Monthly Archives: November 2010

Powered by PoSh at work. :)

Posted on by
Reply

It’s been a while since I blogged, mainly because I’m crazy-busy at work. Unfortunately it’s all about things one can not automate using PowerShell: SP3 installation (OK, I can automate installation itself, but with pre-boot I can’t use it against laptops after business hours and I think it is not best idea to do it in background when people are working on their PCs), convincing users to use tools rather than phone when they have problems, inform users about recent changes in environment, and so long, and so fourth.

But there were bright points that I would like to share.

1. I was asked to check our NetWare server for long paths. Some tool came together with that. If you guess I have not touched that tool you guessed wrong. 🙂 But sure – I first used PowerShell for that, tool was used only to confirm what I already knew.

2. Cleaning up one of security groups in AD. Originally guys from Infrastructure team planned to use ldifde to do that. I suggested that I can do that pretty easily with PowerShell. They agreed on that, but wanted to see the ‘script’ first. To be honest: it was one-liner at first, but just for sake of readability and re-use I written it into short script:

PowerShell, using GeSHi 1.0.8.8
  1. param (
  2.  
  3.     # LDAP path to container than should be checked
  4.     $OU = ‘OU=WAR,DC=EU,DC=PXL,DC=INT’
  5. )
  6.  
  7. # DN of the group to check/ remove members from
  8. $NovellGroup = ‘CN=SmartCard_No_NovellClient,OU=EU Groups,DC=EU,DC=PXL,DC=INT’
  9.  
  10. # Just to test… To do actual action – remove -WhatIf flag
  11. GetQADUser SearchRoot $OU | Where-Object { @($_.MemberOf) -contains $NovellGroup } | RemoveQADGroupMember Identity $NovellGroup -WhatIf

They liked it so we used it. And you know what? When they did the same for OU=BUE (Buenos Aires) they used almost the same script (only with addition of alternate credentials prompt) just because there were some issues with ldifde. And (here quote):

your PS script is working like a bomb 🙂
It has saved a lot of my time today (…) I’ve modified the script a little and we’ll use it for the remaining sites. Much easier.
I guess i’ll need to start diving a little deeper into PowerShell scripting 😉

3. After this e-mail I asked my boss if he thinks it’s a good idea to prepare internal PowerShell training for our regional team, got very positive feedback, so my class is almost ready. Plan to do the training in December, will se how it goes. 🙂 Next step will be either perform training for larger group (not in number, but in scope) or prepare deep dive course with more advanced topics covered.

4. My modules – Inventory and WAD (stands for Warsaw AD, based on Quest stuff) are working very well. Unlock-WADUser is my favourite – due to our setup different systems are contacting DCs in different sites. So sometimes it would take up to 30 minutes to unlock account for a given system. With Connect-QADService and list of DCs in all (important) sites I can do it in an instant:

PowerShell, using GeSHi 1.0.8.8
  1. function UnlockWADUser {
  2.  
  3.  
  4. <#
  5.     .Synopsis
  6.         Function to unlock users based in Warsaw (or any user if used with -Identity parameter)
  7.     .Description
  8.         This function is trying to unlock AD users in three sites: UXB, BER and WAR.
  9.         It’s connecting to a given service (Connect-QADService) and look for locked account(s).
  10.     .Example
  11.         Unlock-WADUser
  12.         This command alone will try to unlock all acounts in WAR container
  13.     .Example
  14.         Unlock-WADUser -Identity FooB
  15.         This way you can specify which user to unlock (in this case – Bar Foo)
  16.     .Parameter Identity
  17.         Aliases: Name, SAM, User
  18.         Parameter to limit query/ unlock to single user.
  19. #>
  20.  
  21.  
  22.     [CmdletBinding()]
  23.     param (
  24.         [Parameter()]
  25.         [Alias(‘Name’,‘SAM’,‘User’)]
  26.         [string]
  27.         $Identity
  28.     )
  29. if (!$psBoundParameters.Identity) {
  30.         $psBoundParameters.Add(‘SearchRoot’,‘OU=WAR,DC=EU,DC=PXL,DC=INT’)
  31.     }
  32.    
  33.     $Unlocked = New-Object System.Collections.ArrayList
  34.    
  35.     foreach ($DC in @(‘uk-uxb-dc004’,‘de-ber-dc004’,‘pl-war-dc001’)) {
  36.         ConnectQADService $DC | Out-Null
  37.         GetQADUser @PsBoundParameters Locked | UnlockQADUser | ForEach-Object { $Unlocked.Add("$($_.Name) @ $DC") | Out-Null}
  38.     }
  39.     if ($Unlocked.Count -gt 0) {
  40.         Write-Host -ForegroundColor Cyan "Unlocked accounts:"
  41.     } else {
  42.         Write-Host -ForegroundColor Cyan "No locked accounts found!"
  43.     }
  44.     $Unlocked
  45. }

My life became easier again. Too bad not everything can be automated in my work… 😉