the File Server’s D: Partition, which hold the user’s home folders and departmental UNC’s:

Import-Module ActiveDirectory
function getthedata {
$badcomp = @()
$CompList = Get-ADComputer -Filter 'name -like "fs*"' | select -ExpandProperty Name
foreach ($c in $CompList) {

   Try {
     Get-WmiObject win32_logicaldisk -ComputerName $c -Filter 'DeviceID = "D:"' -ea stop |
     Select-Object @{l='ServerName';e= {$_.__SERVER} },
     @{l='TotalSize(GB)';e = {$_.Size / 1GB -as [int]} },
     @{l='FreeSize(GB)';e = {$_.freespace / 1GB -as [int]} }
   }

   Catch {
     $badcomp += $c
   }

}
"`nthe following servers could not be reached:"
$badcomp
}
getthedata

A quick review of the script:

get the computer names from AD that starts with FS. in my case its only file servers, but you can also create a .txt file with computer names and use Get-Content C:\CompNames.txt, for example.
enumerates the computer names (which are actually string objects) and query the Win32_LogicalDisk WMI library for each of them, and then calculates the properties that I chose using Select-Object.
the Try and Catch block are used for error-handling, and instead of having ugly error’s in my output that infroms me about servers I don’t have access to (that is the case with my errors) I just add the computer names that I cannot access to a collection, and then im outputting that collection in the end of script

As a sys admin, you dont always have the time, or you just simply forget, to do these kind of tasks.

This is where PowerShell scheduled tasks and the Send-MailMessage cmdlet comes in.

At the end of the script, instead of calling the function, you can call it in the Send-MailMessage -Body parameter:

function getthedata {

. . . . .

}

Send-MailMessage -From MyEmail@Domain.com -To MyEmail@Domain.com -Subject “File Server Disk Report” -Body (getthedata | Out-String) -SmtpServer ExchangeServer

Notice that the function is called and then piped to Out-String inside brackets in the -Body parameter. In the Background, the function is called and its data is outputted to the type of System.String, which is the only type of objects the -Body parameter accepts. Straight-out calling the function will just send you an email with the function’s name inside the email’s content.
Once the script runs, it will send an email with the script’s (or function’s) output.
That email can also be sent to my team, all I have to do is just add their email addresses (separated by a comma) in the -To parameter.

The last step is to register a scheduled job. I can do that easily with PowerShell’s PSScheduledJob Module – a new module for PowerShell V3.
First I need to create a Trigger Object, which is a set of criteria and conditions that trigger the job to run. quite simply:

PS D:\> $trigger = New-JobTrigger -Daily -At 2:00
PS D:\> $triggerId Frequency Time DaysOfWeek Enabled
– ——— —- ———- ——-
0 Daily 12/3/2012 2:00:00 AM True

Next, I create a new scheduled job using Register-ScheduledJob, and populate its -Trigger parameter with the trigger I just created, and assign the script’s path to the -FilePath parameter:

PS D:\> Register-ScheduledJob -Name FileServ_Report -FilePath D:\ps\FileServ_MailReport.ps1 -Trigger $Trigger -Credential YOURDOMAIN\UserName

Very important notice – Make sure you type the -Credetial parameter! otherwise, the scheduled task will only have privileges to run on your local computer, which means it will not contact the servers mentioned in the script, and you will get an email with blank data!

If it asks you for a password, you will know you did it right.

You can confirm the task is Scheduled by using Get-ScheduledJob:

PS D:\> Get-ScheduledJob -Name FileServ_Report

Id Name JobTriggers Command Enabled
— —- ———– ——- ——-
17 FileServ_Report 1 D:\ps\FileServ_MailReport.ps1 True

And run it to see how it looks like:

PS D:\> (Get-ScheduledJob -Name FileServ_Report).Run()

Leave a Comment » | PowerShell Tips & Tricks | Tagged: email report, powershell email report, Powershell v3, Scheduled tasks, send-mailmassage | Permalink
Posted by nachumella

Enable PowerShell V2 on Windows 8

November 4, 2012

Enable PowerShell V2 in Windows 8

I’ve been working with Windows 8 for a week or so on my laptop, and I’ve noticed something.
While trying to start a PowerShell V2 host, I get a message that The .NET Framework Version 2 isn’t installed – a requirement for PowerShell V2 to work.

Here is a solution:

Very Important – In order for this to work, you need to assure 2 things:

You need to open an elevated Shell.
You need to open a 64 bit command shell if you’re using a 64 bit Windows OS.

.NET framework version 3.5 is available for installation – as a Windows Feature (which contains all past versions – including version 2) in Windows 8. I know that by using V3’s Get-WindowsOptionalFeature cmdlet, which is part of the DISM PowerShell Module:

PS C:\Windows\system32>; Get-WindowsOptionalFeature -Online | where {$_.FeatureName -Like ‘netfx3’}

Feature Name : NetFx3
State : DisabledWithPayloadRemoved

Now that I know its there, I have to enable that feature (you can also just pipe the former example):

PS C:\Windows\system32>; Enable-WindowsOptionalFeature -Online -FeatureName netfx3Path :
Online : True
Restart Needed : False

installation will take a few minutes. once it’s finished, I can now load a V2 Host:

I can confirm it by checking the $PSVersionTable variable, and its PSVersion property :

PS C:\Windows\system32>; $PSVersionTableName
—- —–
CLRVersion 2.0.50727.6387
BuildVersion 6.1.7600.16385
PSVersion 2.0
WSManStackVersion 2.0
PSCompatibleVersions {1.0, 2.0}
SerializationVersion 1.1.0.1
PSRemotingProtocolVersion 2.1

Leave a Comment » | PowerShell Tips & Tricks | Tagged: $PSVersiontablename, dism, powershell, Powershell V2, Powershell v3, Windows 8 | Permalink
Posted by nachumella

Explore PowerShell

Get only the required parameters when using Get-Help

Find Active Directory computer objects by their Operating System

Find out if you still have any Windows 2000 objects left in your domain

Checking \ Setting Remote Desktop Services Profile Settings

Check or Set Remote Desktop Services Profile Settings With PowerShell

Easily create a daily mail report using PowerShell V3 scheduled tasks

Use PowerShell scheduled tasks to create daily mail reports with the scripts you have written

Enable PowerShell V2 on Windows 8

Follow Blog via Email

Join the 2013 Scripting Games!

Recent Posts

Categories

Archives