LeoPonti Blog

Posts
• PowerTip: Use PowerShell to Create Hash Table

Summary : Use a Windows PowerShell cmdlet to create a hash table. How can I use Windows PowerShell to create a hash table if do not remember the special syntax? Use the ConvertFrom-StringData cmdlet, and put each key-value pair on its own line. (You can perform this on a single line by using backtick character plus n ( n ) for a new line): PS C:\> convertfrom-stringdata "a=1nb=2`nc=3" Name Value ---- ----- c 3 a 1 b 2
• Phantom Elements in a Hash Table

Summary : Microsoft PFE and guest blogger, Chris Wu, talks about working with hash tables. Microsoft Scripting Guy, Ed Wilson, is here. Welcome back guest blogger, Chris Wu … Admittedly, hash tables didn’t catch my attention when I started using Windows PowerShell, but over time it has proven to be one of my favorites. This is largely thanks to its ability to assign names to values for fast lookup. Hash tables store key-value (or name-value) pairs, which means typically we use strings as keys to locate corresponding values. Windows PowerShell also takes keys from the command line as strings. So the following examples will create the same hash table: However, it is not a restriction, per se. Any type of data can be used as a key in hash tables. The following example uses int values as keys, which makes a hash table appears like an array, in terms of syntax: Other than indexing, hash tables also support dot notation to access elements. However, in Windows PowerShell 2.0, dot notation syntax doesn’t support non-string keys. This seems to have been improved in Windows PowerShell 3.0. Actually, as long as a hash table is manually crafted, there is no mystery. Everything was plain and straightforward to me, until I was hit by this particular issue where I was trying to get a list of fixed logical disks by accessing a hash table that returned from the Group-Object cmdlet with the -AsHashTable parameter: What? No fixed disks? That’s impossible! So I double checked: A key called 3 was indeed in the list. The workaround I tried previously also proved that the element was in the hash table. So what the heck? I scratched my head hard, until finally I realized that those keys are objects too. So each key has its type as well. Then I investigated: Here we go… The keys were of the unsigned Int32 type, which are different from the signed Int32 type that Windows PowerShell uses by default. So when Windows PowerShell searched the hash table, looking for an element for Int32 value 3, there was no match! When I figured out that, it became apparent how the elements can be accessed: One take-away lesson that I learned: Keys in a hash table are unique only when the data and the type are considered. I could create a hash table that contain four keys, all sharing the same look: Now, how do we get each of those elements? ~Chris Thanks, Chris, for another awesome blog post. I invite...
• PowerTip: Display a Blinking Message by Using PowerShell

Summary : Use this one-line Windows PowerShell command to display a blinking message. Is there a one-line command that I could use to blink a message in the Windows PowerShell console to get the users attention? Pipe a range of numbers to the Foreach-Object cmdlet ( % is an alias), clear the screen in the Begin block, and then display the message, pause, clear the screen, and pause in the Process block: 1..3 | % -begin {cls} -process {"hello";sleep 1;cls;sleep 1}
• PowerShell Report for a Windows Failover Cluster

Summary : Use Windows PowerShell to create a report for a Windows failover cluster. Microsoft Scripting Guy, Ed Wilson, is here. Welcome back guest blogger, Rhys Campbell … I’m involved in the administration of several Failover Clusters , and I wanted to be able to easily report on these and get an alert for any changes in status. Enter Windows PowerShell. This Windows PowerShell script uses various FailoverCluster cmdlets to write information about a Windows Failover Cluster to a HTML file and copy this to a web server directory root. The script also tracks changes to the state of the cluster and sends an email notification with the details. The following steps outline the process to set up this script. 1. Open clstr.ps. We need to change the SMTP details here. Change the following line… sendEmail "smtp.domain.co.uk" 8025 $subject$report $transcript "to@domain.co.uk" "from@domain.co.uk"; –to– sendEmail "your.smtp.server" 25$subject $report$transcript "who.this.goes.to@domain.co.uk" "powershell@domain.co.uk"; Save and close the file. 2. Create a folder somewhere that is appropriate for the Windows PowerShell script and other resources, for example c:\tmp . This should be fully writable for the user who will execute the .ps1 file. Copy clstr.ps1 to the folder. Create a folder called Resources in the same directory and copy the style.css folder here (customize it if you desire). You may need to sign the script depending on your preferred execution policy. (For more information, see Using the Set-ExecutionPolicy Cmdlet .) 3. Now we are ready to test the execution of the script. The script is executed with three parameters inside a Windows PowerShell console: C:\tmp\clstr.ps1 <cluster name> c:\tmp\ c:\path\to\web\server\root\ Note The cluster name refers to the Windows Failover Cluster name, not the SQL instance name. Parameter 2 should be the script directory root. Parameter 3 should be the root of your web server HTML directory. Notice the trailing slashes. If you execute this a couple of times, the script root folder should look something like this: The script uses the text file to keep track of the cluster state and what has changed. If you have multiple clusters, you can set this up for each one. In this situation, I recommend setting up a directory structure similar to this: C:\tmp\ClusterName1 C:\tmp\ClusterName2 and so on... 4. After your setup...
• PowerTip: Add Computer to Security Group with PowerShell

Summary : Use Active Directory PoweShell cmdlets to add a computer to a security group. How can I use Windows PowerShell to add a computer to a security group? Use the Add-ADGroupMember cmdlet, and remember to use the SAM account name on the computer: To add a computer called “STATION01” to a security group called “RDPEnabled”: ADD-ADGroupMember “RDPEnabled” –members “STATION01$” Note The SAM account name has a “$ ” added to its name.
• ‘Twas the Night Before Scripting: Part 5

Summary : Tonight, our Admin friend learns to migrate group memberships. Microsoft Scripting Guy, Ed Wilson, here. If you missed it, be sure to watch Sean’s video: Just Script It! Also to catch up with our story, read: ‘Twas the Night of Before Scripting: Part 1 ‘Twas the Night of Before Scripting: Part 2 ‘Twas the Night of Before Scripting: Part 3 ‘Twas the Night of Before Scripting: Part 4 And now, our conclusion… During the past four days, we encountered a friend who (with the aid of Dr. Scripto) has learned some basic scripting to accomplish his holiday tasks far more readily. Now he is about to complete his work by deploying and migrating domains. And now we begin To work to the end, To aid in the help Of our good Admin friend. The users were ready, With their attributes set, And the PCs in AD Were ready to get. But one more task ‘Twas there in the way, A simple wee thing To finish the day. “We must now migrate Your memberships here, To the new computers And get you all clear. You were close, I can see, With the cmdlet you chose, But ‘twas the reverse, So I shall show you the close.” Dr. Scripto sat down On his plastery knee, To show to Admin The final piece to set free. “With the info we have And Import-CSV, We can combine them as one, To get done in AD.” To transfer the settings From and old to a new, He ran a cmdlet To get them all through. A cmdlet he typed On the blue world, To untangle adding to The group membership world: Add-ADGroupMember The Admin added Get-Help, To see examples on how To use this new cmdlet, On his screen there and now: GET-HELP ADD-ADGroupMember –examples It seemed just too easy, He tried right away To add one adhoc, Went straight off to play! ADD-ADGroupMember –identity “RDPEnabled” –members “STATION003” But he blinked in dismay, At what he now saw, It just didn’t work, He fell back in awe. Dr. Scripto, he smiled, “A moment, my friend, The answer was close, Almost the end! The trick, the cmdlet, In the examples you see, Is use the SAM property, Of the computer PC.” ADD-ADGroupMember –identity “RDPEnabled” –members “STATION003...
• PowerTip: Show Group Members with PowerShell

Summary : Use Windows PowerShell to get a list of group members in Active Directory. How can I use Windows PowerShell to regularly show who is in an Active Directory group, for example, Domain Admins? To show who is in the Domain Admins group in Active Directory, run the following command: Get-ADGroupMember DomainAdmins If you’d like to view this in a nicer format, use: Get-ADGroupMember DomainAdmins | FORMAT-Table

• ‘Twas the Night of Before Scripting: Part 1

Summary : Dr. Scripto teaches a non-scripting Administrator to easily create users in Active Directory. Microsoft Scripting Guy, Ed Wilson, here. Returning once again to delight us all with a little holiday merriment is Honorary Scripting Guy, Sean Kearney. Other than his habit of occasionally singing off-key Windows PowerShell music, he has taken on the challenge of writing an annual holiday Hey, Scripting Guy! Blog special. He started with A Windows PowerShell Carol: Ebenezer Script Integrates with VBScript . The following year, we visited all of the Blues in Bluesville, where Mr. Finch learned scripting in Use PowerShell to Find and Unlock Users in Active Directory . Last December we had to opportunity to visit the wonder with George Shelley in It’s a Wonderful Shell . This year, the Scripting Guys proudly present to you in 3-D PowerShell-O-Rama Vision, the latest holiday edition. But before you rush to read today’s post, see Sean’s latest video: Just Script It ! ‘Twas the night before scripting, A place of deep sorrow, An Admin sat crying, Not seeing tomorrow. A project was dropped onto him, Unfathomable in size, Impossible to scope, As he looked to the skies. Management undercommitted, And sales oversold, To gain this holiday contract, How were they so bold? The tasks of the project Placed before he Were four tasks that must done With consistency. And our good friend, A person like you, Had never learned to script, Oh yes, this was true. Our good fellow, he cried. Tears rolled to the floor As he stared to the distance, At the darkness of the door. With very little time, Just four days, you see, He was to complete these tasks, Finish them to a tee. This meant all day at work, No sleep at all, No smile from his wife, No hugs at all. These tasks, you wonder, Just bad, they were? I will tell you now To ruffle your fur. Remember a time, Far long ago, When you could not script, And now you will know. Today he would start With the first task at hand, Create some users Within his new land. Populate a new Active Directory With five hundred or so User accounts (details included), Addresses and mo’. How the tears, they welled Into the keyboard below, Sparking and smoking, Like electrical snow. When out of the room, ...
• PowerTip: Debug a Workflow with PowerShell 4.0

Summary : Use Windows PowerShell 4.0 to debug a workflow. How do I set a breakpoint in a Windows PowerShell script workflow? Add the workflow to a script and use Set-PSBreakpoint to set a line breakpoint in the workflow: Set-PSBreakpoint -Script C:\Test-MyWorkflow1.ps1 -Line 12 ID Script Line Command Variable Action -- ------ ---- ------- -------- ------ 0 WFExample1.ps1 12
• Security Series: Using PowerShell to Enable BYOD–Part 2

Summary : Guest blogger and security expert, Yuri Diogenes, continues his series about enabling BYOD. Microsoft Scripting Guy, Ed Wilson, is here. Today’s guest blogger is Yuri Diogenes , who continues his security series about enabling BYOD. Yuri is a senior knowledge engineer, and he is a coauthor of the book Windows Server 2012 Security from End to Edge and Beyond . You can follow him on Twitter at @YuriDiogenes . In the first part of this series, Security Series: Using PowerShell to Enable BYOD–Part 1 , I explained how to enable device registration to allow IT to have awareness of the user’s device and have the capability of performing second factor authentication. If you recall, Contoso IT wanted to enable device registration only for devices that are connected through the corporate network (on-premises). Now that they fully understand the footprint of their user’s devices, they are moving to their second phase—they want enable this capability for users coming from the Internet. This post will continue the Contoso IT story to embrace the "bring your own device" (BYOD) model. If you want to know more about BYOD, read the General Considerations Regarding BYOD section in the Bring Your Own Device (BYOD) Survival Guide for Microsoft Technologies . Scenario 2: Enable access to resources for users coming from the Internet Small, medium, and large corporations nowadays rely a lot on the power of the Internet. Most of the time users will be connected to the web and during that same time they will also demand access to corporate resources. Companies should include on their BYOD strategy the capability to enable users to access corporate resources using their own devices from any location. By using a new capability in Windows Server 2012 R2 called Web Application Proxy , you can publish apps and internal resources to users who are coming from the Internet. The recommended infrastructure for this scenario is shown in the following image: Notice that Web Application Proxy should be behind an edge firewall, and although the image shows Active Directory Federation Services (AD FS), Web Application Proxy can also use NTLM or basic authentication. Scenario definition Contoso IT is moving to the second phase of their deployment, and now they need to allow users who are coming from outside of their internal network to register their devices and access resources. Another requirement is to customize the sign-in...
• PowerTip: Use PowerShell to Discover Console Colors

Summary : Use Windows PowerShell to discover console color assignment. How can I see what colors are assigned in the Windows PowerShell console? Use the Get-Host cmdlet and expand the PrivateData property: (get-host).privatedata
• Updates: Coreinfo v3.21, Disk2vhd v2.0, LiveKd v5.31

Coreinfo v3.21 : CoreInfo is a command-line tool for reporting processor topology, NUMA performance, and processor features. The v3.21 release adds microcode reporting. Disk2vhd v2.0 : Disk2vhd, a utility for performing physical-to-virtual conversion of Windows systems, adds support for VHDX-formatted VHDs (thanks to Brendan Gruber for contributions), now supports WinRE volumes, can capture removable media, and includes an option to capture live volumes instead of relying on volume shadow copy (VSS). LiveKd v5.31 : LiveKd is a utility for performing live kernel debugging of native systems and virtual machines from the host operating system. This release fixes a debugger help library search bug and fixes a bug in Windows 8/Windows Server 2012 mirror dump support.

• Store PowerShell Profile on SkyDrive

Summary : Guest blogger, JD Platek, talks about storing the Windows PowerShell profile on SkyDrive. Microsoft Scripting Guy, Ed Wilson, is here. Today I would like to introduce a new guest blogger. Please welcome JD Platek. JD has been in IT since 2003, and he is an Exchange Server 2010 and Office 365 MCM. He has supported many industries, plus he has enjoyed having the opportunities to travel the world because of IT. Most of his career has been in the Exchange world, which lead him to learn and love Windows PowerShell. JD is a consultant for Microsoft in Singapore. He supports and regularly presents at the Singapore PowerShell User Group . Take it away, JD… There are seven steps for storing the Windows PowerShell profile on SkyDrive: Set up SkyDrive on ComputerA. Create a folder named PowerShell in SkyDrive and make it available offline. Create a new local profile, rename it, and copy it to SkyDrive. Create a local profile and edit it. Edit the SkyDrive profile. Set up SkyDrive on ComputerB. Create local profile and edit. Let’s look at the steps individually… 1. Set up SkyDrive on ComputerA You need to ensure that you log in to your computer with a Microsoft ID, or if your computer is domain joined, make sure that you have linked your Microsoft ID to your corporate account. If you’re not sure, press the Windows key + S, and type “Your Account Settings” in the Search charm. The computer we’re using is running Windows 8.1. There are a few differences between Windows 8.1 and Windows 8: SkyDrive is included by default, so there is no need to install a separate package. The white cloud icon in the Task bar is no longer there. If you view SkyDrive from Windows Explorer, you’ll notice the pretty green checkmarks are gone from the folders, which indicated that the folder successfully synced. There is a new column named Availability . In SkyDrive, you can now select all or some folders to save offline, and other folders can be online and not saved to your local disk. This is as easy as right-click, and then select Make available offline . 2. Create a folder and make it available offline The following screenshot shows that I created a folder called PowerShell in SkyDrive, and I made it available offline. 3. Create a local profile, rename it, and copy it If you already have a Windows PowerShell profile, you can simply copy that file...
• PowerTip: Use PowerShell to List App Background Task Info

Summary : Use Windows PowerShell to list app background task information. How can I use Windows PowerShell to find performance information about app background tasks on my laptop running Windows 8.1? Open Windows PowerShell with Admin rights. Use the Get-AppBackgroundTask cmdlet, and include the complete name of the app and the –IncludeResourceUsage switch. Select the PerfInfo property and expand it. Get-AppBackgroundTask -PackageFamilyName Microsoft.SkypeApp_kzf8qxf38zg5c -IncludeResourceUsage | select –expand perfinfo
• Use PowerShell to Work with RODC Accounts

Summary : Microsoft premier field engineer, Ian Farr, talks about using Windows PowerShell to work with RODC accounts. Microsoft Scripting Guy, Ed Wilson, is here. Today I would like to introduce a new guest blogger, Ian Farr. Ian tells us about himself: I started out writing UNIX shell scripts to automate simple tasks. Then as a Windows IT pro, I discovered VBScript, and it ignited a passion for automation. Over the years, I've used batch files, KiXtart, JScript, HTAs, Perl, JavaScript, and Python. I love solving problems with scripts, and I've written code for several large enterprise environments. I now work as a premier field engineer at Microsoft, teaching Windows PowerShell and helping my customers with their own scripts. Today, I’d like to share with you my function Get-ADRodcAuthenticatedNotRevealed.ps1 . One of my customers has a large number of Read-only domain controllers (RODCs). Each one is configured (by using password replication policies) to only store the account credentials of specific low-privileged user and computer accounts. If an “allowed” account authenticates against its designated RODC, its credentials are cached on that RODC. The account is then added to the “revealed” list. If the RODC loses connectivity to the central site, it can still authenticate accounts in its revealed list. Of course, an RODC can authenticate accounts that are not in an applicable password replication policy. To do this, it must communicate with a Read-Write domain controller. All accounts that an RODC has authenticated, including those in the revealed list, can be found in the appropriately named authenticated list. By now, you’re probably thinking, “What does all of have to do with Windows PowerShell and scripting?” Hang on…I’m almost there. RODCs are most suited to branch office locations, so it’s reasonable to assume that each RODC has authenticated accounts from applicable allowed password replication policies. It’s also reasonable to assume that user and computer accounts that are not defined in a password replication policy may have been authenticated—for example, perhaps a roaming user has visited and plugged in their laptop to the LAN. You may also see authenticated accounts that are part of a “denied” password replication policy. Built-in privileged groups and accounts, by default, do not have their credentials stored on an RODC. Now...
• PowerTip: Use PowerShell to Display a Routing Table

Summary : Use Windows PowerShell to display your routing table. How can I use Windows PowerShell to display the routing table on my Windows 8.1 laptop? Use the Get-NetRoute function.
Page 1 of 2 (26 items) 12