2183
Comment:
|
9296
|
Deletions are marked like this. | Additions are marked like this. |
Line 10: | Line 10: |
= Windows and AD Scripts = == List of AD accounts and the last time they logged in == {{{#!highlight powershell Get-ADUser -Filter * -SearchBase "dc=home,dc=scotnpatti,dc=com" -ResultPageSize 0 -Prop CN,samaccountname,lastLogonTimestamp | select CN, samaccountname,@{n="lastLogonDate";e={[datetime]::FromFileTime($_.LastLogonTimestamp)}} |
|| Get-Member || Will list the fields of the object you send it || || Sort-Object -Property [property name] || Will sort the objects you send in by the property name(s) which can be a comma separated list || || Where-Object {$_.property -like '*string*'} || Will filter the objects. Also short cut notation: ? {$_.property -like '*string*'} || || Get-Command -Module PSWindowsUpdate || Lists all the commands in the PSWindowsUpdate module || = Windows = == Expand all zip files into directories with zip name == {{{#!highlight powershell $list = Get-ChildItem | ? { $_.Name -like "*.zip" } | select Name foreach ($line in $list) { $parts = $line.Name.Split(".") $outDir = ".\" + $parts[0] $inFile = $line.Name mkdir $outDir Expand-Archive $inFile -DestinationPath $outDir } }}} == List of Listening Ports with their owning programs == {{{#!highlight powershell $listening = (Get-NetTCPConnection | ? {($_.State -eq "Listen") -and ($_.RemoteAddress -eq "0.0.0.0")}) foreach ($l in $listening) { $procid = $l.OwningProcess $proc = Get-Process -PID $procid | SELECT ID,ProcessName Write-Host $($l.LocalPort) "||" $($procid) "||" $proc.ProcessName } |
Line 25: | Line 47: |
Line 52: | Line 73: |
= AD Scripts = == Add User to the Active Directory as a batch == {{{#!highlight powershell New-ADUser -Name "A a" -GivenName "A" -Surname "a" -SamAccountName "ab" -Path "OU=OU_Students,DC=cs,DC=southern,DC=edu" -AccountPassword (ConvertTo-SecureString "z36Hynyghg" -AsPlainText -Force) -Enabled $true }}} See: [[attachment:Sample Add students accounts for Powershell.xlsx|Excel Example]] == List of AD accounts and the last time they logged in == {{{#!highlight powershell Get-ADUser -Filter * -SearchBase "dc=home,dc=scotnpatti,dc=com" -ResultPageSize 0 -Prop CN,samaccountname,lastLogonTimestamp | select CN, samaccountname,@{n="lastLogonDate";e={[datetime]::FromFileTime($_.LastLogonTimestamp)}} }}} == Delete AD User accounts that have not been used in X days == {{{#!highlight powershell $DaysAgo = (Get-Date).AddDays(-180) #Get-ADUser -Filter {Enabled -eq $True} -Properties LastLogonDate | ? {($_.LastLogonDate -le $DaysAgo) } | FT Name, SamAccountName, DistinguishedName, LastLogonDate Get-ADUser -Filter {Enabled -eq $True} -Properties LastLogonDate | ? {($_.LastLogonDate -le $DaysAgo) } | Remove-ADUser -Confirm }}} == Delete AD Computer accounts that have not been used in X days == {{{#!highlight powershell $YearAgo = (Get-Date).AddDays(-370) Get-ADComputer -Filter * -Properties * | ? {$_.LastLogonDate -le $YearAgo } | Remove-ADObject -Recursive -Confirm #Get-ADComputer -Filter * -Properties * | ? {$_.LastLogonDate -le $YearAgo } | FT Name, LastLogonDate -AutoSize }}} == Adding DNS records to Windows DNS - For CPTR 446 class == {{{#!highlight powershell Import-Csv googleips.csv | ForEach-Object { Add-DnsServerResourceRecordA -Name $_.DNSName -ComputerName dc1.cs.southern.edu -ZoneName cs.southern.edu $_.IP } }}} == Setting up a Group Managed Service Account == An account that is automatically managed (e.g. password updates) by the domain. See get-help New-AdServiceAccount {{{#!highlight powershell # Adds the required root key to the key distribution service Add-KdsRootKey -EffectiveTime ((get-date).AddHours(-10)) #Create an account: New-ADServiceAccount Sql-Srv-Acct -DNSHostName Sql-Srv-Acct.home.scotpatti.com -PrincipalsAllowedToRetrieveManagedPassword "Domain Controllers" #Install account on rita.home.scotnpatti.com Install-ADServiceAccount -Identity 'Sql-Srv-Acct' }}} |
|
Line 54: | Line 128: |
I needed this once when I was trying to refresh the Library share. It failed on refresh with an error saying that a DVD was in use and wouldn't refresh until it was no longer in use. The following commands allowed me to identify the machines. In general all of these need: {{{#!highlight powershell Import-Module VirtualMachineManager }}} |
|
Line 56: | Line 139: |
I needed this once when I was trying to refresh the Library share. It failed on refresh with an error saying that a DVD was in use and wouldn't refresh until it was no longer in use. The following commands allowed me to identify the machines. {{{#!highlight powershell |
{{{#!highlight powershell |
Line 62: | Line 142: |
}}} |
}}} == List VMs at the end of the semester to be deleted == {{{#!highlight powershell Get-SCVirtualMachine | Select Name, MarkedAsTemplate, Owner | Sort-Object -Property Owner, Name | Export-Csv -Path .\vms2019w.csv }}} == Get a list of VM Mac Addresses for CPTR 427 == {{{#!highlight powershell Get-SCVirtualMachine | Where-Object { $_.Name -like "*427*" } | select -ExpandProperty VirtualNetworkAdapters | select MacAddress }}} == Get a list of IP address for SCVMM == {{{#!highlight powershell Get-SCMACAddress -Assigned | Format-Table -Property ` @{label="MAC address"; expression={$_.Name}; width=18}, @{label="Name"; expression={$_.Description}; width=30}, @{label="IP address"; expression={$a = $_.Address -replace ":", ""; $l = Get-DhcpServerv4Lease -ScopeId 10.10.4.0 -ComputerName "ruth" -ClientId $a; $l.IPAddress}; width=16} #Get-DhcpServerv4Lease -ScopeId 216.249.119.0 -ComputerName 'csdc01' -ClientId '001DD8B71C28' }}} == Setting up a Windows 2019 Server for the first time == 1. Install the server - follow prompts. 1. Setup the AVMA key as shown below OR use sconfig in the next step. {{{#!highlight powershell # Install the AVMA key. slmgr /ipk TNK62-RXVTB-4P47B-2D623-4GF74 1. #First run sconfig and setup the name, timezone and network, remote management and remote desktop. You can also setup windows update from here. # Next we need to install Windows update and get it started. # This will install nuget package too. Install-Module PSWindowsUpdate # Now start the update process # First we'll look at what updates are there Get-WUInstall # Now install them Install-WindowsUpdate }}} See the NAT setup near the bottom! That appears to have negated the need to change firewall rules. Also, I was not able to connect to the system via Server Manager right away. But a few minutes later, I could. No changes were made. But for posterity, they are here: {{{#!highlight powershell # To turn on or off the firewall Get-NetFirewallProfile # to set firewall on or off Set-NetFirewallProfile -Name Domain,Public,Private -Enabled True #Te get/set the firewall rule for private networks to allow any machine on a private network. Get-NetFirewallRule | ? {$_.DisplayGroup -like "Windows Remote Management*" -and $_.Profile -like "*Private*"} | Get-NetFirewallAddressFilter #Shows the address filter Get-NetFirewallRule | ? {$_.DisplayGroup -like "Windows Remote Management*" -and $_.Profile -like "*Private*"} | Set-NetFirewallRule -RemoteAddress 192.168.1.0/24 }}} Using Server Manager, install AD DS == Power shell to list of VM hard drives sizes == {{{#!highlight powershell $vms = Get-SCVirtualDiskDrive -all foreach ($v in $vms) { $d = $v | select -ExpandProperty VirtualHardDisk Write-Output "$($v.Name), $($d.Size)" } }}} == List the amount of memory used by virtual machines == {{{#!highlight powershell Get-SCVirtualMachine | ForEach-Object { $size += $_.Memory } }}} Resources: * [[https://gallery.technet.microsoft.com/scriptcenter/2d191bcd-3308-4edd-9de2-88dff796b0bc#content|Powershell and Windows Update]] == Power Shell Scripts to create a NAT network (without DHCP) on Windows 10 == {{{#!highlight powershell New-VMSwitch -SwitchName "CPTE230" -SwitchType Internal Get-VMSwitch #just for show Get-NetAdapter #get the ifIndex of your vEthernet adapter e.g. 67 New-NetIPAddress -IPAddress 192.168.1.1 -PrefixLength 24 -InterfaceIndex 67 #Using the network ifIndex found above, e.g. 67 New-NetNat -Name CPTE230NAT -InternalIPInterfaceAddressPrefix 192.168.1.0/24 #create the NAT }}} |
Here is a list of Power Shell Scripts that are too cool to ignore
Contents
- Here is a list of Power Shell Scripts that are too cool to ignore
- Windows
-
AD Scripts
- Add User to the Active Directory as a batch
- List of AD accounts and the last time they logged in
- Delete AD User accounts that have not been used in X days
- Delete AD Computer accounts that have not been used in X days
- Adding DNS records to Windows DNS - For CPTR 446 class
- Setting up a Group Managed Service Account
-
SCVMM Powershell scripts
- Get a list of Virtual Machines that have a DVD attached
- List VMs at the end of the semester to be deleted
- Get a list of VM Mac Addresses for CPTR 427
- Get a list of IP address for SCVMM
- Setting up a Windows 2019 Server for the first time
- Power shell to list of VM hard drives sizes
- List the amount of memory used by virtual machines
- Power Shell Scripts to create a NAT network (without DHCP) on Windows 10
For the uninitiated:
Symbol |
Meaning |
% |
shortcut for foreach object |
$_ |
current object in the pipeline |
Get-Member |
Will list the fields of the object you send it |
Sort-Object -Property [property name] |
Will sort the objects you send in by the property name(s) which can be a comma separated list |
Where-Object {$_.property -like '*string*'} |
Will filter the objects. Also short cut notation: ? {$_.property -like '*string*'} |
Get-Command -Module PSWindowsUpdate |
Lists all the commands in the PSWindowsUpdate module |
Windows
Expand all zip files into directories with zip name
List of Listening Ports with their owning programs
List Memory Installed
1 Get-WmiObject win32_physicalmemory | Format-Table Manufacturer,Banklabel,Configuredclockspeed,Devicelocator,Capacity,Serialnumber -autosize
List object from Registry - namely version of .NET installed
1 gci 'HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP' | sort pschildname -des | foreach-object {$_.name; $_.GetValue("Version");}
Remote commands
1 Invoke-Command -ComputerName eve -ScriptBlock { date }
Replace a string in a file using a regular expression
So I downloaded a bunch of files from "the way back machine" site and I needed to update the hard-coded links to be relative site links. The following little script did it for me.
AD Scripts
Add User to the Active Directory as a batch
1 New-ADUser -Name "A a" -GivenName "A" -Surname "a" -SamAccountName "ab" -Path "OU=OU_Students,DC=cs,DC=southern,DC=edu" -AccountPassword (ConvertTo-SecureString "z36Hynyghg" -AsPlainText -Force) -Enabled $true
See: Excel Example
List of AD accounts and the last time they logged in
Delete AD User accounts that have not been used in X days
1 $DaysAgo = (Get-Date).AddDays(-180)
2 #Get-ADUser -Filter {Enabled -eq $True} -Properties LastLogonDate | ? {($_.LastLogonDate -le $DaysAgo) } | FT Name, SamAccountName, DistinguishedName, LastLogonDate
3 Get-ADUser -Filter {Enabled -eq $True} -Properties LastLogonDate | ? {($_.LastLogonDate -le $DaysAgo) } | Remove-ADUser -Confirm
Delete AD Computer accounts that have not been used in X days
Adding DNS records to Windows DNS - For CPTR 446 class
Setting up a Group Managed Service Account
An account that is automatically managed (e.g. password updates) by the domain. See get-help New-AdServiceAccount
1 # Adds the required root key to the key distribution service
2 Add-KdsRootKey -EffectiveTime ((get-date).AddHours(-10))
3 #Create an account:
4 New-ADServiceAccount Sql-Srv-Acct -DNSHostName Sql-Srv-Acct.home.scotpatti.com -PrincipalsAllowedToRetrieveManagedPassword "Domain Controllers"
5 #Install account on rita.home.scotnpatti.com
6 Install-ADServiceAccount -Identity 'Sql-Srv-Acct'
SCVMM Powershell scripts
I needed this once when I was trying to refresh the Library share. It failed on refresh with an error saying that a DVD was in use and wouldn't refresh until it was no longer in use. The following commands allowed me to identify the machines.
In general all of these need:
1 Import-Module VirtualMachineManager
Get a list of Virtual Machines that have a DVD attached
List VMs at the end of the semester to be deleted
1 Get-SCVirtualMachine | Select Name, MarkedAsTemplate, Owner | Sort-Object -Property Owner, Name | Export-Csv -Path .\vms2019w.csv
Get a list of VM Mac Addresses for CPTR 427
1 Get-SCVirtualMachine | Where-Object { $_.Name -like "*427*" } | select -ExpandProperty VirtualNetworkAdapters | select MacAddress
Get a list of IP address for SCVMM
1 Get-SCMACAddress -Assigned | Format-Table -Property `
2 @{label="MAC address"; expression={$_.Name}; width=18},
3 @{label="Name"; expression={$_.Description}; width=30},
4 @{label="IP address"; expression={$a = $_.Address -replace ":", "";
5 $l = Get-DhcpServerv4Lease -ScopeId 10.10.4.0 -ComputerName "ruth" -ClientId $a;
6 $l.IPAddress}; width=16}
7
8 #Get-DhcpServerv4Lease -ScopeId 216.249.119.0 -ComputerName 'csdc01' -ClientId '001DD8B71C28'
Setting up a Windows 2019 Server for the first time
- Install the server - follow prompts.
- Setup the AVMA key as shown below OR use sconfig in the next step.
1 # Install the AVMA key.
2 slmgr /ipk TNK62-RXVTB-4P47B-2D623-4GF74
3
4 1.
5
6 #First run sconfig and setup the name, timezone and network, remote management and remote desktop. You can also setup windows update from here.
7
8 # Next we need to install Windows update and get it started.
9 # This will install nuget package too.
10 Install-Module PSWindowsUpdate
11
12 # Now start the update process
13 # First we'll look at what updates are there
14 Get-WUInstall
15 # Now install them
16 Install-WindowsUpdate
See the NAT setup near the bottom! That appears to have negated the need to change firewall rules. Also, I was not able to connect to the system via Server Manager right away. But a few minutes later, I could. No changes were made. But for posterity, they are here:
1 # To turn on or off the firewall
2 Get-NetFirewallProfile
3 # to set firewall on or off
4 Set-NetFirewallProfile -Name Domain,Public,Private -Enabled True
5
6 #Te get/set the firewall rule for private networks to allow any machine on a private network.
7 Get-NetFirewallRule | ? {$_.DisplayGroup -like "Windows Remote Management*" -and $_.Profile -like "*Private*"} | Get-NetFirewallAddressFilter #Shows the address filter
8 Get-NetFirewallRule | ? {$_.DisplayGroup -like "Windows Remote Management*" -and $_.Profile -like "*Private*"} | Set-NetFirewallRule -RemoteAddress 192.168.1.0/24
Using Server Manager, install AD DS
Power shell to list of VM hard drives sizes
List the amount of memory used by virtual machines
1 Get-SCVirtualMachine | ForEach-Object { $size += $_.Memory }
Resources:
Power Shell Scripts to create a NAT network (without DHCP) on Windows 10
1 New-VMSwitch -SwitchName "CPTE230" -SwitchType Internal
2 Get-VMSwitch #just for show
3 Get-NetAdapter #get the ifIndex of your vEthernet adapter e.g. 67
4 New-NetIPAddress -IPAddress 192.168.1.1 -PrefixLength 24 -InterfaceIndex 67 #Using the network ifIndex found above, e.g. 67
5 New-NetNat -Name CPTE230NAT -InternalIPInterfaceAddressPrefix 192.168.1.0/24 #create the NAT