Script for some basic Login and Exchange info

This needs the Quest Active roles Snapin...

Download it Quest Downloads Page follow the instructions.

from a Powershell session type

add-PSSnapin quest.activeroles.admanagement


Script contents
$user = read-host "Enter Username in the following format....LastName.GivenName"
get-qaduser Domain-Name\$user | fl -property displayname,email,phonenumber,userprincipalname,lastlogontimestamp,lastlogon,lastlogoff,dn,homedirectory,passwordstatus,accountislockedout,accountisdisabled,memberof,nestedmemberof,passwordstatus,tsprofilepath
get-qaduser “$user” -IncludedProperties homeMDB | fl Name,homeMDB

The GET-QADUSER can bring back a whole stack of info, if you try typing it at the powershell prompt with your own account, somthing like this....

get-qaduser domain-name\user-name

Then a whole load of info will fly up the screen, you dont need it all so I've used the PIPE redirector to use the FORMAT-LIST command and with the -PROPERTY switch listed specific properties for an AD account. The mailbox info can be retrieved using the second line which specifically targets Exchange which by default is not listed, so you need to tell the command to include the exchange properties, again I've PIPED that through the FORMAT-LIST command and targeted the name and home Mailbox database info.

The $user is a variable that holds the user name you enter when the script runs, you can add or remove any property you want, I've just used ones that I feel are improtant for doing simple AD account admin for now, and it's always handy to know what Exchnage server someone is on incase that is off for maintenance or has a fault.

Powershell Profiles and Snap-Ins

Instead of me blabbering on about Powershell Profiles I’ve found a good Microsoft Technet page that does all that for me!! And…you can find it here….

http://technet.microsoft.com/en-us/library/bb613488(VS.85).aspx

you may also have to look at the execution policy of the system and you can see how to do all that from this link here….

http://technet.microsoft.com/en-us/library/bb648601(VS.85).aspx

The execution policy is a security measure so it’s not there just to rain on your parade!!!!

Getting back to Powershell Profiles…..I have found three good utils, or rather snap-ins….the Quest active roles I’ve mentioned before and to compliment that I’ve downloaded the Microsoft Powershell Community Extensions or rather to give it a nickname……PSCX. And from VMWare the PowerCLI a powershell snap-in for VMWare OSs.

Now….here is the thing….the bad rub of the green….the rain on your parade!!! Once you have these installed the Powershell GUI or CLI interface does not…. No dont cry….it’s all to do with your blank profile….edit your own profile (Notepad or wordpad will do!) and to make sure that for each GUI or CLI powershell session picks up the snap-in, permanently, enter the command
add-pssnapin quest.activeroles.admanagement
save the file, and any powershell session will now execute that command when you launch a powershell session.

The Snap-Ins I use I have scripted, any time I launch Powershell I just run the scrip to load the snapins...the script contains these lines

Add-PSSnapin quest.activeroles.admanagement (Quest Active Roles) Add-PSSnapIn VMware.VumAutomation (VMWare) Add-PSSnapin VMware.VimAutomation.Core (VMWare)

For the Microsoft Powershell Community Extensions, run the MSI file and take the option AMMEND TO PROFILE and now you have both snap-ins configured for any Powershell session.

You can configure system wide profiles, I just configured my own profile though.

Opps before I forget links for PSCX ,PowerCLI and QAD stuff are here….
http://pscx.codeplex.com/   you may need to register for MSCX
http://www.quest.com/powershell/activeroles-server.aspx

http://communities.vmware.com/community/vmtn/server/vsphere/automationtools/powercli

Recover deleted AD Accounts

An account was accidentally deleted….so I recoovered it by using

get-qaduser  -tombstone | format-list * > path_to_output_file.txt

What that will do…type the output of tomstoned AD user accounts to the file you specified in path_to_output_file.txt ….then once you have that, use whatever search method you know to search the file for the account that has been deleted….then run

Get-QADUser -Tombstone <name> |restore-QADDeletedObject

Where <name> = deleted account

Thats you done! Account recovered

You will need the Quest Active Roles snap-in or use the Quest powershell shell.

Process to report on server tag numbers in AD

Using Quest Active roles powershell snappin QAD Snappin download in  type in the command

get-qadcomputer -osname ‘windows*server*’ | format-table -hidetableheader -property dnshostname > outputfilepath

This will retrieve the DNS name of the servers.

Open excel (or other spreadsheet app) and open the text file outputfilepath as a text delimited file and set the delimiter to the full stop or period character “.” this should separate the hostname in to a seperate column and you now delete the cells that contain the remainder of the DNS name of the servers.

Save the file as a text file and rename to something like srvhosts.txt or you can over write the original file…as long as you remember the cleaned up file path and name we are ok

Now we need to get the contents of the file in to an array….
we do this by typing

$slist = (get-content outputfilepath)

test the contents by typing

$slist

you should see a list of hostnames fly up the screen, remember the array is still active as long as you have kept the same session in powershell, now we can iterate through the array like so

foreach ($srv in $slist) {get-wmiobject -class win32_bios -computer $srv | format-list -property manufacturer,serialnumber,path >> outputfilepath}

Basically this command goes through the file containing the hostnames line by line, reads in the hostname and connects via WMI and reports the manufacturer, serialnumber (aka tag) and Path (which also displays the hostname) and redirects this to a text file that can be searched.

NOTE you need the double chevrons >> or the "append" text redirector so the text output file is not overwritten on each revolution of the foreach loop…I’ve already made that mistake.

The above command will not fit on a whole line so powershell wraps in to the next line.
A nice by product is that Virtualised servers dont have tags, instead the Hosting server dishes out a VMWare tag and that lets you know the servers is virtualised…superb!!!

Limitations…permissions to access remote servers from the credentials currently being used.
AD has a hostname character length limitation, some servers exceed the name length and therefore are incorrectly reported to AD.

Requirements…powershell V2.0, QAD Active roles snapin,and excel

Another way of using the text file is without a defined FOREACH loop, Powershell can imply foreach loops…here is an example…

get-wmiobject -class win32_bios -computer (get-content somecleanflattextfilepath) | format-table -property manufacturer,serialnumber,path

This time the server list contained in the (get-content somecleanflattextfilepath) is automatically iterated through and passed to the commands….which is cool!!!!!!!!! the output can be redirected to a text file too.


I should also mention that since you are querying the WMI class win32_bios if the server has been virtualised in VMWare, then VMWare will generate a virtualised bios result...usualy it starts with vmware......and numbers or text strings, I'll look out an example...anyway from that the point really is you can tell what is physical and what is virtual...