Archive

Archive for the ‘Powershell’ Category

Powershell: OpenFileDialog x64 systems

July 8, 2013 Leave a comment

Recently I had an issue where the Openfiledialog was not working anymore in one of my Powershell scripts. Nothing happened when I executed my script. The strange thing was that the script was working on an 32-bit system and also with PowerGUI on x64 systems.

The solution is to add the ShowHelp parameter of the OpenFileDialog form and configure it as true:

OpenFileDialog.ShowHelp = $true

The ShowHelp parameter is a new feature within Windows 2008 or above which you must define in Powershell if you want to use the Openfiledialog.

Advertisements
Categories: Powershell

Powershell: Get all Groupnames and Memberships

April 12, 2012 8 comments

In this post I will show you how to get all group names and memberships of a specific OU in Active Directory. If you want to get all memberships and display groupnames with Powershell you can use the combination of Get-QADGroup and Get-QADGroupmember of the Quest AD Cmdlets.

#List groupnames with memberships from a specific OU
#https://jthys.wordpress.com

#Define OU:
$SecurityGroups = "Joris.Local/Groups/Security"

Get-QADGroup -SearchRoot $SecurityGroups -SizeLimit 0 | Foreach-Object{
       $group = $_
       Get-QADGroupmember $group -sizelimit 0 | `
       select @{n="GroupName";e={$group}},samaccountname,firstname,lastname
} | export-Csv  C:\Powershell\ADGroups\SecurityGroups.csv

First you get all Groups of a specific OU with Get-QADGroup and then pipe the results to a Foreach-Object with the combination of Get-QADGroupmeber which loops through all Groups to retrieve the users of each AD Group. I get the required output with the select-object
cmdlet and I make use of a hashtable ” @{n=”GroupName”;e={$group}}”. There are two pairs – first one with a key “Name” that specifies the name of the resulting property(groupname) and second one with the key “Expression” that specifies the value of the property which is in this case just the group name we have gotten from Get-QADGroup. I made also an export to a CSV File.

Categories: Powershell

WSUS 3.0: Windows Update PowerShell Module

January 21, 2012 Leave a comment

The PSWindowsUpdate module allows you to manage WSUS configuration via Powershell.

The Module can be installed manualy by downloading Zip file and extract in:
%WINDIR%\System32\WindowsPowerShell\v1.0\Modules

You may receive the following Security warning:
Run only scripts that you trust. While scripts from the Internet can be useful, this script can potentially harm your computer. Do you want to run C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSWindowsUpdate\PSWindowsUpdate.psm1?

You need to be very careful running stuff you pulled down from the internet. If you’ve reviewed the script and found it to be trustworthy, you can remove its origin information by UNBLOCKING it from the properties dialog box in Explorer (Select the object in explorer, right click, select properties, unclick BLOCKED).

http://gallery.technet.microsoft.com/scriptcenter/2d191bcd-3308-4edd-9de2-88dff796b0bc 

Powershell: Clear TsProfilePath in Active Directory

May 6, 2011 Leave a comment

Last week I had an odd issue in powershell when I was creating a script to clear the “Terminal Services profile” for a list of users. The following error appeard when I tried to clear the Terminal services path via “Get-QADUser test_user | Set-QADUser -TsProfilePath $null”:

Set-QADUser : The specified directory service attribute or value does not exist. (Exception from HRESULT: 0x8007200A)

After a little reaserach I found a topic on Powergui with similar problems. It turns out that there might be a problem between ADSI and powershell for the “Terminal Services profile” settings when you try to clear these settings.  Fortunly a member of the Powergui made already a workaround with ADSI and PSBase.

Add or remove the following lines in the underneath script to clear the HomeDrive, HomeDirectory and the Profilepath.

$objADSI.psbase.InvokeSet(“TerminalServicesHomeDrive”, “”)
$objADSI.psbase.InvokeSet(“TerminalServicesHomeDirectory”, “”)
$objADSI.psbase.InvokeSet(“TerminalServicesProfilePath”, “”)

This example clears the “Terminal services profile path” for the samaccountname column in accounts.csv :

#This script will clear the Terminal Services Profile Path based on a csv file
#https://jthys.wordpress.com

$imported = Import-Csv "C:\Input\Accounts.csv"

$imported | ForEach-Object {
get-qaduser $_.Samaccountname | Modify-DirectoryObject
}

function Modify-DirectoryObject {
param()
begin {$count=0}
process {
$objADSI = [ADSI]$_.Path
$objADSI.psbase.InvokeSet("TerminalServicesProfilePath", "")
$objADSI.setinfo()
$count++
}
end {"objects were modified"}
}

http://www.powergui.org/thread.jspa?threadID=14336

Powershell: Get Inactive Computer objects in AD

April 5, 2011 13 comments

I made a new Powershell script to retrieve all inactive and “non used” computer accounts for a specific organizational unit in Active Directory. You need to use the attribute “lastLogonTimestamp” from AD like you can see in the screenshot below. There is also a “lastlogon” attribute present but this an old attribute which is not replicated among the domain controllers. This attribute is only updated on the domain controller you are currently using therefor we use “lastLogonTimestamp” which is replicated. I have also used the  Quest Active Roles which is free to download.

The script below will display first the inactive computer objects that not have been signed-in in the last 3 Months, afterward are the “never used” computer accounts displayed. Modify the $Days & $OU variable to change the number of inactive days and the specified Organizational unit.

Script:


#Display inactive and "non used" workstations of a specific Organizational Unit
#More info: https://jthys.wordpress.com

cls
$Currentdate = get-date
$Days = 90
$OU = "RSRC.int/Managed Computers"

$inactive = Get-QADComputer -SearchRoot $OU -SizeLimit 0 -IncludedProperties LastLogonTimeStamp | where { $_.LastLogonTimeStamp -ne $null -and ($Currentdate-$_.LastLogonTimeStamp).Days -gt $Days }
$neverused = Get-QADComputer -SearchRoot $OU -SizeLimit 0 -IncludedProperties LastLogonTimeStamp | where { $_.LastLogonTimeStamp -eq $null }

Write-Host "Inactive Workstations:"
$inactive | format-table name, lastlogonTimeStamp -autosize

write-host "Never used Worksations:"
$neverused  | format-table name -autosize

Output:

note: I have changed the variable $days to 5 to generate some output on my test domain controller.

 

Categories: Powershell

OCS 2007 R2: Enable a user with powershell

March 21, 2011 Leave a comment

In this post I will show you how you can enable a useraccount with Powershell in OCS 2007 R2. Yes there isn’t a powershell CMD-let available in OCS 2007 R2 but there are some nice OCS Powershell example Functions available on the companion CD of the OCS 2007 R2 resource KIT book.

Download the following two files from the companion CD and place them in a directory on your Edge/Standard edition server:

  • OCS-All.ps1
  • ocsTypes.format.ps1xml

First modify the first file OCS-All.ps1 based on http://support.microsoft.com/kb/969486/en-us
The Function “Get-OCSUser” must be modified because it could generate errors when your create a new user(probably on line 103).

if (($URI -eq “%”) -or ($URI=”*”)) {$uri=$null}  #old
if (($URI -eq “%”) -or ($URI –eq “*”)) {$uri=$null} #correct

You will now be able to load the OCS functions in the Powershell console. It may be necessary to run first the “set-ExecutionPolicy RemoteSigned” before you can load the functions.

[PS] C:\Powershell>.  .\OCS-All.ps1

You can now get all OCS commands via:

[PS] C:\Powershell>get-ocsfunction

Create a new OCS user:
Before we can create a new OCS user we must retrieve the correct user “distinguished name” and Pool “distinguished name”. In the example below I put them in two variables because these names are quite long. I make also use of the “Quest Active roles Management” shell to retrieve the DN name via the “Get-QADuser” command. Get-OCSpool is also one of the example functions.

[PS] C:\Powershell>$userdn = Get-qaduser ocsuser1 | foreach {$_.DN}
[PS] C:\Powershell>$pooldn = get-ocspool | foreach {$_.pooldn}

The next step is to create a new OCS user via the “New-OcsUser” function:

[PS] C:\Powershell>New-OcsUser -uri “sip:name@example.com” -user $userdn -homeServer $pooldn



Account is now enabled for OCS 2007 R2 with powershell! A more detailed view of the user can be accomplished via get-ocsuserdetail:

[PS] C:\Powershell>Get-OCSUserDetail -condition “PrimaryURI like ‘SIP:ocsuser1%'”

Complete list of functions:

Enable-ExchUmForOcsUser
Get-OCSADContainer
Get-OCSEdgeAvAuthCert
Get-OCSEdgeConferencingExternalCert
Get-OCSEdgeFederationDenied
New-OCSEdgeFederationDenied
Remove-OCSEdgeFederationDenied
Get-OCSEdgeFederationExternalCert
Get-OCSEdgeFederationInternalCert
Export-OCSEdgeFederationPartner
Get-OCSEdgeFederationPartner
Import-OCSEdgeFederationPartner
New-OCSEdgeFederationPartner
Remove-OCSEdgeFederationPartner
Get-OCSEdgeIMProvider
New-OCSEdgeIMProvider
Remove-OCSEdgeIMProvider
Update-OCSEdgeIMProvider
Get-OCSEdgeInternalDomain
New-OCSEdgeInternalDomain
Remove-OCSEdgeInternalDomain
Get-OCSEdgeInternalServer
New-OCSEdgeInternalServer
Remove-OCSEdgeInternalServer
Get-OCSErrorEvent
Get-OCSFunction
Get-OCSGlobalUCSetting
Get-OCSInstalledService
Choose-OCSLocationProfile
Get-OCSLocationProfile
New-OCSLocationProfile
Remove-OCSLocationProfile
Choose-OCSMediationServer
Set-OCSMediationServerPlusSign
Get-OCSMediationServerSetting
Choose-OCSMeetingPolicy
Get-OCSMeetingPolicy
New-OCSMeetingPolicy
Remove-OCSMeetingPolicy
Update-OCSMeetingPolicy
Choose-OCSNormalizationRule
Remove-OCSNormalizationRuleFromOCSLocationProfile
Get-OCSNormalizationRule
New-OCSNormalizationRule
Remove-OCSNormalizationRule
Add-OCSNormalizationRuleToOCSLocationProfile
Update-OCSNormalizationRule
Choose-OCSPhoneRoute
Get-OCSPhoneRouteForNumber
Get-OCSPhoneRouteForOCSPhoneRouteUsage
Get-OCSPhoneRouteForOCSUser
Get-OCSPhoneRoute
New-OCSPhoneRoute
Remove-OCSPhoneRoute
Update-OCSPhoneRoute
Choose-OCSPhoneRouteUsage
Get-OCSPhoneRouteUsageForOCSUCPolicy
Remove-OCSPhoneRouteUsageFromOCSPhoneRoute
Remove-OCSPhoneRouteUsageFromOCSUCPolicy
Get-OCSPhoneRouteUsage
New-OCSPhoneRouteUsage
Remove-OCSPhoneRouteUsage
Add-OCSPhoneRouteUsageToOCSPhoneRoute
Add-OCSPhoneRouteUsageToOCSUCPolicy
Get-OCSPICUserCount
Choose-OCSPool
Get-OCSPool
Start-OCSReplication
Get-OCSSchemaVersion
Get-OCSSIPDomain
New-OCSSIPDomain
Remove-OCSSipDomain
Get-OCSSipRoutingCert
Get-OCSTrustedService
Choose-OCSUCPolicy
Get-OCSUCPolicyForOCSUser
Get-OCSUCPolicy
New-OCSUCPolicy
Remove-OCSUCPolicy
Update-OCSUCPolicy
Get-OCSUserDetail
Export-OCSUser
Get-OCSUser
Import-OCSUser
New-OCSuser
Remove-OCSUser
Update-OCSUser
Get-OCSWarningEvent
Get-OCSWindowsService
Start-OCSWindowsService
Stop-OCSWindowsService

Lync 2010: Enable a user account with powershell

March 11, 2011 1 comment

In this post I will show you two easy Powershell commands to enable a single user account in Lync 2010. Before a user can log on to Lync Server, that user must meet two requirements: he or she must have a valid Active Directory account, and that account must be enabled for Lync Server. In Powershell you can use the Enable-CsUser cmdlet to accomplish this task.

Enable user for Lync 2010 with the user’s email address as SIP address:

Enable-CsUser ‘UserIDParameter’ -RegistrarPool ‘poolname’ -SipAddressType Emailaddress

Enable user for Lync 2010 using the user’s first name and last name:

Enable-CsUser ‘UserIDParameter’ -RegistrarPool ‘poolname’ -SipAddressType FirstLastName -Sipdomain ‘example.com’

Example:

Categories: Powershell