Powershell

Validate-WindowsCredential and Validate-LinuxCredential PowerShell functions


In the course of automation, you might need to validate credentials that a script would use to perform a set of complex tasks before the script is run. The Validate-WindowsCredential and Validate-LinuxCredential PowerShell functions are two of the latest additions to the SB-Tools PowerShell module that simplify this task.

Validate-WindowsCredential

The Validate-WindowsCredential function/cmdlet takes 2 parameters:

  1. ‘Credential’ which is a PSCredential object that can be obtained from the Get-Credential cmdlet of the Microsoft.PowerShell.Security, or the Get-SBCredential function of the SB-Tools PS module.
  2. ‘Session’ which is a PSSession object that can be obtained via the New-PSSession cmdlet of the Microsoft.PowerShell.Core

A simple example may look like:

$Session = New-PSSession -ComputerName test-vm0116.test.domain.com -Credential (Get-SBCredential 'test\superuser')
Validate-WindowsCredential -Credential (Get-SBCredential '.\administrator') -Session $Session

The function returns TRUE if the provided credential (name/password set) was able to successfully authenticate in the provided remote PowerShell session, or FALSE if authentication fails.

The function can validate local accounts presented in the format ‘.\username’ or domain accounts presented in the format ‘domain\username’

The Validate-WindowsCredential function relies on the ValidateCredentials() method of the DirectoryServices.AccountManagement.PrincipalContext class

Validate-LinuxCredential

The Validate-LinuxCredential function/cmdlet is similar to the Validate-WindowsCredential function/cmdlet in that it takes the same 2 parameters:

  1. ‘Credential’ which is the same PSCredential object as before.
  2. ‘Session’ which is an SSH.SshSession object that can be obtained via the New-SSHSession cmdlet of the POSH-SSH PS module

A simple use example would look like:

$Session = New-SSHSession -ComputerName test-vm0112.test.domain.com -Credential (Get-SBCredential 'opsuser') -AcceptKey
Validate-LinuxCredential -Credential (Get-SBCredential 'root') -Session $Session

Similarly, TRUE is returned if authentication is successful or FALSE if authentication fails.

It also displays additional information to the console such as the account hash.

Unlike the Validate-WindowsCredential cmdlet, the Validate-LinuxCredential cmdlet relies on reading and parsing the /etc/shadow file that has the hashes of user accounts of this Linux machine. The current revision of the cmdlet is designed to validate MD5 hashed accounts only. A possible enhancement is to add functionality to validate accounts hashed with other algorithms such as Blowfish and SHA


To use the SB-Tools PowerShell module which is available in the PowerShell Gallery, you need PowerShell 5. To view your PowerShell version, in an elevated PowerShell ISE window type

$PSVersionTable

To download and install the latest version of SB-Tools from the PowerShell Gallery, type

Install-Module SB-Tools,POSH-SSH -Force

SB-Tools contains functions that depend on POSH-SSH module, and they’re typically installed together.

To load the SB-Tools and POSH-SSH modules type:

Import-Module SB-Tools,POSH-SSH -DisableNameChecking

To view a list of cmdlets/functions in SB-Tools, type

Get-Command -Module SB-Tools

To view the built-in help of one of the SB-Tools functions/cmdlets, type

help <function/cmdlet name> -show

such as

help Convert-IpAddressToMaskLength -show

Advertisements

Export-SessionCommand function to export PS script commands to remote PS session


Have you been in the situation where you’re in a PS session trying to run commands against one or more remote computers using PowerShell Remoting sessions? You may have PS modules and cmdlets in the current PS session that are not available in the remote session(s). This function will allow you to export local PS session commands to remote PS sessions. The native Export-PSSession cmdlet seems to do the opposite – bringing remote session cmdlets to local PS session.

Export-SessionCommand PowerShell function is part of the SB-Tools PowerShell module. This function takes one or more Powershell script functions/commands from current session and exports them to a remote PS session. This function will ignore and not export binary functions.  Exported functions will persist on the remote computer for the user profile used with the PS remote session.

The function takes the following parameters:

Command

This is a required parameter. This is one or more script commands available in the current PS session. For example Update-SmbMultichannelConnection cmdlet/function of the SmbShare PS module.
To see available script commands, you can use:

Get-Command | ? { $_.CommandType -eq 'function' }

ModuleName

This is an optional parameter that defaults to ‘SBjr’ if not provided. This is the name of the module that this function will create on the remote computer under the user profile of the remote PS session. This will over-write prior existing module with the same name.

Session

System.Management.Automation.Runspaces.PSSession object usually obtained by using New-PSSession cmdlet

Example

$Session = New-PSSession -ComputerName 'Mycomp.MyDomain.com' -Credential (Get-SBCredential -UserName 'domain\user')

Export-SessionCommand get-saervice,get-sbdisk,bla,get-bitlockerstatus,get-service -Session $Session -Verbose


To use the SB-Tools PowerShell module which is available in the PowerShell Gallery, you need PowerShell 5. To view your PowerShell version, in an elevated PowerShell ISE window type

$PSVersionTable

To download and install the latest version of SB-Tools from the PowerShell Gallery, type

Install-Module SB-Tools,POSH-SSH -Force

SB-Tools contains functions that depend on POSH-SSH module, and they’re typically installed together.

To load the SB-Tools and POSH-SSH modules type:

Import-Module SB-Tools,POSH-SSH -DisableNameChecking

To view a list of cmdlets/functions in SB-Tools, type

Get-Command -Module SB-Tools

To view the built-in help of one of the SB-Tools functions/cmdlets, type

help <function/cmdlet name> -show

such as

help Convert-IpAddressToMaskLength -show


Get-SBWMI function to query WMI with Timeout option


29 September 2017 update:

I’ve added an additional parameter to allow passing a PSCredential object to this function/cmdlet. This is helpful when the user running the script/cmdlet does not have permissions on the target computer. Another enhancement in this update to to trap errors resulting from failure to WMI connect to the target computer like in case of ‘Access Denied’, or ‘RPC Server not available’ errors.


Get-SBWMI PowerShell function is part of the SB-Tools PowerShell module. It provides similar functionality to the native Get-WMIObject cmdlet with added option: Timeout.

The function takes 1 required parameter; ‘Class’. For example

Get-SBWMI Win32_computerSystem

will return output similar to:

It also accepts the following optional parameters:

Property

Property name of the provided ‘Class’ such as ‘NumberofLogicalProcessors’ property of the ‘Win32_computerSystem’ class:

Get-SBWMI Win32_computerSystem -Property NumberofLogicalProcessors

Filter

In the format Property=Value such as ‘DriveLetter=e:’

Get-SBWMI -Class Win32_Volume -Filter 'DriveLetter=e:'

ComputerName

Remote computer name or IP address

Get-SBWMI Win32_computersystem -ComputerName mgmt

NameSpace

The default is ‘root\cimv2’. To see name spaces type:

(Get-WmiObject -Namespace 'root' -Class '__Namespace').Name

TimeOut

In seconds. The default is 20.

This is a particularly helpful option especially if you’re in the situation of trying to query many hundreds or thousands of computers, where the vast majority respond quickly but few can drag out for several minutes or not respond at all causing the script to hang if using the native Get-WMIObject cmdlet.


To use the SB-Tools PowerShell module which is available in the PowerShell Gallery, you need PowerShell 5. To view your PowerShell version, in an elevated PowerShell ISE window type

$PSVersionTable

To download and install the latest version of SB-Tools from the PowerShell Gallery, type

Install-Module SB-Tools,POSH-SSH -Force

SB-Tools contains functions that depend on POSH-SSH module, and they’re typically installed together.

To load the SB-Tools and POSH-SSH modules type:

Import-Module SB-Tools,POSH-SSH -DisableNameChecking

To view a list of cmdlets/functions in SB-Tools, type

Get-Command -Module SB-Tools

To view the built-in help of one of the SB-Tools functions/cmdlets, type

help <function/cmdlet name> -show

such as

help Convert-IpAddressToMaskLength -show


Convert-IpAddressToMaskLength and Convert-MaskLengthToIpAddress PowerShell functions


Convert-IpAddressToMaskLength and Convert-MaskLengthToIpAddress PowerShell functions are two supporting functions in the SB-Tools PowerShell module that do what their names suggest.

These two functions come in handy when manipulating IPv4 addresses. For example, when adding/removing IPv4 address to/from a network interface using PowerShell during automated provisioning.

For example, the Get-NetIPAddress cmdlet of the NetTCPIP module, returns information similar to

Notice that the familiar dotted decimal subnet mask is missing. Instead we get ‘PrefixLength’ which is the number of bits that represent the network address out of the 32 bit IPv4 address. So, a 24 bit prefix means a 255.255.255.0 subnet mask.

The Convert-IpAddressToMaskLength function takes one or more dotted decimal subnet masks and returns the corresponding bit lengths. For example

Convert-IpAddressToMaskLength 255.0.0.0,255.192.0.0,255.255.255.224

will return 8,10,27

Similarly, the Convert-MaskLengthToIpAddress 9,11,28 will return:


To use the SB-Tools PowerShell module which is available in the PowerShell Gallery, you need PowerShell 5. To view your PowerShell version, in an elevated PowerShell ISE window type

$PSVersionTable

To download and install the latest version of SB-Tools from the PowerShell Gallery, type

Install-Module SB-Tools,POSH-SSH -Force

SB-Tools contains functions that depend on POSH-SSH module, and they’re typically installed together.

To load the SB-Tools and POSH-SSH modules type:

Import-Module SB-Tools,POSH-SSH -DisableNameChecking

To view a list of cmdlets/functions in SB-Tools, type

Get-Command -Module SB-Tools

To view the built-in help of one of the SB-Tools functions/cmdlets, type

help <function/cmdlet name> -show

such as

help Convert-IpAddressToMaskLength -show


PowerShell module with functions to Get AD FSMO roles, Get and Set NTP server setting


This module can be downloaded from the Microsoft Script Center Repository.

The module does not require ActiveDirectory PS module, and includes 3 functions:

Get-ADRole: This is a function to return one or all DC FSMO role holders in the current AD forest

Get-NTPDCs: This is a function to return NTP server settings for one or all DCs in current AD forest

Set-NTP: This is a function to change NTP server settings for one or more DCs in current AD forest

Example:

$DCNames = ((([DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()).Sites).Servers).Name
$DCNames -notmatch (Get-ADRole PdcRole).DCName | % { Set-NTP $_ time-c.nist.gov }

This example will change NTP server setting on all DCs except PDC emulator to ‘time-c.nist.gov’

Of course for this to work, it needs to to be run under an AD user that has permission to write to the DCs’ registry.

Getting started:

  • To use the functions/cmdlets in this module, download this module, extract the files using Winrar for example.
  • Open PowerShell ISE as Administrator
  • Open and execute the Install-Module.ps1 script

StorSimple 8k software release 4.0


Around mid February 2017, Microsoft released StorSimple software version 4.0 (17820). This is a release that includes firmware and driver updates that require using Maintenance mode and the serial console.

Using this PowerShell script to save the Version 4.0 cmdlets and compare them to Version 3.0, I got:

storsimple40-a

Trying the new cmdlets, the Get-HCSControllerReplacementStatus cmdlet returns a message like:

storsimple40-b

The Get-HCSRehydrationJob returns no output (no restore jobs are running)

The Invoke-HCSDisgnostics seems pretty useful and returns output similar to:

storsimple40-c

The cmdlet takes a little while to run. In this case it took 14 minutes and 38 seconds:

storsimple40-d

It returns data from its several sections like;

System Information section:

storsimple40-e

This is output similar to what we get from the Get-HCSSystem cmdlet for both controllers.

Update Availability section:

storsimple40-f

This is output similar to Get-HCSUpdateAvailability cmdlet, although the MaintenanceModeUpdatesTitle property is empty !!??

storsimple40-g

Cluster Information section:

storsimple40-h

This is new exposed information. I’m guessing this is the output of some Get-HCSCluster cmdlet, but this is pure speculation on my part. I’m also guessing that this is a list of clustered roles in a traditional Server 2012 R2 failover cluster.

Service Information section:

storsimple40-i

This is also new exposed information. Get-Service is not an exposed cmdlet.

Failed Hardware Components section:

storsimple40-j

This is new exposed information. This device is in good working order, so this list may be false warnings.

Firmware Information section:

storsimple40-k

This output is similar to what we get from Get-HCSFirmwareVersion cmdlet

Network Diagnostics section:

storsimple40-l

Most of this information is not new, but it’s nicely bundled into one section.

Performance Diagnostics section:

storsimple40-m

Finally, this section provides new information about read and write latency to the configured Azure Storage accounts.

The full list of exposed cmdlets in Version 4.0 is:

Clear-DnsClientCache
Set-CloudPlatform
Select-Object
Restart-HcsController
Resolve-DnsName
Out-String
Out-Default
Set-HcsBackupApplianceMode
Measure-Object
Invoke-HcsmServiceDataEncryptionKeyChange
Invoke-HcsDiagnostics
Get-History
Get-Help
Get-HcsWuaVersion
Get-HcsWebProxy
Invoke-HcsSetupWizard
Set-HcsDnsClientServerAddress
Set-HcsNetInterface
Set-HcsNtpClientServerAddress
Test-HcsNtp
Test-HcsmConnection
Test-Connection
Sync-HcsTime
Stop-HcsController
Start-Sleep
Start-HcsUpdate
Start-HcsPeerController
Start-HcsHotfix
Start-HcsFirmwareCheck
Set-HcsWebProxy
Set-HcsSystem
Set-HcsRemoteManagementCert
Set-HcsRehydrationJob
Set-HcsPassword
Get-HcsUpdateStatus
Trace-HcsRoute
Get-HcsUpdateAvailability
Get-HcsSupportAccess
Enable-HcsRemoteManagement
Enable-HcsPing
Enable-HcsNetInterface
Disable-HcsWebProxy
Disable-HcsSupportAccess
Disable-HcsRemoteManagement
Enable-HcsSupportAccess
Disable-HcsPing
Test-NetConnection
Test-HcsStorageAccountCredential
TabExpansion2
Reset-HcsFactoryDefault
prompt
Get-NetAdapter
Disable-HcsNetInterface
Enable-HcsWebProxy
Enter-HcsMaintenanceMode
Enter-HcsSupportSession
Get-HcsRoutingTable
Get-HcsRemoteManagementCert
Get-HcsRehydrationJob
Get-HcsNtpClientServerAddress
Get-HcsNetInterface
Get-HcsFirmwareVersion
Get-HcsDnsClientServerAddress
Get-HCSControllerReplacementStatus
Get-HcsBackupApplianceMode
Get-Credential
Get-Command
Export-HcsSupportPackage
Export-HcsDataContainerConfig
Exit-PSSession
Exit-HcsMaintenanceMode
Get-HcsSystem
Update-Help


Powershell script to get disk information including block size


This script can be downloaded from the Microsoft Technet Gallery. It contains the Get-SBDisk function which takes one parameter as input being one or more computer names or IP addresses. It return s a PowerShell object for each fixed disk of each input computer.

To see the inline help and example:

help Get-SBDisk -ShowWindow

get-sbdisk2

This script takes advantage of this function and collects disk information on all computers in the current AD domain (without the need to use ActiveDirectory PowerShell module):

$adsi = [adsisearcher]"objectcategory=computer"
$adsi.SearchRoot = "LDAP://dc=$($env:USERDNSDOMAIN.replace('.',',dc='))"
$adsi.filter = "(&(objectClass=Computer)(!userAccountControl:1.2.840.113556.1.4.803:=2))" # enabled computers
$adsi.PageSize = 1000000 
$EnabledADComputers = $adsi.FindAll()
$EnabledADComputerNames = @()
$EnabledADComputerNames += $EnabledADComputers | % { $_.Properties.name } # List of the names of enabled computers from AD
$i = 0
$DiskInfo = @()
$EnabledADComputerNames | % {
   $i++
   Write-Progress -Activity "Checking disks on computer $_" -Status "$i of $($EnabledADComputerNames.Count)"
   $DiskInfo += Get-SBDisk $_ -Verbose
}
$DiskInfo | FT -a # output disk information to console
$DiskInfo | Out-GridView # Output disk information to ISE grid view
$DiskInfo | Export-Csv .\DiskInfo.csv -NoType # Save disk information to CSV

"Checked $($EnabledADComputerNames.Count) computers in AD"
"Found $(($DiskInfo | % { $_.ComputerName } | select -Unique).Count) reachable computers"
"$($DiskInfo.Count) disks checked"

get-dbdisk3

This is formatted to work with PS version 2.

During the script run you may see progress similar to:

get-sbdisk1

and output similar to:

get-dbdisk4

To view a list of disks with less than 20% free space:

"Disks with less than 20% free space"
$DiskInfo | 
    where { $_.'Free(%)' -lt 20 -and $_.'Free(%)' -ne 100 } | 
       sort 'Free(%)' | FT -a

get-dbdisk5

 

 


PowerShell script to report on computer inventory


Back in October of 2014 I responded to a TechNet Script Center Repository Request

ping01

The script I wrote back then looked like:

ping02

Based on user feedback I decided to update this script. Version 2 is now online. Enhancements in version 2 include:

  • Powershell 2.0 compatibility (Windows 7 and Server 2008 native, Windows 2003 and Windows XP possible)
  • Script version 2 is backward compatible with script version 1 in the sense that example are provided to use script v2 to produce same output as script v1
  • Both scripts return output as a PS Object which lends itself handy to further automation
  • Added -Verbose output, removed ‘log’ function
  • Added more information for computer object:
    •  Manufacturer – example : Microsoft Corporation
    • OSCaption – example : Microsoft Windows 7 Professional
    • VirtualMachine  : True or False
    • OSArchitecture – example : 64-bit

Example 1

.\Ping-Report-v2.ps1 

The script returns a PS object similar to:

ping10

Example 2

.\Ping-Report-v2.ps1 -ComputerName $env:COMPUTERNAME,bla1,p-2012r2-sb1

Possible output:

ping09

This example shows output when a computer is down, and when the script is run under a user context that has no permission/access to query the target computer(s)

Example 3

The same can be done reading the computer list from a CVS file as in:

Import-Csv .\Computerlist.csv | 
  % { .\Ping-Report-v2.ps1 $_.ComputerName }

The input CSV file may look like:

ping05

Example 4

The output can be exported to CSV to file as in:

Import-Csv .\Computerlist.csv | 
  % { .\Ping-Report-v2.ps1 $_.ComputerName } | 
    select ComputerName, Status, OSCaption, VirtualMachine, IPAddress |
      Export-Csv z:report1.csv -NoType

ping07b

Example 5

.\Ping-Report-v2.ps1 V-WIN7PROX64,bla1,V-WIN7PROX64,p-2012r2-sb1 | 
    select ComputerName, Status, OSCaption, VirtualMachine, IPAddress | FT -a

ping08

 

 


StorSimple Test-HcsStorageAccountCredential Powershell cmdlet output inaccurate


Test-HcsStorageAccountCredential is a function in the HCS (Hybrid Cloud Storage) PowerShell module.

storsimple-storage2

This module is only available on StorSimple device. The purpose of this function is to test connectivity and authentication to an Azure Storage account or other supported public clouds’ storage containers. This may be needed during device deployment to troubleshoot connectivity issues; specifically Storage Account access.

The cmdlet/function has 3 parameter sets. When using the ‘name’ parameter set, we may see several outputs like:

storsimple-storage3The output above indicates that the Storage Account does not exist, or

storsimple-storage5that the Storage Account is not used by any volume container on this device.

Once a volume container is created to use a newly created Storage Account

storsimple-storage4

The Test-HcsStorageAccountCredential returns a different output:

storsimple-storage6

The above output indicates that the StorSimple device can access the Storage Account successfully. What’s indicative of success here is NOT the ‘HcsErrorMessage: Success’ message. This is considered a success because of the ‘StatusCode: 0‘ message.

Now, if you change the Storage account keys (password portion of the credential needed to access it), the Test-HcsStorageAccountCredential returns output similar to:

storsimple-storage7

The HcsErrorMessage and the HttpMessage above seem to be accurate.

After synchronizing the Storage Account keys with the StorSimple Manager service, deleting the volume container associated with the Storage Account, and deleting the Storage Account, the Test-HcsStorageAccountCredential returns output similar to:

storsimple-storage8

The above message is a bit confusing. I expect to see a message similar to the red error message above indicating that the Storage Account does not exist. ‘HcSErrorMessage: Success’ here is inaccurate. On the bright side, ‘HttpMessage: ResourceNotFound’ is accurate.

In one scenario, where volume container creation fails with error 502, the Test-HcsStorageAccountCredential returns output similar to:

storsimple-storage1

Again, ‘HcSErrorMessage: Success’ here is inaccurate. This particular error ended up being a mis-configured proxy settings on the device where NTLM was specified instead of None and no username/pwd were provided. The proxy was not requiring or using any authentication.

The PowerShell commands to use are:

Get-HCSWebProxy # to view current Proxy settings

Set-HCSWebProxy -ConnectionURI 'http://myproxy.mydomain.com:8000' -Authentication 
None # to configure the device to use Proxy

Enable-HCSWebProxy # to enable Proxy use

Conclusion:

When using the Test-HcsStorageAccountCredential function/cmdlet with the ‘name’  parameter set, any StatusCode value other than 0 indicates failure to connect or/and authenticate to the Storage Account. ‘HcSErrorMessage: Success’ may be inaccurate.

 


PowerShell function to parse Netstat output and return a PowerShell object


This is a function to parse Netstat -ano output and return a PowerShell object.

This output is similar to that of the Get-NetTCPConnection cmdlet of the NetTCPIP PowerShell module.

To see the built-in help, type in: help Parse-Netstat -Show

Example:

(Parse-Netstat | where { $_.Version -eq ‘IPv4’ -and $_.RemoteAddress -ne ‘0.0.0.0’ -and $_.LocalPort -eq 5985 } | select RemoteAddress -Unique).RemoteAddress

This example checks for connections where localhost is listening on TCP port 5985 (VMM Agent which uses WBEM WS-Management HTTP), and returns the IP address of the remote host (VMM server). VMM being System Center Virtual Machine Manager. If it returns nothing, this means this machine is not listening on port 5985 (VMM agent not running)

Example:

vmm1