Monthly Archives: December 2012

Get-CimClass changes

One thing that I don’t think I’ve mentioned is that the Get-CimClass output changed during the development process.

In PowerShell v3 RTM you can dig into a WMI class like this

Get-CimClass -ClassName Win32_OperatingSystem | select -ExpandProperty CimClassMethods
Get-CimClass -ClassName Win32_OperatingSystem | select -ExpandProperty CimClassProperties
Get-CimClass -ClassName Win32_OperatingSystem | select -ExpandProperty CimClassQualifiers
Get-CimClass -ClassName Win32_OperatingSystem | select -ExpandProperty CimSystemProperties

In at least some of the CTP versions of PowerShell v3 there were parallel, or alternate, properties you could use: Methods , Properties and Qualifiers respectively.

You may see reference to them in older posts – if you do just prefix with CimClass and you’ll be good.

Reminder–PowerShell Jobs session

Quick reminder that this coming Tuesday the UK PowerShell group presents a session on PowerShell Jobs

Details from

http://msmvps.com/blogs/richardsiddaway/archive/2012/12/02/powershell-jobs-and-scheduled-tasks-date-change.aspx

Bulk modifications using Set-AdUser

 

The standard approach to the bulk modification of users is to create a CSV file with an identifier and the data you want to change. Here’s part of a CSV file that could be used to modify some AD attributes – Division, City and Office

SamAccountName,Division,Office,City
mgreen,Accounting,"Main Office","New York"
dgreen,Sales,"North East",Boston
jgreen,Marketing,"North West",Seattle
bkent,Manufacturing,"North",Chicago

I always like to first test what is set

$users = Import-Csv -Path C:\Scripts\adtest.csv            
            
foreach ($user in $users) {            
 Get-ADUser -Identity $user.SamAccountName -Properties * |            
 select SamAccountName, Division, Office, City             
}


A simple loop through each user and display the data. I’ve used –Properties * to ensure that I get the data I want. I could have put the attribute names in to restrict the returned data – might be a good idea if you are working with lots if user accounts at once



SamAccountName      Division            Office              City              
--------------      --------            ------              ----              
mgreen                                                                        
dgreen                                                                        
jgreen                                  Test                                  
bkent               AD Admin            ADML House          Peterborough


With Set-ADUser you get two options – a named parameter or the Add, Replace, Clear, Remove parameters.  See the help file for more details. All of our attributes have named parameters  so we can use this code

# Import AD Module             
Import-Module ActiveDirectory            
            
# Import CSV into variable $userscsv            
#$userscsv = import-csv D:\areile\Desktop\adtest.csv            
$users = Import-Csv -Path C:\Scripts\adtest.csv            
# Loop through CSV and update users if the exist in CVS file            
            
foreach ($user in $users) {            
#Search in specified OU and Update existing attributes            
 Get-ADUser -Filter "SamAccountName -eq '$($user.samaccountname)'" -Properties * -SearchBase "cn=Users,DC=manticore,DC=org" |            
  Set-ADUser -City $($user.City) -Office $($user.Office) -Division $($user.Division)            
}


Import the CSV file and loop through the users. For each user get the user object and pipe to Set-ADUser. The new attribute values are set from the CSV file data



Alternatively if you know the LDAP name of the attribute OR there isn’t a parameter for that attribute use the –Replace parameter.



# Import AD Module             
Import-Module ActiveDirectory            
            
# Import CSV into variable $userscsv            
#$userscsv = import-csv D:\areile\Desktop\adtest.csv            
$users = Import-Csv -Path C:\Scripts\adtest.csv            
# Loop through CSV and update users if the exist in CVS file            
            
foreach ($user in $users) {            
#Search in specified OU and Update existing attributes            
 Get-ADUser -Filter "SamAccountName -eq '$($user.samaccountname)'" -Properties * -SearchBase "cn=Users,DC=manticore,DC=org" |            
  Set-ADUser -Replace @{l = "$($user.City)"; physicalDeliveryOfficeName = "$($user.Office)"; division = "$($user.Division)"}            
}


The thing to note here is that the LDAP attribute names don’t always match the GUI names which are used as parameters. Get-ADUser seems to translate OK though!  You can find the correct name using ADSIEdit.



Note also that the help file for Set-AdUser is incorrect in at least once place – the list of attribute name-value pairs must be separated by semi-colons NOT commas as the help file states

Amazon does PowerShell

A suite of PowerShell cmdlets for managing Amazon Web Services has been released

http://news.techworld.com/virtualisation/3415262/aws-adds-powershell-continues-windows-push/?cmpid=TD1N11&no1x1&olo=daily%20newsletter

The cmdlets can be downloaded from

http://aws.amazon.com/powershell/

Information on using the cmdlets can also be found on this site

Counting the members in an AD group

A question came up on the forum about counting the number of members a group has.  There are a number of ways of doing this but this is one of the easiest

$data = @()            
Get-ADGroup -Filter {Name -like "ADL*"} |            
foreach {            
 $data += New-Object -TypeName PSObject -Property @{            
   Name = $_.Name            
   MemberCount = (Get-ADGroupMember -Identity $($_.DistinguishedName) | Measure-Object ).Count            
 }            
}            
$data


Use the Get-ADGroupMember cmdlet and pipe the output to Measure-Object. Take the Count property.



BTW the forums I refer to are at powershell.org  If you haven’t visited I would strongly recommend you do.

Comparing group membership

A question on the forum asked about comparing the memberships of two groups & displaying information about the users that are in both. The normal reaction is that you have to iterate through the two groups but then I remembered Compare-Object and came up with this

$group1 = Get-ADGroupMember -Identity ADL-group1 | select SamAccountName            
            
$group2 = Get-ADGroupMember -Identity ADL-group2 | select SamAccountName            
            
Compare-Object -ReferenceObject $group1 -DifferenceObject $group2 -IncludeEqual |             
where SideIndicator -eq "==" |            
foreach {            
 $sam = ($_.InputObject).SamAccountName             
             
 Get-ADUser -Identity $sam -Properties *            
            
}


Get the group membership of each group into a variable – I’m using the Microsoft cmdlets and just selecting the samaccountname to compare.



Using Compare-Object I used the –IncludeEqual parameter to make sure I got the matches and then filtered on the SideIndicator value of “==” .  That gets me the matches.



I then loop through them and use Get-ADUser to pull back the properties I need.



If you want to do this with the quest cmdlets use distinguished name instead of samaccountname

How to give yourself an ulcer in one evening or why Word remains minimised on the Taskbar

I have just spent an extremely frustrating 3 hours trying to figure out why Word 2013 remained minimised on the task bar of my Windows 8 machine. Everything else opened up correctly including other Office applications such as Excel and PowerPoint.

I checked on other machines and it wasn’t the document I was trying to open – later found it was all Word documents – even those coming from my Skydrive.

Tried repairing Office – didn’t work

Looked through the registry – nothing

Tried opening Word through PowerShell – still minimised. Looked through the Word object – nothing.

Tried Internet searches – best option is to maximise through Task Manager – didn’t work. Tried move and size options – nothing.

Just had a brain wave. Yesterday I had an external monitor attached. Switched that on and there is Word in all its glory. Dragged the Window back to my laptop screen and everything works properly now.

So the moral of the story is don’t shut down word on an external monitor unless you want to give yourself an ulcer!

PowerShell–jobs and scheduled tasks–date change

I’ve had to move the Live Meeting to Tuesday 11 December


When: Tuesday, Dec 11, 2012 7:30 PM (GMT)


Where:

*~*~*~*~*~*~*~*~*~*


PowerShell jobs provide the ability to perform long running background tasks. With the introduction of cmdlets to schedule tasks the possibilities increase

Notes



Richard Siddaway has invited you to attend an online meeting using Live Meeting.
Join the meeting.
Audio Information
Computer Audio
To use computer audio, you need speakers and microphone, or a headset.
First Time Users:
To save time before the meeting, check your system to make sure it is ready to use Microsoft Office Live Meeting.
Troubleshooting
Unable to join the meeting? Follow these steps:

  1. Copy this address and paste it into your web browser:
    https://www.livemeeting.com/cc/usergroups/join
  2. Copy and paste the required information:
    Meeting ID: KRSN4M
    Entry Code: s`xS<XHp2
    Location: https://www.livemeeting.com/cc/usergroups

If you still cannot enter the meeting, contact support

Notice
Microsoft Office Live Meeting can be used to record meetings. By participating in this meeting, you agree that your communications may be monitored or recorded at any time during the meeting.

Defining Active Directory Identity with PowerShell

There are two sets of cmdlets for working with Active Directory – Microsoft and Quest. Unfortunately they offer slightly different options for defining the identity of the user you want to work with.

The Microsoft cmdlets offer these options:

Distinguished Name = "CN=GREEN Mike,CN=Users,DC=Manticore,DC=org"
GUID  = 53837835-1de0-4686-ae3f-b8cf23890ce3
Sid = S-1-5-21-3881460461-1879668979-35955009-6273
sAMAccountName = mgreen

By contrast the Quest cmdlets offer these options for defining Identity:

DN = DistinguishedName = "CN=GREEN Mike,CN=Users,DC=Manticore,DC=org"
SID = S-1-5-21-3881460461-1879668979-35955009-6273
GUID = 53837835-1de0-4686-ae3f-b8cf23890ce3
UPN = UserPrincipalName = mgreen@manticore.org
Domain\UserName = MANTICORE\mgreen

If you not using the cmdlets and relying on the ADSI interface – all you can use is the distinguished name

$user = [ADSI]”LDAP://CN=GREEN Mike,CN=Users,DC=Manticore,DC=org"