Monthly Archive

Categories

Windows Server 2012

AD Month of Lunches–Chapt 18 & 19 in MEAP

An updated MEAP has been released for Active Directory Management in a Month of Lunches.  This one adds chapters 18 & 19

  • Chapter 18, "Managing AD trusts"
  • Chapter 19, "Troubleshooting your AD"

The MEAP is available from www.manning.com/siddaway3

Enjoy

PowerShell one-liner for virtual disk analysis

I needed to look at my virtual machines & their disk sizes – with Windows 2012 R2 upgrade in the works I need to do a bit more tidy up

I found two cmdlets in the Hyper-V module:

get-vmharddiskdrive – can be related to the virtual machine but doesn’t give a size

get-vhd – expects a path to the VHD file

Luckily get-vmharddiskdrive outputs the path. This gives me a nice pipeline:

Get-VM |
Get-VMHardDiskDrive |
Get-VHD |
select Path, @{N='Size'; E={[math]::Round(($_.FileSize / 1gb), 2) }} |
sort  -Descending

Get the VMs pipe through get-vmharddiskdrive  and get-vhd  then select and sort and you’re done.

I always break my pipelines at a pipe symbol – it acts as a line continuation in the console and ISE so anything thing else is just extra unnecessary work

Server Core Module

On a Windows Server 2012 system you will find a ServerCore module with two cmdlets

Get-DisplayResolution
Set-DisplayResolution

On a full GUI system the cmdlets work

PS> Get-DisplayResolution
1366x768
1280x1024

 

And thats it!  Not a lot but it shows the basic information

You set the resolution like this

Set-DisplayResolution -Width 1366 -Height 768

 

If you look in the functions both actually call the setres command!

Setting an IP address

I need to add an IP address to an adapter.  I could use the GUI or WMI but with Windows 8/2012 and above I’ve got all of the nifty networking cmdlets to play with.

Lets start with finding the adapter to use

PS>Get-NetAdapter

will show all of the adapters. Unlike ipconfig it only shows real NICs – thats physical and virtual but not stuff like “Tunnel adapter Teredo Tunneling Pseudo-Interface”

The one I’m interested in is

Name             ifIndex Status
----             ------- ------
Connections      21 Up

You can find the IP addresses associated with this NIC

PS>Get-NetIPAddress -InterfaceIndex 21 -AddressFamily IPv4

IPAddress         : 10.0.50.100
InterfaceIndex    : 21
InterfaceAlias    : Connections
AddressFamily     : IPv4
Type              : Unicast
PrefixLength      : 24
PrefixOrigin      : Manual
SuffixOrigin      : Manual
AddressState      : Preferred
ValidLifetime     : Infinite ([TimeSpan]::MaxValue)
PreferredLifetime : Infinite ([TimeSpan]::MaxValue)
SkipAsSource      : False
PolicyStore       : ActiveStore

 

To add the IP address use:

New-NetIPAddress -InterfaceIndex 21 -AddressFamily IPv4 -IPAddress 10.0.18.100 -PrefixLength 24

Job done.

If you have to do this on a regular basis you can script finding the adapter and setting the IP address in one pass

AD Management MEAP–chapter 17

My Learn AD Management in a Month of Lunches is moving on apace with the release of chapter 17 to the Early Access Process. This one covers AD replication

www.manning.com/siddaway3

Enjoy

International Module

The International module has an interesting set of cmdlets:
£> Get-Command -Module International | select Name

Name
----
Get-WinAcceptLanguageFromLanguageListOptOut
Get-WinCultureFromLanguageListOptOut
Get-WinDefaultInputMethodOverride
Get-WinHomeLocation
Get-WinLanguageBarOption
Get-WinSystemLocale
Get-WinUILanguageOverride
Get-WinUserLanguageList
New-WinUserLanguageList
Set-Culture
Set-WinAcceptLanguageFromLanguageListOptOut
Set-WinCultureFromLanguageListOptOut
Set-WinDefaultInputMethodOverride
Set-WinHomeLocation
Set-WinLanguageBarOption
Set-WinSystemLocale
Set-WinUILanguageOverride
Set-WinUserLanguageList

£> Get-WinHomeLocation | fl *

GeoId        : 242
HomeLocation : United Kingdom

£> Get-WinSystemLocale | fl *

Parent                         : en
LCID                           : 2057
KeyboardLayoutId               : 2057
Name                           : en-GB
IetfLanguageTag                : en-GB
DisplayName                    : English (United Kingdom)
NativeName                     : English (United Kingdom)
EnglishName                    : English (United Kingdom)
TwoLetterISOLanguageName       : en
ThreeLetterISOLanguageName     : eng
ThreeLetterWindowsLanguageName : ENG
CompareInfo                    : CompareInfo - en-GB
TextInfo                       : TextInfo - en-GB
IsNeutralCulture               : False
CultureTypes                   : SpecificCultures, InstalledWin32Cultures, FrameworkCultures
NumberFormat                   : System.Globalization.NumberFormatInfo
DateTimeFormat                 : System.Globalization.DateTimeFormatInfo
Calendar                       : System.Globalization.GregorianCalendar
OptionalCalendars              : {System.Globalization.GregorianCalendar, System.Globalization.GregorianCalendar}
UseUserOverride                : True
IsReadOnly                     : False

Digging into the formats and calendars
£> Get-WinSystemLocale | select -ExpandProperty NumberFormat

CurrencyDecimalDigits    : 2
CurrencyDecimalSeparator : .
IsReadOnly               : False
CurrencyGroupSizes       : {3}
NumberGroupSizes         : {3}
PercentGroupSizes        : {3}
CurrencyGroupSeparator   : ,
CurrencySymbol           : £
NaNSymbol                : NaN
CurrencyNegativePattern  : 1
NumberNegativePattern    : 1
PercentPositivePattern   : 1
PercentNegativePattern   : 1
NegativeInfinitySymbol   : -Infinity
NegativeSign             : -
NumberDecimalDigits      : 2
NumberDecimalSeparator   : .
NumberGroupSeparator     : ,
CurrencyPositivePattern  : 0
PositiveInfinitySymbol   : Infinity
PositiveSign             : +
PercentDecimalDigits     : 2
PercentDecimalSeparator  : .
PercentGroupSeparator    : ,
PercentSymbol            : %
PerMilleSymbol           : ‰
NativeDigits             : {0, 1, 2, 3...}
DigitSubstitution        : None

£> Get-WinSystemLocale | select -ExpandProperty DateTimeFormat

AMDesignator                     : AM
Calendar                         : System.Globalization.GregorianCalendar
DateSeparator                    : /
FirstDayOfWeek                   : Monday
CalendarWeekRule                 : FirstFourDayWeek
FullDateTimePattern              : dd MMMM yyyy HH:mm:ss
LongDatePattern                  : dd MMMM yyyy
LongTimePattern                  : HH:mm:ss
MonthDayPattern                  : d MMMM
PMDesignator                     : PM
RFC1123Pattern                   : ddd, dd MMM yyyy HH':'mm':'ss 'GMT'
ShortDatePattern                 : dd/MM/yyyy
ShortTimePattern                 : HH:mm
SortableDateTimePattern          : yyyy'-'MM'-'dd'T'HH':'mm':'ss
TimeSeparator                    : :
UniversalSortableDateTimePattern : yyyy'-'MM'-'dd HH':'mm':'ss'Z'
YearMonthPattern                 : MMMM yyyy
AbbreviatedDayNames              : {Sun, Mon, Tue, Wed...}
ShortestDayNames                 : {Su, Mo, Tu, We...}
DayNames                         : {Sunday, Monday, Tuesday, Wednesday...}
AbbreviatedMonthNames            : {Jan, Feb, Mar, Apr...}
MonthNames                       : {January, February, March, April...}
IsReadOnly                       : False
NativeCalendarName               : Gregorian Calendar
AbbreviatedMonthGenitiveNames    : {Jan, Feb, Mar, Apr...}
MonthGenitiveNames               : {January, February, March, April...}

£> Get-WinSystemLocale | select -ExpandProperty OptionalCalendars

MinSupportedDateTime : 01/01/0001 00:00:00
MaxSupportedDateTime : 31/12/9999 23:59:59
AlgorithmType        : SolarCalendar
CalendarType         : Localized
Eras                 : {1}
TwoDigitYearMax      : 2029
IsReadOnly           : False

MinSupportedDateTime : 01/01/0001 00:00:00
MaxSupportedDateTime : 31/12/9999 23:59:59
AlgorithmType        : SolarCalendar
CalendarType         : USEnglish
Eras                 : {1}
TwoDigitYearMax      : 2029
IsReadOnly           : False

And finally the language(s)
£> Get-WinUserLanguageList

LanguageTag     : en-GB
Autonym         : English (United Kingdom)
EnglishName     : English
LocalizedName   : English (United Kingdom)
ScriptName      : Latin script
InputMethodTips : {0809:00000809}
Spellchecking   : True
Handwriting     : False

Now you know where to go to find the cultural and locale settings are configured. The big question though is do you use the Set-* cmdlets in this module to modify these settings?  My suspicion is no because you would to modify a large number of settings to achieve consistency. The cmdlets may be useful for tweaking settings for particular tasks.

Windows Error Reporting Cmdlets

Windows Error Reporting (WER) captures software crash and hang data from Windows systems. The data is sent to Microsoft for analysis. The data captured by WER is used to identify those bugs that are affecting customers the most. Fixing those bugs benefits the whole Windows user community.

WER is an optional configuration during the installation of Windows and some other Microsoft products.

How can you tell if WER is configured on your machines?

Windows 8/2012 has a PowerShell module for working with WER configuration.

£> Get-Command -Module WindowsErrorReporting | select Name

 

You can view the current WER configuration:

£> Get-WindowsErrorReporting
Enabled

You can disable WER:

£> Disable-WindowsErrorReporting
True
£> Get-WindowsErrorReporting
Disabled

And you can enable WER:

£> Enable-WindowsErrorReporting
True
£> Get-WindowsErrorReporting
Enabled

These cmdlets are only available on Windows 8/2012 and above. The module is labelled as a script module but it is actually loaded as a dll so its unlikely to be portable to legacy versions of Windows.

Active Directory Cookbook 4th Ed

The Active Directory Cookbook (O’Reilly ISBN: 978-1-449-36142-6) has been a constant resource for me since the first edition covering Windows 2003. I plundered the book for a lot of my early forays in scripting AD. The cookbook supplied answers using as many as possible of the GUI tools, command line tools and scripts.

In those days VBscript was the language we had to use though a couple of scripts in other languages crept into the book. The third edition, covering Windows 2008, finally brought PowerShell into the book.  VBScript was still the predominant scripting language. The GUI and command line tools are still present. The PowerShell scripts were written using either the Quest AD cmdlets or by scripting using the .NET classes and the [adsi] & [adsisearcher] accelerators.

The fourth edition covers Windows 2012. PowerShell is now the standard scripting language – using the Microsoft cmdlets where possible and the approperiate .NET classes to fill in the gaps. VBscript is more or less removed. The command line tools and the GUI options still remain.

The book runs to 830 pages and which is a decrease from the third edition but it appears that is mainly due to the removal of the wordy VBSript examples.

The book covers the whole range of AD activity – users, groups, OUs, domain & forests, trusts, domain controllers, computers, GPO, schema, sites, replication, dns (the new DNS cmdlets in Windows 2012 are show cased), security, logging, backup, ADLS, ADFS, Exchange 2013 and FIM.

With over 465 recipes in the cookbook it covers most of the situations you are likely to meet.

A few minor cautions are needed. Firstly, the individual recipes are just that individual. If you want to create a user – you get an example.  If you want to add a user to a group – you get an example.  If you want to create a user and add to a group you need to work out how to combine the two scripts.

Secondly, the PowerShell examples aren’t always as good as they could be. They work and will get the job done but don’t always conform to best practice.

Thirdly, you need to learn PowerShell somewhere else.  This book won’t teach you and to be fair it doesn’t and shouldn’t try. The cookbook is a domain specific resource.

For the next edition I would recommend dropping the command line tools where there is a PowerShell option. Those tools will eventually disappear. Use PowerShell so you can integrate all of your Windows automation work.

This is a book that I still refer to – even if its just to check some odd AD related fact – and expect to continue to refer to as long as I’m automating AD administration tasks. I can’t recommend this book enough. Get yourself a copy – you won’t regret it.

WMI and Trusts

When you install AD on a machine you get the MicrosoftActiveDirectory WMI namespace as well. This namespace was deprecated in Windows 2012 but while it is still available there are few useful things we can do with it. Even with my fondness of WMI I’m not suggesting moving to using WMI wholesale for AD admin but one of the more useful things is testing a trust’s status.

PS> Get-CimInstance -ClassName Microsoft_DomainTrustStatus -Namespace root\MicrosoftActiveDirectory |
select Flatname, Trust*

 

Flatname          : SPHINX
TrustAttributes   : 8
TrustDirection    : 3
TrustedDCName     :
TrustedDomain     : sphinx.org
TrustIsOk         : False
TrustStatus       : 1355
TrustStatusString : The specified domain either does not exist or could not be contacted.
TrustType         : 2

 

The error messages are because the VM hosting the remote domain is switched off.  If you want a quick test of your trust status this is a good way.

Internet Connection

Can you find the network adapter on your machine that’s connected to the Internet?  On a Windows 8/2012 machine its fairly simple:

PS> Get-NetConnectionProfile -IPv4Connectivity Internet

Name             : NetworkName
InterfaceAlias   : AdapterName
InterfaceIndex   : 12
NetworkCategory  : Private
IPv4Connectivity : Internet
IPv6Connectivity : LocalNetwork

What else can you discover?

The important information is the InterfaceIndex

Get-NetAdapter -InterfaceIndex 12

shows the NIC information such as name, MAC address and speed (similar to Win32_NetworkAdapter)

Get-NetAdapterAdvancedProperty -Name name

shows buffer data

Get-NetAdapterStatistics -Name name

shows transmitted data

Get-NetIPConfiguration -InterfaceIndex 12

pulls the IP configuration

This just scratches the surface to the networking modules in Windows 8/2012

The modules are based on new WMI classes for the most part so you won’t find them on legacy operating systems even with WMF 3 loaded.