Powershell

PowerShell module with functions to Get AD FSMO roles, Get and Set NTP server setting


This module can be downloaded from the Microsoft Script Center Repository.

The module does not require ActiveDirectory PS module, and includes 3 functions:

Get-ADRole: This is a function to return one or all DC FSMO role holders in the current AD forest

Get-NTPDCs: This is a function to return NTP server settings for one or all DCs in current AD forest

Set-NTP: This is a function to change NTP server settings for one or more DCs in current AD forest

Example:

$DCNames = ((([DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()).Sites).Servers).Name
$DCNames -notmatch (Get-ADRole PdcRole).DCName | % { Set-NTP $_ time-c.nist.gov }

This example will change NTP server setting on all DCs except PDC emulator to ‘time-c.nist.gov’

Of course for this to work, it needs to to be run under an AD user that has permission to write to the DCs’ registry.

Getting started:

  • To use the functions/cmdlets in this module, download this module, extract the files using Winrar for example.
  • Open PowerShell ISE as Administrator
  • Open and execute the Install-Module.ps1 script

StorSimple 8k software release 4.0


Around mid February 2017, Microsoft released StorSimple software version 4.0 (17820). This is a release that includes firmware and driver updates that require using Maintenance mode and the serial console.

Using this PowerShell script to save the Version 4.0 cmdlets and compare them to Version 3.0, I got:

storsimple40-a

Trying the new cmdlets, the Get-HCSControllerReplacementStatus cmdlet returns a message like:

storsimple40-b

The Get-HCSRehydrationJob returns no output (no restore jobs are running)

The Invoke-HCSDisgnostics seems pretty useful and returns output similar to:

storsimple40-c

The cmdlet takes a little while to run. In this case it took 14 minutes and 38 seconds:

storsimple40-d

It returns data from its several sections like;

System Information section:

storsimple40-e

This is output similar to what we get from the Get-HCSSystem cmdlet for both controllers.

Update Availability section:

storsimple40-f

This is output similar to Get-HCSUpdateAvailability cmdlet, although the MaintenanceModeUpdatesTitle property is empty !!??

storsimple40-g

Cluster Information section:

storsimple40-h

This is new exposed information. I’m guessing this is the output of some Get-HCSCluster cmdlet, but this is pure speculation on my part. I’m also guessing that this is a list of clustered roles in a traditional Server 2012 R2 failover cluster.

Service Information section:

storsimple40-i

This is also new exposed information. Get-Service is not an exposed cmdlet.

Failed Hardware Components section:

storsimple40-j

This is new exposed information. This device is in good working order, so this list may be false warnings.

Firmware Information section:

storsimple40-k

This output is similar to what we get from Get-HCSFirmwareVersion cmdlet

Network Diagnostics section:

storsimple40-l

Most of this information is not new, but it’s nicely bundled into one section.

Performance Diagnostics section:

storsimple40-m

Finally, this section provides new information about read and write latency to the configured Azure Storage accounts.

The full list of exposed cmdlets in Version 4.0 is:

Clear-DnsClientCache
Set-CloudPlatform
Select-Object
Restart-HcsController
Resolve-DnsName
Out-String
Out-Default
Set-HcsBackupApplianceMode
Measure-Object
Invoke-HcsmServiceDataEncryptionKeyChange
Invoke-HcsDiagnostics
Get-History
Get-Help
Get-HcsWuaVersion
Get-HcsWebProxy
Invoke-HcsSetupWizard
Set-HcsDnsClientServerAddress
Set-HcsNetInterface
Set-HcsNtpClientServerAddress
Test-HcsNtp
Test-HcsmConnection
Test-Connection
Sync-HcsTime
Stop-HcsController
Start-Sleep
Start-HcsUpdate
Start-HcsPeerController
Start-HcsHotfix
Start-HcsFirmwareCheck
Set-HcsWebProxy
Set-HcsSystem
Set-HcsRemoteManagementCert
Set-HcsRehydrationJob
Set-HcsPassword
Get-HcsUpdateStatus
Trace-HcsRoute
Get-HcsUpdateAvailability
Get-HcsSupportAccess
Enable-HcsRemoteManagement
Enable-HcsPing
Enable-HcsNetInterface
Disable-HcsWebProxy
Disable-HcsSupportAccess
Disable-HcsRemoteManagement
Enable-HcsSupportAccess
Disable-HcsPing
Test-NetConnection
Test-HcsStorageAccountCredential
TabExpansion2
Reset-HcsFactoryDefault
prompt
Get-NetAdapter
Disable-HcsNetInterface
Enable-HcsWebProxy
Enter-HcsMaintenanceMode
Enter-HcsSupportSession
Get-HcsRoutingTable
Get-HcsRemoteManagementCert
Get-HcsRehydrationJob
Get-HcsNtpClientServerAddress
Get-HcsNetInterface
Get-HcsFirmwareVersion
Get-HcsDnsClientServerAddress
Get-HCSControllerReplacementStatus
Get-HcsBackupApplianceMode
Get-Credential
Get-Command
Export-HcsSupportPackage
Export-HcsDataContainerConfig
Exit-PSSession
Exit-HcsMaintenanceMode
Get-HcsSystem
Update-Help


Powershell script to get disk information including block size


This script can be downloaded from the Microsoft Technet Gallery. It contains the Get-SBDisk function which takes one parameter as input being one or more computer names or IP addresses. It return s a PowerShell object for each fixed disk of each input computer.

To see the inline help and example:

help Get-SBDisk -ShowWindow

get-sbdisk2

This script takes advantage of this function and collects disk information on all computers in the current AD domain (without the need to use ActiveDirectory PowerShell module):

$adsi = [adsisearcher]"objectcategory=computer"
$adsi.SearchRoot = "LDAP://dc=$($env:USERDNSDOMAIN.replace('.',',dc='))"
$adsi.filter = "(&(objectClass=Computer)(!userAccountControl:1.2.840.113556.1.4.803:=2))" # enabled computers
$adsi.PageSize = 1000000 
$EnabledADComputers = $adsi.FindAll()
$EnabledADComputerNames = @()
$EnabledADComputerNames += $EnabledADComputers | % { $_.Properties.name } # List of the names of enabled computers from AD
$i = 0
$DiskInfo = @()
$EnabledADComputerNames | % {
   $i++
   Write-Progress -Activity "Checking disks on computer $_" -Status "$i of $($EnabledADComputerNames.Count)"
   $DiskInfo += Get-SBDisk $_ -Verbose
}
$DiskInfo | FT -a # output disk information to console
$DiskInfo | Out-GridView # Output disk information to ISE grid view
$DiskInfo | Export-Csv .\DiskInfo.csv -NoType # Save disk information to CSV

"Checked $($EnabledADComputerNames.Count) computers in AD"
"Found $(($DiskInfo | % { $_.ComputerName } | select -Unique).Count) reachable computers"
"$($DiskInfo.Count) disks checked"

get-dbdisk3

This is formatted to work with PS version 2.

During the script run you may see progress similar to:

get-sbdisk1

and output similar to:

get-dbdisk4

To view a list of disks with less than 20% free space:

"Disks with less than 20% free space"
$DiskInfo | 
    where { $_.'Free(%)' -lt 20 -and $_.'Free(%)' -ne 100 } | 
       sort 'Free(%)' | FT -a

get-dbdisk5

 

 


PowerShell script to report on computer inventory


Back in October of 2014 I responded to a TechNet Script Center Repository Request

ping01

The script I wrote back then looked like:

ping02

Based on user feedback I decided to update this script. Version 2 is now online. Enhancements in version 2 include:

  • Powershell 2.0 compatibility (Windows 7 and Server 2008 native, Windows 2003 and Windows XP possible)
  • Script version 2 is backward compatible with script version 1 in the sense that example are provided to use script v2 to produce same output as script v1
  • Both scripts return output as a PS Object which lends itself handy to further automation
  • Added -Verbose output, removed ‘log’ function
  • Added more information for computer object:
    •  Manufacturer – example : Microsoft Corporation
    • OSCaption – example : Microsoft Windows 7 Professional
    • VirtualMachine  : True or False
    • OSArchitecture – example : 64-bit

Example 1

.\Ping-Report-v2.ps1 

The script returns a PS object similar to:

ping10

Example 2

.\Ping-Report-v2.ps1 -ComputerName $env:COMPUTERNAME,bla1,p-2012r2-sb1

Possible output:

ping09

This example shows output when a computer is down, and when the script is run under a user context that has no permission/access to query the target computer(s)

Example 3

The same can be done reading the computer list from a CVS file as in:

Import-Csv .\Computerlist.csv | 
  % { .\Ping-Report-v2.ps1 $_.ComputerName }

The input CSV file may look like:

ping05

Example 4

The output can be exported to CSV to file as in:

Import-Csv .\Computerlist.csv | 
  % { .\Ping-Report-v2.ps1 $_.ComputerName } | 
    select ComputerName, Status, OSCaption, VirtualMachine, IPAddress |
      Export-Csv z:report1.csv -NoType

ping07b

Example 5

.\Ping-Report-v2.ps1 V-WIN7PROX64,bla1,V-WIN7PROX64,p-2012r2-sb1 | 
    select ComputerName, Status, OSCaption, VirtualMachine, IPAddress | FT -a

ping08

 

 


StorSimple Test-HcsStorageAccountCredential Powershell cmdlet output inaccurate


Test-HcsStorageAccountCredential is a function in the HCS (Hybrid Cloud Storage) PowerShell module.

storsimple-storage2

This module is only available on StorSimple device. The purpose of this function is to test connectivity and authentication to an Azure Storage account or other supported public clouds’ storage containers. This may be needed during device deployment to troubleshoot connectivity issues; specifically Storage Account access.

The cmdlet/function has 3 parameter sets. When using the ‘name’ parameter set, we may see several outputs like:

storsimple-storage3The output above indicates that the Storage Account does not exist, or

storsimple-storage5that the Storage Account is not used by any volume container on this device.

Once a volume container is created to use a newly created Storage Account

storsimple-storage4

The Test-HcsStorageAccountCredential returns a different output:

storsimple-storage6

The above output indicates that the StorSimple device can access the Storage Account successfully. What’s indicative of success here is NOT the ‘HcsErrorMessage: Success’ message. This is considered a success because of the ‘StatusCode: 0‘ message.

Now, if you change the Storage account keys (password portion of the credential needed to access it), the Test-HcsStorageAccountCredential returns output similar to:

storsimple-storage7

The HcsErrorMessage and the HttpMessage above seem to be accurate.

After synchronizing the Storage Account keys with the StorSimple Manager service, deleting the volume container associated with the Storage Account, and deleting the Storage Account, the Test-HcsStorageAccountCredential returns output similar to:

storsimple-storage8

The above message is a bit confusing. I expect to see a message similar to the red error message above indicating that the Storage Account does not exist. ‘HcSErrorMessage: Success’ here is inaccurate. On the bright side, ‘HttpMessage: ResourceNotFound’ is accurate.

In one scenario, where volume container creation fails with error 502, the Test-HcsStorageAccountCredential returns output similar to:

storsimple-storage1

Again, ‘HcSErrorMessage: Success’ here is inaccurate. This particular error ended up being a mis-configured proxy settings on the device where NTLM was specified instead of None and no username/pwd were provided. The proxy was not requiring or using any authentication.

The PowerShell commands to use are:

Get-HCSWebProxy # to view current Proxy settings

Set-HCSWebProxy -ConnectionURI 'http://myproxy.mydomain.com:8000' -Authentication 
None # to configure the device to use Proxy

Enable-HCSWebProxy # to enable Proxy use

Conclusion:

When using the Test-HcsStorageAccountCredential function/cmdlet with the ‘name’  parameter set, any StatusCode value other than 0 indicates failure to connect or/and authenticate to the Storage Account. ‘HcSErrorMessage: Success’ may be inaccurate.

 


PowerShell function to parse Netstat output and return a PowerShell object


This is a function to parse Netstat -ano output and return a PowerShell object.

This output is similar to that of the Get-NetTCPConnection cmdlet of the NetTCPIP PowerShell module.

To see the built-in help, type in: help Parse-Netstat -Show

Example:

(Parse-Netstat | where { $_.Version -eq ‘IPv4’ -and $_.RemoteAddress -ne ‘0.0.0.0’ -and $_.LocalPort -eq 5985 } | select RemoteAddress -Unique).RemoteAddress

This example checks for connections where localhost is listening on TCP port 5985 (VMM Agent which uses WBEM WS-Management HTTP), and returns the IP address of the remote host (VMM server). VMM being System Center Virtual Machine Manager. If it returns nothing, this means this machine is not listening on port 5985 (VMM agent not running)

Example:

vmm1


Powershell script to read column from CSV file, excluding one or more values


This script will read the input CSV file, and look for a column name as entered in either the -Column or -Alias parameters. If column is found, the script will read all the values in that column, exclude any values passed in the -ExcludeValue parameter, and return all remaining values.

EXAMPLE
Read-CSV -FileName ‘.\MigrationData-1.csv’ -Column ‘user’ -Verbose
This example reads and returns all values in column ‘user’

CSV1

EXAMPLE
$UserList = Read-CSV -FileName ‘.\MigrationData-1.csv’ -Column ‘user’ -ExcludeValue ‘none’,’N/a’ -Verbose
This example reads and returns all values in column ‘user’, excluding the values ‘none and ‘n/a’ (not case sensitive), and stores the read user names in the $UserList variable

CSV2

EXAMPLE
$UserList = Read-CSV -FileName ‘.\MigrationData-1.csv’ -Column ‘samAccountName’ -Alias ‘user’,’users’,’username’ -ExcludeValue ‘none’,’N/a’ -Verbose
This example reads the input CSV file, looks for a column named ‘samAccountName’,’user’,’users’,or ‘username’, and returns all values in the found column if any, excluding the values ‘none and ‘n/a’ (not case sensitive), and stores the read user names in the $UserList variable.

CSV3


Powershell script to validate if a folder exists, creates it if not, creates subfolders if needed


This function will  validate that a folder exists, and creates the folder if missing.

If the -NoCreate switch is used the function will not create a missing folder

The function will create missing subfolders as well

The parameter -FolderName can be local like ‘c:\folder 1\folder 2’ or UNC path like ‘\\server\share\folder 1\folder 2’

The -NoCreate switch insructs the function to NOT create the folder if missing

The function returns a TRUE/FALSE value. The function returns TRUE if:

  • The folder exists
  • The folder did not exist but was created by the function

The function will return FALSE if:

  • The folder doesn’t exist and the -NoCreate switch is used
  • The folder doesn’t exist and the function failed to create it

The function will create the folder tree if it does not exist. For example, if c:\sandbox has no subfolders and we run the cmdlet:

Validate-Folder f1\22\33\44\55\66\77\88 -Verbose

It will create the folders:

  • c:\sandbox\f1 and
  • c:\sandbox\f1\22 and
  • c:\sandbox\f1\22\33 and
  • c:\sandbox\f1\22\33\44 and
  • c:\sandbox\f1\22\33\44\55 and
  • c:\sandbox\f1\22\33\44\55\66 and
  • c:\sandbox\f1\22\33\44\55\66\77 and
  • c:\sandbox\f1\22\33\44\55\66\77\88

Folder1

Folder2

EXAMPLE
Validate-Folder -FolderName c:\folder1
This example checks if folder c:\folder1 exists, creates it if not,
returns TRUE if exists or created, returns FALSE if failed to create missing folder

EXAMPLE
Validate-Folder -FolderName ‘c:\folder 2’ -NoCreate
This example checks if ‘c:\folder 2’ exists, return TRUE if it does, FALSE if it doesn’t

EXAMPLE
if (Validate-Folder ‘c:\folder 1\sub 2’) { ‘hi’ | Out-File ‘c:\folder 1\sub 2\file.txt’ }
This example checks if folder ‘c:\folder 1\sub 2’ exists,
creates it if it doesn’t,
creates file ‘c:\folder 1\sub 2\file.txt’, and
writes ‘hi’ to it

EXAMPLE
@(‘c:\folder1′,’\\server\share\folder 4’) | % { Validate-Folder $_ -Verbose }
This example validates if the folders in the input array exist, creates them if they don’t

 


Powershell script to provide a PS Credential object, saving password securely


Have you ever been in the situation where you need to execute a cmdlet like

Disable-ADAccount -Identity ‘Someone’ -Server ‘MyDomainController’ 

To disable a user account, but it fails because your account does not have permission to disable users?

You can use another account that have permissions to disable users by using the -Credential parameter of the Disable-ADAccount cmdlet as in

Disable-ADAccount -Identity ‘Someone’ -Server ‘MyDomainController’ -Credential (Get-Credential)

The Get-Credential cmdlet prompts for a user name and password, which is fine if ypu need to run it once or a few times. However, we often come across situation where we need to use several credentials to automate tasks in Active Directory, Exchange, SharePoint,… You will rarely have a single account that has permission to do all these tasks, or across multiple directories. In an automation script, the Get-SBCredntial function can make this easy.

Here’s an example:

$SourceADCred = Get-SBCredential 'domain1\MyADAdmin'
$TargetADCred = Get-SBCredential 'domain2\MyADAdmin'
$ExCred = Get-SBCredential 'domain1\MyExchangeAdmin'
Disable-ADAccount -Identity 'Someone' -Server 'MyDomainController1' -Credential $SourceADCred
Disable-ADAccount -Identity 'Sometwo' -Server 'MyDomainController2' -Credential $TargetADCred
Get-Mailbox -Identity 'someone@domain.com' -Credential $ExCred

 

 

 


Powershell script to list StorSimple network interface information including MAC addresses


In many cases we can obtain the IP address of a network interface via one command but get the MAC address from another command. StorSimple 8k series which runs a core version of server 2012 R2 (as of 20 June 2016) is no exception. In this case we can get the IP address information of the device network interfaces via the Get-HCSNetInterface cmdlet. However, to identify MAC addresses we need to use the Get-NetAdapter cmdlet. This Powershell script merges the information from both cmdlets presenting a PS Object collection, each of which has the following properties:

  • InterfaceName
  • IPv4Address
  • IPv4Netmask
  • IPv4Gateway
  • MACAddress
  • IsEnabled
  • IsCloudEnabled
  • IsiSCSIEnabled

Script output may look like:

SS-MAC1

For more information about connecting to StorSimple via PowerShell see this post.