Practical Powershell Part 2 of 2

It has been almost a month since the first installment of practical powershell. It’s been an incredibly busy month of finishing my Linux + and LPIC 1 certifications. Now that those are all out of the way it’s time to get back to blogging! For this post I’ll cover several powershell topics that range from the everyday to the not so everyday including adding MAC addresses to DHCP allow lists on DHCP servers configured using the integrated DHCP failover architecture in Server 2012 and later, Adding DNS records, Backing up GPOs, and pulling some important info from Exchange 2010 such as Mailbox size listing and listing whether or not distribution lists are hidden from the global address list.

 

DHCP Whitelisting

While you can manually log into your DHCP server, open the MMC and add the second DHCP server into the MMC, this results in redundant data entry and can be prone to human error. As illustrated in the previous post we will again use the invoke-command and -scriptblock cmdlets to accomplish this task. For the same of demonstration we will refer to the DHCP servers and Server1 and Server 2. Below is an example Powershell one-liner to add this:

Invoke-Command -Computername Server1,Server2 -ScriptBlock {Add-DhcpServerv4Filter -List Allow -MacAddress 00-00-00-00-00-00 

Note that the MAC address must be written in a hyphen separated format, if you attempt to enter this with colons it will fail. Additionally if you wish to keep your DHCP allow list organized you can optionally add a description (personally I use the computer’s hostname) by adding -Description “somehostname” at the end of the above Powershell statement.

 

Adding DNS Records

While not exactly a common everyday scenario, you may find yourself in a place where you need to rapidly create numerous DNS records, perhaps this is for a new zone or you are rolling out a series of servers that will need to be added to DNS. While it is arguably easier to use the dnsmgmt.msc GUI tools, Powershell wins if you decide to script this out. The  basic powershell cmdlet for all DNS records is Add-DnsServerResourceRecord(A,CNAME,MX,etc). This most common usage will be A records since these are often the most common record types entered into DNS. The below example shows the creation of an A record for a server named DAL-MEM27 in the zone named bigcompany.com.

Add-DnsServerResourceRecordA -Name “DAL-MEM27” -ZoneName “bigcompany.com” -AllowUpdateAny -IPv4Address “172.16.2.26” -TimeToLive 01:00:00

Additional resource record types can be created in powershell as well. For more information on this, refer to any of the Microsoft technet articles associated with the topic.

 

Backing up GPOs

Let’s face it, if you’ve been a Windows administrator in an environment with more than 10 client machines, you’re inevitably using group policy to some extent. Whether it’s a handful of IE settings, mapping network drivers, running scripts, installing software, etc, your group policies have take some time, thought, and finessing. Whether it’s to protect yourself from accidental changes or deletions or GPOs or part of your DR strategy, it’s a good idea to periodically take backups of your GPOs. The first way I will illustrate below is taking a backup of all GPOs and dumping them on a share via UNC path or by referencing a local destination. If you want to automate this process, you could turn this into a powershell script and leverage task scheduler to run this backup periodically for you.

Backup-Gpo -All -Path \Fileservermygpobackups -Comment “Scheduled GPO Backup”

If you’re interested in backing up a single GPO, this can be done one either by explicitly calling the GPO by its name or by referencing it’s GUID. To find the GUID of the GPO in question, you can go to \domain.localsysvolpolicies to view the GPOs in their folder titles by the GUID name. In the example below we’ll look at backing up the GPO by GUID to a local location, followed by an example of backing up a GPO by name to file share.

Backup-Gpo -GUID yourguidhere -Domain “bigcompany.com” -Server DC-01 -Path C:BackupRepoGPOBackup

Backup-Gpo -Name DriveMapScript -Path \Fileserverdrivemapscriptgpobackup 

To restore your backed up GPOs, you can either import them or use the Restore-GPO or Import-GPO cmdlets.

 

Exchange Mailbox Size Report

For the past year and half I have worked for an organization that has ridiculously large volumes of email. This has lead to the need to audit mailbox sizes about once per quarter to identify mailboxes with extreme space usage to see if we can reduce some space either through archival or deletion of mail. The below Powershell cmldet needs to be run on the Exchange Shell (please note I have only used this in Exchange 2010 but it should also work for Exchange 2013):

Get-Mailbox | Get-MailboxStatistics | Sort-Object TotalItemSize -descending | ft displayname,totalitemsize | Export-Csv -Path C:MailboxSizeAudit.csv

If you don’t want a CSV file to be created you an simply leave off the final pipe and everything after it.

 

Exchange Distribution List Hidden From GAL True/False

In many organizations, it’s commonplace to create distribution lists for former employees and direct their mail to a supervisor and possibly anyone else who will be taking on that individuals work. However most of the time we don’t want these ex-employees cluttering up the global address list. However auditing whether or not the option to hide from exchange address book is checked or not for each distribution list is a very tedious manual process involving a great deal of clicking, cursing, and drinking coffee. Another common attribute in my environment is to ensure the require sender authentication option is disabled for ex-employee distrubtion lists. However we do want this enabled or large internal DLs to prevent spam. This simple Powershell command string below will export a CSV list that you can import into Excel and filter using table formatting to quickly and effectively audit your distribution lists and associated attributes.

Get-DistributionGroup -ID “*” | Select Name,OrganizationalUnit,HiddenFromAddressListEnabled,RequireSenderAuthenticationEnabled | Export-Csv -Path C:ReportsDL_Hidden_Status.csv

 

I’m sure this will not be the last Powershell blog post, as Powershell is a topic near and dear to my heart. Thanks for sticking with me through my almost month long absence from blogging. I look forward to dedicating more time to more frequent blogging.

Practical Powershell Part 1 of 2

I began my journey with Powershell rather causally as an easy way to kill out of control processes on Windows systems. When I began my journey towards MCSA certification for Windows Server 2012 R2, I dove deep into the world of Powershell and really began to understand the full range of possibilities. Being that Powershell is a topic near and dear to my heart, there will be far too much to cram into one lengthy blog post, rather this will be the beginning of a short series on practical Powershell for everyday. Powershell is written in verb-noun structured statements and takes a variety of flags, allows for piping into other commands, and has the ability to output a variety of different files.

 

Using Powershell to Manage Processes and Services

I think every Windows admin has found themselves in the position of dealing with a process or service that has hung and just won’t stop, even when killed from task manager. To be completely honest now that I’ve started using Powershell heavily, I hardly ever kill processes in task manager, as I’ve found Powershell to be more efficient and direct.

To list processes use the get-process or gps command. This will all processes on the system whether they are running or not. Similarly the get-service command will list all services. If you are trying to list a specific service such as VSS you can use get-service VSS. If you are interested in seeing only the services or processes that are running, you can pipe the get statement into a where object statement such as get-service | where-object status -eq running. To kill a running service (such as the Spooler in this example) use the syntax stop-service spooler, please note you will need have launched Powershell as administrator or you may get a permissions error. The same method can be used to Stop-Process, or you can use the shortened version (to kill Firefox in this example) with the following syntax ps firefox | kill.

 

Using Powershell to Install Windows Features

With the growing popularity of Windows Server Core installations, it can be handy to know how to install and manager Windows server Roles and Features through Powershell. This becomes particularly advantageous if you are working with clustering where you need to install multiple roles or features across multiple servers. The syntax to view all roles and features is Get-WindowsFeature. To view only features that installed on a system you can use Get-WindowFeature | where-object InstallState -eq Installed. To install a role or feature use the Install-WindowsFeature featurename command. You can also include the -IncludeAllSubFeature and or -IncludeManagementTools flags to install additional options. If you need to install the same feature on multiple servers you can string these together using the Invoke-Command functions, see the example below where we are installing Active Directory Domain Services on DC1 and DC2:

Invoke-Command -ComputerName DC1,DC2 -ScriptBlock {Install-WindowsFeature AD-Domain-Services -IncludeManagementTools}

Common Active Directory Tasks

If you administer a domain with account lockout policies, you will no doubt run across cases where users will lock themselves our of their accounts. A simple query will tell you if there are any accounts locked out and if so which ones using the syntax Search-ADAccount -LockedOut. Once you’ve identified the accounts that are locked out you can unlock them by using Unlock-ADAccount username or you can simply hit the up arrow and pipe the unlock statement to the original query ex: Search-ADAccount -LockedOut | Unlock-ADAccount.

You can also use Powershell to add users into groups. I find that for most practical cases ADUC or ADAC works sufficiently for this task, however if you’re doing this remotely on a touchscreen device like a smartphone it can be difficult to navigate either of these tools. Instead I leave a Powershell window open on one of my DCs all the time so that I can handle these requests on the go. The syntax is as follows Add-ADGroupMember -Identity nameofadgroup -members username1,username2. Where this method becomes extremely useful is when batch adding users through scripting.

Similarly if you ever get requests to pull reports regarding the membership of a specific group, Powershell makes quick and easy work out of this. You can use the following quick one liner Get-ADGroupMember -Identity groupname | ft Name | Out-File -FIlePath C:GroupNameMembers.txt

Moving FMSO Roles

If you’ve ever had the pleasant task of having to migrate FSMO roles from one DC to another or worse yet seizing FSMO roles from a failed DC, you understand the fun of having to use multiple different GUI tools to accomplish this task. Powershell makes this task a lot easier using the Move-ADDirectoryServerOperationMasterRole -Identity DCtohostrole -OperationMasterRole FSMONameorNumber. If you are seizing the role from a failed DC use the -Force flag at the end of the line. Note that to move forest wide roles you should be a member of Enterprise Admins security group and to move the Schema Master you need to be part of the Schema Admins security group. Powershell also allows you to specify numbers instead of role names when moving a FSMO role. FSMO names and numbers are listed below:

PDCEmulator 0

RIDMaster      1

InfrastructureMaster 2

SchemaMaster 3

DomainNamingMaster 4

Restarting or Shutting Down Multiple Machines

The Stop-Computer cmdlet is used to shutdown, and the Restart-Computer cmdlet is used to reboot. If other users are logged in you may need to issue the -Force flag to reboot or shutdown anyways. Using the Invoke-Command statement we used earlier you can restart multiple servers or shut them down by leveraging this syntax. See the example below:

Invoke-Command -ComputerName Server1,Server2,Server3 -ScriptBlock {Restart-Computer -Force}

Thanks for reading, I hope you find Powershell to be as useful of a tool as I do. It’s quite powerful in its use for simple one liner commands, but becomes even more powerful as you start building out scripts leveraging Powershell’s ability to create variables and process some fairly complex scripting logic. In the next session we will cover some additional topics related to Powershell.

For The Love of Coffee!

Greetings,

 

I apologize in my latency for getting videos up for my most recent posts. I have been fairly swamped between studying for Linux + and working. All this work and studying is only possible due to my best friend in the entire world…yup, you guessed it…Coffee!! In this lighthearted post, I will cover a few of my favorite coffee making methods and a few of my favorite coffee blends. I’m eager to see what kind of coffee preparation methods and coffee blends the rest of you in the caffeinated IT world use, please comment with your own methods and blends.

 

It’s All About That Grind

One of the most surprising things in my journey to becoming an ultra caffeinated coffee snob is the incredible difference the grind makes. When I refer to the grind I not only refer to how fine or course the grind is, but also the method in which the coffee is ground. There are fundamentally two different kinds of grinders out there…the blade grinders and burr grinders. Blade grinders are your standard coffee grinders with a flat blade that essentially chop the coffee over and over again into a grind. While these are fairly effective at grinding, there are a couple of things they don’t do so well. If you’ve ever tasted the difference between chopping cilantro with a knife vs crushing it with a mortar and pestle, you’ll know where I’m going with this. The longer you grind with a blade grinder, the hotter the coffee gets, which can lend a burnt taste to your grounds. Additionally the consistency in the grind provided by blade grinders is moderately inconsistent. Enter the burr grinder.

Burr grinders are a familiar site in most coffee shops, we’ve all seen the large grinders with the large bean hoppers. There are much smaller versions available for home use, both in electric and hand grind options. Burr grinders function by crushing the coffee either between 2 conical cogs (similar to an old school pencil sharpener) or by crushing the bean against a flat surface with a grinding cog. The result is that the beans are crushed in a way that provides a consistent smooth grind without the heat of a blade grinder, and with the flavor that can only be unlocked by pulverizing a bean through crushing rather than chopping away at it. At a previous job, I tried a blind taste test with a few of my coworkers, giving them the same blend of coffee one prepared with a blade grinder and one with a burr grinder. The results were overwhelming, most of them thought the burr ground coffee was a completely different blend. If you don’t believe me, try it yourself, I’m sure you’ll never go back.

 

Favorite Brewing Methods

There are countless methods of brewing coffee, many of which I have never tried but hope to someday, including the siphon brew methods. Personally I am a super busy person always in a hurry and looking for the strongest cup of Joe I can get my hands on. My preferred methods tend to be an espresso maker or the good old french press. I’d be interested to hear what others are using for their prep methods.

 

Top 3 Favorite Coffee Blends

  1. Ravensbrew Dead Man’s Reach:  Hands down my favorite coffee blend. This wonderful brew was recommended by another coffee loving IT colleague, and certainly the best I’ve run across in a long time. Dead man’s reach is a very dark brew coffee that’s extremely aromatic, packs a nice caffeine kick and never ceases to satisfy. This coffee is great every way I’ve made it, and goes great with cream or black.
  2. Kicking Horse Hoodoo Joe: Kicking Horse coffee has been a long time favorite of mine. I think I have had nearly every blend of coffee these guys produce. I have yet to find a coffee of theirs I don’t like. One of my favorite things about Kicking Horse in general is that all of their coffee is really low in acidity, which is fantastic, because no one likes acidic coffee on an empty stomach. Hoodoo Joe is the absolute darkest Kicking Horse coffee out there. This blend is a shade grown dark roast coffee that’s aromatic and has a nice full body flavor
  3. Sleepy Monk: Of course hailing from the Pacific Northwest I am inclined to plug a local favorite. Sleepy Monk is a local coffee roaster on the Oregon coast, this is by far one of the strongest coffees I’ve ever had both in flavor and punch…Seriously, this one will blow your hair back if you’re not ready for it. Anytime I travel to the coast, I’m always keen to stop at the little road side stands that use Sleepy Monk coffee, this is a nice way to keep awake on the ride home after a long day at the beach.

 

Hopefully I will be finished up with Linux + in the next couple of weeks and will get back on track with posting more regularly. Thanks for hanging in there with me. I look forward to your comments regarding your favorite coffees, preparation methods, and what sort of grinding methods you’ve used.