Setting up a lab

There are so many good reasons to have a lab available. There are very few reasons to not. IT organizations are constantly testing new releases, new configuration, and some widget that needs to be rolled out. We need to evaluate software and solutions that we want to implement in our production environments. With Windows 8+ and the latest versions of Hyper-V there are really no good reasons to not have a lab to use.

With that said, managing the lab in Hyper-V is very easy and to be honest, it is quite fun. If you are a VMWare shop, that is great. Either way there are some simple techniques and best practices that can be super helpful.

This video walks through some thoughts and ideas on how to manage your lab, how to setup the core environment and prepare for testing. We’ll try to follow up with additional content related to evaluating Specops solutions, but first things first…

Enjoy!

Why are my cmdlets not working? Duh!

PS C:> Get-VM

PS C:> 

What? I have multiple VMs running on my system. I use this cmdlet often. What? Why did it suddenly stop working?

So, what to do? Of course my first move is to look at the help system.

PS C:> Get-Help Get-VM -ShowWindow

I really like the 'ShowWindow' parameter. It dumps the complete help file into a separate window where you can filter, zoom, search and more. 

Unfortunately I didn't find anything. I don't get an error in the console. I started using bing. Or Google, whatever you choose. I use bing. Of course there are lots of forum threads and random links. Nothing to do but start reading. 

The 'ah-ha' moment suddenly becomes the 'duh' moment. I saw a thread on the Get-VM cmdlet not working. And a few people were adding very complicated troubleshooting including SC-VMM stuff etc. At the end of the long thread... someone posted "run the console as admin"... DUH! 

I always run my console as admin, but for some reason this time I forgot. And didn't check.

If you have a problem in PS, and it is bizarre/strange... make sure to check how it is running. It is simple, the title bar of the console will tell you if you are running as admin. Make sure to check.

If you are new to PowerShell, simply right-click on the PowerShell Icon in the task bar and choose your option. Simple...

Windows Management Framework 5.0 - September Preview

Like a kid in a candy shop - well a sort of geeky kid

The Windows Management Framework 5.0 came out yesterday twitter-verse was abuzz. Blogging, tweeting, re-tweeting, re-re-tweeting. Lots of interest it appears. It is fun to look at what is new, what improvements have been implemented and begin to see hints of more to come.

Some of the features are fully accessible now, some will take some additional thought. And for each of us those may be different things.

You can find the team announcement on their blog - PowerShell Team Blog.

I'm having a scattered multitasking Friday so I don't know how much time I can spend on this today but I'm excited to dig in. Thanks PowerShell team for delivering a good evaluation guide with these previews, really helpful!

Today I'm;

1. Setting up Azure Virtual Machine to begin testing some upcoming products!
2. Digging into some PowerShell/Azure synergy I haven't played with yet
3. Reviewing the WMF 5.0 September Release
4. Working on multiple sessions/webinars/conference proposals
1. DSC and Group Policy - compliance for the desktop
2. Longer is Stronger - why passphrases are powerful
3. PowerShell basics - training sessions for our customers

Some of my favorites from the team announcement are;

• Manage Zip files! - the little things are sometimes great!
• Compress-Archive
• Expand-Archive
• Lots of DSC stuff
• Register a PSRepository with PowerShell Get sounds interesting - hosted modules - work from anywhere? we will soon see
• Switch management - more evolution
• ISE updates to make working with DSC easier

Great job PowerShell team. 

Group Policy 002: The Cmdlets - New-GPO

Simple!

It really is. I want to create a new GPO from PowerShell. Of course there will be work to do later but just get the GPO created. 

I created a brief video walking through the process.

Enjoy!

C'Mon Man! - wasted time - PowerShell Help

PowerShell Help

I love the PowerShell Help System! I honestly do. I have surely drank the kool-aid and stopped trying to memorize everything in there. When I have a need I turn to...

1. Get-Command
2. Get-Module

When I have found a command that I believe will work I use

• Get-Help
• Get-Help -Full
• Get-Help -ShowWindow
• Get-Help -Examples

And...

• Get-Help -Online

If for some reason I'm still having issues I will go to the Internet and find resources to help. People who have had my problem before, and figure out what they have done.

The Problem

Why is it that people think it is helpful to copy the content of Get-Help -Full and post that as a blog post on their personal blog. No additional value, not scenarios where they used the cmdlet, nothing but the same exact content I can get from Get-Help -Full or Get-Help -Online. 

This is not helpful! It is distracting and hurts troubleshooting efforts.

OK, let me give folks the benefit of the doubt, let's assume they are trying to be helpful. Point to source of the info and post how you used the cmdlet. Learn the help system and know that all of that information is online. The system is absolutely awesome and we as a community need to support it and help it continue to grow. Let people know how great it is and how it helped you. Don't simply copy it and re-post. It is not adding any additional value.

PowerShell 009 - Get-Help -ShowWindow

Help... huh... what is it good for?

The help system in PowerShell is one of the features that makes the new shell so accessible. Once you get used to the system you ask PowerShell questions and it gives you answers. You ask it to clarify, and it does. You ask for more details, it gives you more details. You ask for examples, it gives you examples. It is really, really great.

I was working through some best practices by some of the PowerShell MVPs and I was finding some sample scripts and advanced functions on TechNet and realized that often times writing good help is skipped.

I'm optimistic that the amount of help content I consume will burn into my brain the value of taking the time to write good help content.

-ShowWindow

You can write the help content to the screen and read it from the console. You could even send it right out to a printer, but don't! ("I speak for the trees, for the trees have no tongues" - The Lorax) Sending the help content to the console window is great. When working quickly I often will simply look at examples to get me started;

PS> Get-Help Get-CimInstance -Examples

If I want to see all of the content in the console window;

PS> Get-Help Get-CimInstance -Full

Great. Quick, moves the ball forward nicely. But when learning the subtleties of cmdlets there is often an extensive amount of content to go through. PowerShell's ISE provides a way to throw the content into a single window. It also provides some very interesting features to assist. To get the full content in a separate window type;

PS> Get-Help Get-CimInstance -ShowWindow

Your help content is now in a separate windows. Makes research and troubleshooting much easier in my opinion.

My poor eyes! The text is small, my reading glasses are in the other room, my backup reading glasses are in the couch cushions and my backup, backup reading glasses are who knows! But look... in the bottom right hand of the screen there is a slider bar that allows you to magnify the text... nice! Thanks Microsoft! (you can also <CTRL> & + to increase the font size)

Narrow It Down

OK, now there is a lot of content. How do I find what I am looking for. Get-CimInstance (the cmdlet I chose for the example) seems pretty confusing. The first thing I see is syntax. Lots of syntax. There are almost 10 parameter sets to deal with. Seems to be lots of parameters. I'm betting there are lots of examples.

Right at the top left side of the screen you will see a 'Find:' feature. Simply type in the word or phrase you are looking for and let PowerShell (well the ISE) help you.

In the upper right you will find a button called 'Settings'. Click this button and select only the 'type' of content you want displayed in the window.

It is all pretty self-explanatory. Make sure you spend time here. I have surely heard this message from the PowerShell gurus out there and taken it to heart. Another lesson I'm learning the more I develop scripts and tools with PowerShell is the importance of formatting... but that is a discussion for a different day.

PowerShell 008 - $Profile

$Profile - what is it good for?

There are many things you can use the profile for in PowerShell. The variable $profile stores the path to the profile loaded when you launch the console or the ISE.

 

 

If you notice the path above you will see the script is called 'Microsoft.PowerShellISE_Profile.ps1'. It is a profile script that will load when you launch the ISE. I almost exclusively use the ISE these days, I have found very few reasons to use the console. That is a different discussion.

 

What is put in the profile script?

Well, that is really the question I've been asking myself. I find that just about every time I launch the ISE I think of something that I need to have available to me. For example I use the Specops PowerShell cmdlets every day. The cmdlets and functions that come through our Deploy products are PowerShell modules. Our Specops Password products expose their commands through PSSnapIns. PSSnapIns and some modules need to be loaded explicitly.

• Add-PSSnapIn -Module specopssoft.specopspasswordpolicy
• Import-Module -Module specopsdeploy

Another thing I do on a regular basis is update the help content. Now this is a bit much for a profile in my experience but it can catch updated content when available. If there are specific modules that you utilize all the time you can update those individually. This command updates the help content.

• Update-Help
• Update-Help -Module Hyper-V

Many of my friends and colleagues use PowerShell and some are true power users. Their profile scripts include quite a bit of automation. These are just simple examples share yours.

 

Starting the console with the focus on a directory that is used for most tasks is also very helpful.

• Set-Location c:\psstuff

How to Update the profile script

The path to the profile script is stored in the $Profile variable. Above you can see the data stored in this variable for the ISE. When you want to edit your profile script simply type

 

 

 

 

This will launch notepad with the profile script.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

And that is that

Save the script, close the ISE and re-launch it. the configuration your have in the script will run. If you haven't updated help content in a while this one can take a while. So use that with the understanding of what it is doing.

PowerShell 007 - Building the pipe

A Step Back

OK, so I’m a big fan of get-help. I use it just about every time I sit at the PowerShell_ISE. It is partly because I’m old and can’t remember everything, partly because there is simply too much to know, and, as Jeffrey Snover says “I am a flawed human being”. You should check out the Virtual Academy PowerShell Jumpstart session with Jeffrey Snover and Jason Helmick. These two are great Edutainers. So, even if I forget to mention the help system use it and the community to learn.

As you may know, or possibly not yet, PowerShell is a system that returns objects back on request. Even though you may only see a small bit of data returned to the screen the object returned may include much more data. For a quick example, if I want to look at the most recent log entry in my application log I can type;

PS\> Get-EventLog –LogName Application –Newest 1

This returns something like this.

Index, Time, EntryType, Source, InstanceID and Message. It provides some very important data and often this is all I may need to look at. But if I want to see the whole object I can try;

PS\> Get-EventLog –LogName Application –Newest 1 |format-list *

The above means get the same data but display the object in a list, as opposed to a table, and show me the entire (*) object. It looks like this.

Lots more data. For different cmdlets there is going to be different data returned to the screen, which is a sub-set of the entire object.

I actually did something else here. I ‘piped’ the object returned from one cmdlet to another.

Pipeline

Above the simple example takes the single object output from my Get-EventLog cmdlet into the Format-List cmdlet. Great for organizing your output. What happens if you have a cmdlet that returns a lot of data?

PS\> Get-EventLog –LogName Application |Measure

This counts how many objects to output. Right now I would return a measly 2685 events as individual objects. Small application log but way too much to handle. I want to pipe the output to another cmdlet, Select-Object, to trim down the output a bit.

When I pipe the output to Select-Object I can narrow down based on the properties of the object.

PS\> Get-EventLog –LogName Application | Select-Object –Property EventID, MachineName, –First 20

The above uses Select-Object to only show two properties, EventID and MachineName for the first 20 entries in the log.

You can narrow by any data that you are looking for. What if you want to see Source, or EntryType. Just use those properties in your list and you are good.

I find the pipeline to create an incredibly intuitive, readable system that at first glance can look very complex. It reads like a bit of a work flow.

1. Get all events in the application log
2. Select from that list the first 20 events
3. only prepare the EventID, MachineName, Source and EntryType.
4. Export the data to a webpage

PS\> Get-EventLog –LogName Application | Select-Object –Property EventID, MachineName, source, EntryType  –First 20 |Convertto-HTML |Out-File .\eventlog.html

Other than some typos…

SMH - Windows 8, Windows 8.1, Windows 8.1 Update 1

Not what you are expecting?

My rant du jour is not against Windows and its direction since Windows 7, it is a rant for it. More specifically it is a rant against those so called pundits that have built careers spouting opinion filled nonsense because it collects readers. 

I have been reading about Update 1 for a while as most of us have. I had taken a look at the update on one of my tablets, I waited for my main computer and my laptop until today. I was expecting to not like the update. The reason I didn't think I would like the update is because I felt like Microsoft and the Windows team was bailing. It seemed like they were pandering to whiney, I don't like change people and I personally think that is weak! I love Windows 8 + and I love it on my Surface Pro, my RT, my laptop, my desktop. Touch, no-touch, I don't care. I find the OS elegant, fun and interesting. 

I like the management of it, I like PowerShell, I like the dual experience of modern and classic. I like the cloud integration, I like the device management, I just like it. There were some time where I was frustrated with how I used to do something, but learning how a scenario works on this new OS family is interesting.

When I first installed a Windows 8 machine at home, a long time ago (I was working on the Windows Engineering team at the time so very early previews). I had to keep it to myself. But when it was announced I could install an update that exposed the new UI and start talking about it. It took me some time to get efficient but it was still a very cool experience.

I sat my oldest daughter down, she was probably 10 at the time, and I told her to check out my new computer. I walked away and without any instruction she was finding things, she was painting, creating docs, playing games and enjoying herself. No touch screen, just mouse and keyboard and she loved it and found it very intuitive. 

How can some self-proclaimed experts spew nonsense about the OS without any technical backing? How can someone correlate the drop in PC sales with the OS alone and not take into account that computing is changing fundamentally? I read a piece today on Information Week that was not a bad piece. It was 'Windows 8.1 Update 1: 10 key changes'. OK, great, let's see what was important to them. The article began quoting Paul Thurrott and a couple of others on how they hated Windows 8+. 

Now I have been following Windows since the beginning. I was an MCSE in Windows NT 3.5, I was one of the early MCSEs in Windows 2000 and I have been reading Paul and and others for years. Paul built a reputation on being incredibly helpful to those of us who were learning how these systems works. An incredible resource along with his colleagues. At some point it seems like he realized people cared about his opinion and it has been a decline in value since. The quote in the previously mentioned article was "Windows 8 is a disaster in every sense of the word." OK, taken out of context I'm sure but come on, really. Slackware was a disaster. There were so many great things about Windows 8 even for the haters out there from day 1. The willingness for Microsoft to take a pretty aggressive jump forward in the experience by itself is impressive and very, well, non-Microsoft. 'Disaster'? Really? Vista was a disaster. There was some user research regarding Vista that was interesting. Out of the population surveyed for a given study a very high percentage said that Vista was horrible. Out of those who said Vista was horrible a very low percentage had ever personally seen or used a Vista machine. I'm not going to even bother trying to dig that up because even if I did... haters are going to be haters. It is not even worth the argument. 

I was happy to see that the Update, even though it was pandering a bit IMO, has some pretty great changes. Even though the Information Week article started out negative and had a bit of a negative tone, it walks through these 10 changes that are really interesting and make the usability of the system better. Check out that article here. There are a ton of articles going around. Come up with your own opinions. See what you like and what you don't. Don't listen to the haters, and don't be one. Make up your own mind. If you don't like it fine, but justify it with something a bit deeper than it is a disaster.

SMH

PowerShell 006 – WMF v5 and OneGet

Windows Management Framework v5 Preview

WMF V5

Jeffrey Snover posted an announcement of the WMF V5 preview on the Windows Server Blog. The post and a download link to get the new bits is here.

There are a few very interesting pieces here and it is another step in the growth of the framework and PowerShell. I’m personally a little unsure of the reach and extension of the framework into realms ‘unmanaged’ or out of the control of Microsoft. When software vendors provide their modules they take responsibility, with the WFM V5 and especially the OneGet functionality the line is a bit blurred. Who is responsible if OneGet isn’t working? MSFT? Chocolatey? other source providers? At the end of the day, OneGet is pretty cool.

OneGet

From the Windows Server Blog “OneGet is a new way to discover and install software packages from around the Internet. It will simplify the acquisition of all kinds of software and make installation and discovery ‘easy peasy’ as they say.

Much of the OneGet capability is very interesting. I have a few areas that cause me some concern. I’m am willing to be convinced so I’ll spend some time checking it out.  After I setup WMF 5 this morning I used the Get-Command cmdlet to find the OneGet cmdlets. After I found the basics I ran;

PS C:\> Find-Package |Export-csv packages.csv

This first informed me that it needed to retrieve NuGet Package Manager. It then gave me a list of all of the packages available via the provider Chocolatey. There are roughly 1750 packages today (4/4/2014). I wanted to learn more so I decided to check to see if my help files were up to date.

PS C:\> update-help

Uh Oh! update-help throws an error when grabbing help on the ‘OneGet’ and ‘NetworkSwitch’ Modules. Honestly not a great place to start but it is preview! So, learning what parameters are required, mandatory, allow for wildcards etc. may have to wait a bit. Or I can just sit at my computer for hours trying different things!

I did look through my .csv file and found Notepad++ and I decided to set that up.

PS C:\> Install-Package -Name notepadplusplus

After a brief warning about the package not being marked as safe and me ignoring the warning, it downloaded any dependencies and installed the package. Pretty cool if you ask me.

NetworkSwitch

Last year at TechEd I ran into Jeffrey between sessions and had a chance to catch up. Jeffrey is an incredibly accessible guy and so enthusiastic. Just a great person to chat with. I have a few great Jeffrey Snover stories from some projects I had the pleasure of working while at Microsoft, but those are for a different post <G>. During that brief discussion Jeffrey shared with me how one of his visions around Desired State Configuration (DSC) was managing switches, well… here we are! Read through the Windows Server Blog announcement on WMF v5 Preview to learn more about this capability.

PowerShell 005 – Install-ADDSForest

Setting Up a Lab

DCPromo has come a long way in the past 13 + years. Windows Server all up is so incredibly different, more powerful, more intuitive, more manageable. It is simply a great operating system to work with. I have a very specific scenario that I want to talk about here. That is setting up a lab.

There are many ways to do this, and they all have their benefits. I want to start simply. The first machine in the lab, setup as the forest root, your first DC.

The Scenario

This is not simply building a new lab. This is the re-building process that many of us go through every couple of months to get a clear setup to test with. Building the lab manually is a powerful experience especially when you are being introduced to a new OS. In this case I’m running Windows Server 2012 R2. I want to walk through the creation process manually to see if anything noticeable has changed. In this case I have already installed the Active Directory Domain Services Role and now it needs to be configured. This is the DCPromo process we have used for years. The task is initiated from within Server Manager.

After you install the AD DS role you will notice a flag informing you that you now need to ‘promote’ this server to function as a Domain Controller.

Click ‘Promote this server to a domain controller’ and the ‘Deployment Configuration’ Wizard will start.

The purpose of this post is not to walk through the configuration of the domain. In summary you can add a new DC to a domain, add a new domain or create a new forest. I’m going to create a new forest.

After walking through basic configuration, naming your domain, DC options, functional levels, NetBIOS naming, paths to files etc. etc. etc. You will come to a page in the wizard called ‘Review Options’. Along the way there are lots of links to additional information. If you are new to AD or new to Windows Server 2012 R2, take the time to read this information. It will save you time in the future.

Notice the ‘View script’ button in the bottom of the dialog. Hmmm… what could that be?

A simple PowerShell script to configure your first DC. You don’t need to, or want to, run the wizard every time you need to rebuild your lab. Simply save this script as a .ps1 file. Save it in a place that you will keep to use every time you build out a new lab.

I am going to cancel the wizard after I save the script. I want to execute this DC Promotion in PowerShell. I like to use the PowerShell ISE for multiple reasons but when working with scripts you have both the scripting windows right along with the console. Makes things very easy.

You can hit F5 or click the green arrow or get into the ‘Debug’ menu for more options. For the quick and dirty I’m just clicking the green arrow. Provide your SafeModeAdministratorPassword and off it goes.

You may get some messages and warning along the way. PowerShell seems to provide great feedback to help you understand what is going on.

The server will reboot and your DC is setup.

Save the script, store it. You will find many others. I will explore Desired State Configuration (DSC) in the future to really fully leverage PowerShell to manage deployment and configuration of components across your enterprise. I have a long way to go before I’m ready for that! Just getting my feet wet with DSC at this point.

Enjoy!

Group Policy 001: Intro to the GPMC

Tools

There are multiple tools you use when working with Group Policy. The two primary tools have not changed much since Windows Server 2003 R2. The primary reason is they just work great, do what they are supposed to do and focus on key scenarios. This is a quick overview of the Group Policy Management Console or the GPMC, the first of the two primary tools. A follow-up post will explore the editor or the GPME. 

Group Policy Management Console

The Group Policy Management Console or GPMC is the primary tool for managing Group Policy. This is where you create, link, secure, delegate control, report on, monitor status and more. It is a common tool for network administrators and desktop administrators alike and provides for a lot of scenarios. 

GPMC

In the GPMC you will see all domains and sites defined in your forest. Group Policy is primarily a domain specific technology. Keeping your management within a domain makes things easier but being able to apply policy across the enterprise, regardless of which domain a user or computer happens to be in is a very powerful feature.

The tool itself likes to focus its attention on the domain controller that holds the PDC emulator role. Some of us old people actually had to work with actual PDCs. In tools like GPMC if you choose to focus the attention on a different Domain Controller in your enterprise it is an easy change. Simply access the action menu from the Domain you are focused on and choose 'Change Domain Controller..."

Change DC

Create Group Policy Objects

One important aspect to managing Group Policy is where the data is actually stored. This is important because GP is not the most forgiving of technologies. You want to know where you are placing a GPO and who/what it is affecting. There is a container under the Domain node in the GPMC called "Group Policy Objects". This container is where all GPOs are stored if they are 'linked' or not. I like to create my GPOs in this container and manage linking and delegating during my configuration process. To create a GPO;

1. Right click on the "Group Policy Objects" node and select 'New'
2. Give the GPO a Name 
3. Choose to start from scratch or pick a 'Source Starter GPO' (Starter GPOs will have to be another post)
4. Click OK

New GPO

Select the GPO you created in the list under the 'Group Policy Objects' container. The right hand side of the screen will contain the majority of information you need related to this GPO. The 'Scope' tab shows effectively which users and which computers may be affected by this GPO. I say may simply because there are additional caveats to cover in other posts. It will show which OUs the GPO is linked, what security groups will be affected by thsi GPO and even any WMI filters that will more granularly control application of the GPO.

The 'Details' tab shows version information, ownership, versioning and the GUID that references this GPO. This will be very important in other advanced scenarios. 

The 'Settings' tab shows the native Microsoft settings configured in this Group Policy object. The 'Delegation' tab show which users will have access to this GPO for management purposes. 

And the last tab, 'Status' is the newest piece of functionality here and it will show you the replication status of this GPO across other domain controller.

GPO Details

There is a lot more to cover in the GPMC but for this overview that is a good start. Let's look at editing a Group Policy Object in a follow-up post.

PowerShell 004 - Copy-VMFile

Working between Host and Guest Virtual Machines

I'm spending my Saturday watching a Virtual Academy session on Hyper-V. I am becoming a big fan of the Microsoft Virtual Academy (http://www.microsoftvirtualacademy.com). This session however is not great. I'm sticking in there optimistic that it will get better. It feels like I am watching a marketing person try to convince the audience how smart they are. I'm sure they are smart, I just want to learn more about Hyper-V. And I don't want to watch you read off of slides. Last critical piece, I promise! Showing a dialog box and talking about each and every button is not a demo! phew...

While listening in I am building up a new lab from scratch. Starting off with a Windows Server 2012 R2 DC. And as typically happens I forget everything I know about Hyper-V networking. I build a lab, get it setup, working great and then forget it for a few months. When it is time to build a new lab I forget it. It is a bit of a mental block for some reason. 

But this time I actually learned something cool, interesting and helpful. Believe it or not, it is a PowerShell cmdlet! Who would have thunk it?

Hyper-V in Windows 8.1 and Windows Server 2012 R2 is pretty amazing. Having Hyper-V on the client since Windows 8 has single handedly changed how I get things done. Its not always simple, but it is accessible and so much better than it used to be. 

Copy-VMFile

This is quick. I came across this cmdlet while reading a 'What's New in Hyper-V on Server 2012 R2' type article. I came across the Guest Services piece in Integration Services. A blurb from John Savill on windowsitpro.com mentioned a new cmdlet that I had not seen before.

A quick trip through help;

PS C:\psStuff> Get-Help Copy-VMFile -Full

And I found an easy way to move data from my machine to the VM using Guest Services. As you know -Full provides comprehensive help information as well as examples. This cmdlet only had one example but it was enough for me.

PS C:\psStuff> Copy-VMFile dc1 -SourcePath "c:\psstuff\test.txt" -DestinationPath "C:\From Host" -CreateFullPath -fileSource host

Easy peasy, as my daughters say! So if you are using Internal or Private Switches with Hyper-V to keep your test labs isolated and you want an easy way to move files over to those VMs, well there you go!

Enjoy!

PowerShell 003 - Get-ADObject

Get-ADObject

There are many reasons to have to quickly search Active Directory for something specific. There are also scripts, tools, examples, and guidance enough to choke on. It can get a bit overwhelming to wade through all of that stuff. One of the long time Active Directory MVPs created a tool called ADFind which is awesome! You can find it on http://www.joeware.net. You can learn ADSI and VBScripting. You can go to http://technet.microsoft.com and search through ScriptCenter for samples and examples. There is some great stuff to be found. 

Of course, I want to do this in PowerShell, specifically. Even in PowerShell there are multiple ways to go about this. Where to start? where to start? Oh yeah...

Get-Help

How do I find all of the AD commands? Get-Help may be able to help, it usually is.

PS c:\> Get-Help *comman*

Get-Command looks promising. First step is to look at the help content for the Get-Command cmdlet. You already know how to get that (Hint "Get-Help Get-Command -Full").

Of course get started with searching for cmdlets or if you already know where to start just read the help on that cmdlet. You can use the Get-Command cmdlet to begin narrowing down what you are looking for. 

PS C:\> Get-Command -Module *activedi*

Find all the commands that have *activedi* in them. Want to know how many cmdlets are in the ActiveDirectory module?

PS C:\> Get-Command -Module *activedi* |Measure

There are lots, 135 from my list. I just want the 'get' commands. (We'll come back to the 'Measure' switch later)

PS C:\> Get-Command -Module *activedi* -verb Get

There are only 41 of those. A bit easier to look through. Let's take a look at Get-ADObject.

Time to learn.

PS c:\> Get-Help Get-ADObject -Full

There is a lot to read but it is well worth the time. Play around with the parameters. 

Get-ADObject

The scenario that brought this up today was specific to something that we do at Specops Software. With our Self-Service Password Reset product we store the challenge response data securely in Active Directory. It creates a very thin solution that is super efficient. We have a reporting component to the tool that allows admins to look at how many users are enrolled, how many users are you licensed for and general health and well-being of the system. It is great. But what if you can't or don't want that much high-fidelity? What if you just want a quick look at the system. In this case we wanted to quickly look at a domain and find out how many users have enrolled in the Password Reset environment. We want to do this with the Get-ADObject cmdlet in PowerShell.

So, here is another really helpful tip for working with PowerShell. Run the following.

PS c:\> Show-Command Get-ADObject 

This will open a dialog for the Get-ADObject command.

Each tab in the dialog represent a parameter set. these are all the parameters that work together. More on that later but to be clear you can't just choose any parameter or switch to go with any other ones. It is a bit more particular than that.

If a field has an asterick that means it is mandatory so you must fill it in.  

For my example I'm just using the -Filter parameter. Enter your filter into the field in the command dialog box and click run. It will write the PowerShell command to the console and execute it. This is a fantastic way to figure out how to use certain cmdlets and ensure you get their syntax down properly.

My filter looked like this 'name -eq "specops-spp-pwdreset"'. When I clicked run it wrote the following to the console windows.

 PS c:\> Get-ADObject -Filter 'name -eq "Specops-spp-pwdreset"'

It then looked at AD and returned all of the objects it found that met the filter. It wrote all of those objects to the screen. Not what you want I imagine. Now we go back to the 'Measure' switch from earlier. My friend and colleague, Darren shared this one with me. It was new to me and crazy helpful. Simply pipe to the 'Measure' switch and it just returns the number of objects returned by the cmdlet. 

PS c:\> Get-ADObject -Filter 'name -eq "Specops-spp-pwdreset"' |Measure

Great stuff. yet another quick, repeatable solution to a real problem. There are surely other ways to get to this data but this one worked for us!

PSV 001 - Get-EventLog - Video

VLOG Entry 001

Trying to supplement some of my blog content with some videos. These are intended to reinforce the posts. They are as much for me as they are for you! I may occasionally create the video first then a blog post, but most likely you will see a quick post that is followed by a video.

Either way I hope you like them. I'm really enjoyed PowerShell over the years and lately as I dove in to learn at a much deeper level I realized that it is truly an environment that every systems administrator and software company should embrace.

I will learn along the way, make blunders, do stupid things but all along I will be learning. I will be introducing Specops specific scenarios and solutions as I get to them. But there is a lot of basic PowerShell information to share up front.

Here you go, enjoy the video.

PowerShell 002 - Test-Connection

Another common day-in-the-life type post. We have all been there. If we are systems engineers, developers, hobbyists, tinkers or the like we find ourselves troubleshooting network issues. And the first thing we do? Anyone? PING. Right? We all head to PING or IPConfig or some basic tool and we ‘PING’ something to begin figuring out why we can’t connect or why our connection is wonky. Yes ‘wonky’ is a real word and completely acceptable.

OK, but wait. PING? Isn’t that a command my Grandfather taught me? That is so old school. I’m modern, cool, wicked smaht (as we say in Boston), there has to be something better than PING. PathPing, Tracert etc. etc. not bad, interesting command line tools but still old-school. I want PowerShell, how can I do this in PowerShell?

Get-Help

I may try to use this as a bit of a theme. Introduce a little bit about the PowerShell help system in every post. It is so very cool and well worth the time. ‘Teach a man to fish’ and all that!

So the goal here is to navigate through and look at issue with your network connection. Open up the PowerShell ISE or Console, your choice (choose ISE) and enter;

PS C:\> get-help network

Hit Enter and you will get a list of far too many options. OK, time to narrow down. How about

;

PS C:\> get-help connection

Still too many results. VPNClient stuff, SMBShare stuff, Hyper-V, lots of interesting things but not what I want. Wait, I can use wildcards can’t I! Wildcards are your savior when trying to figure out things in PowerShell. Enter this;

PS C:\> get-help *connect*

The list is still too long but take a look at some of the info in the ‘synopsis’ column. A quick scan and you will see  “…ICMP echo… blah blah” that sounds an awful lot like PING. Let’s check it out. The cmdlet is called Test-Connection. Now go to the source, type the following and read through the output.

PS C:\> Get-Help Test-Connection -Full

Take a look at the –ComputerName parameter. The syntax of the parameter looks like this

-ComputerName <String[]>

The square brackets after String tell you that you can have multiple inputs, separated by a comma so this will work great!

PS C:\> Test-Connection -ComputerName srv1, file01

Test-Connection

One benefit to this cmdlet over PING is that it is machine independent. It can easily work with multiple machines at a time and provide heuristics about connections between two remote hosts. From the Help file you can see all of the available parameters, and since you used the –Full switch some practical examples of how to use the cmdlet are shown at the bottom.

Let’s keep this introduction to Test-Connection simple. We will only cover a few of the parameters, -ComputerName, -Count and –Source.

-ComputerName

This is a positional parameter and it is required. This means you must state what host you wish to test with (I almost said PING <g>), but if you place the computer name immediately after Test-Connection you do not need to specify the parameter name. For a best practice leave it in there. It makes reading PS info much easier later as you begin sharing with colleagues, friends, family and whoever is still listening to you J. These two statements are the same…

PS C:\> Test-Connection -ComputerName srv1

PS C:\> Test-Connection srv1

If you need to test the connection to multiple machines at a time simply separate the machines names with a comma.

PS C:\> Test-Connection -ComputerName srv1, file01 

-Count

This switch simply tells the cmdlet how many echo requests to send. Similar to PING it defaults to 4 but if you are looking at a connection and need to keep it going as you do something you can crank this up.

PS C:\> Test-Connection -ComputerName srv1 -Count 10

-Source

This one IMO is very powerful. This allows you to sit at your computer and very simply test a connection between two remote systems. Imagine you are troubleshooting an n tiered app and some performance issues. You can use this to quickly determine ICMP issues or network latency issues between any two nodes in your application design. Quickly finding where a slowness is occurring can help you narrow down where to dig deeper.

PS C:\> Test-Connection -ComputerName srv1, file01 -Count 5 -Source dc1

This cmdlet with PING srv1 and file01 5 times from dc1.

Source Destination IPV4Address    IPV6Address Bytes Time(ms)

------ ----------- -----------    ----------- ----- --------

DC1    file01      192.168.137.1              32    0      

DC1    srv1        192.168.137.11             32    0      

DC1    file01      192.168.137.1              32    0      

DC1    srv1        192.168.137.11             32    0      

DC1    file01      192.168.137.1              32    0      

DC1    srv1        192.168.137.11             32    0      

Look deeper into the help files. If you are into WMI and building really powerful scripts and automation, this cmdlet returns a WMI object called Win32_PingStatus object that you can use for some amazing things.

As always, Enjoy!

PowerShell 001 - My Favorite cmdlet (Today)

OK, maybe not my favorite, and maybe I need to get out more but the more I learn about PowerShell the more excited I get. It is actually fun, not kidding, it is reminiscent of that feeling I had 30 years ago troubleshooting my first BBS or first code. And also, right now at this moment, I have two favorites. These are subject to change!

Get-Help

After listening to Jeffrey Snover –Microsoft Distinguished Engineer and God Father of PowerShell, Don Jones, author or ‘PowerShell in a Month of Lunches’, and other PowerShell MVPs the most important aspect of PowerShell is the help system and you need to learn how to use it. In using the help system and simply playing around, you will easily figure out how to perform tasks simply and more efficiently. So… learn the help system.

Here is a good start. Open the PowerShell Console ‘as administrator’. Important. Run the PowerShell Apps (Console or ISE) as Administrator to get the most bang for your buck. Run the following command

PS c:\ Update-help

The system begins with no help information. You have to update the help system to get started.

Next choose a command you want to work with. As a segue into the next cmdlet we'll use Get-EventLog. Try the following.

PS c:\ Get-Help Get-EventLog –Full

Make sure to use the –Full switch as it will ensure all of the interesting info is present. Look around, learn the cmdlet, play a bit and see what you find.

What I find, is how to solve my problem of the moment, how to troubleshoot issues related to deployment, or pretty much anything else my imagination can come up with.

Get-EventLog

By using the Help system you will begin to better understand PS syntax, positional parameters, mandatory parameters, what can be piped into other cmdlets, what can’t and lots more. When learning the Get-EventLog cmdlet and playing around I began thinking of one of the most basic troubleshooting tasks we perform typically manually.

How often, when troubleshooting do we open the event viewer to look for issues and hints to what is happening? Often, very often. Then you switch to another machine and look at the event logs over there, in event viewer. Next you go back to the first machine because you can’t remember what you read in the first place… fun times! No more. I’ll share these parameters one at a time so show how powerful this actually is.

-LogName

PS c:\ Get-EventLog –LogName <string>

The –LogName parameter is what is called positional and mandatory, and it takes a string. The string is the name of the Windows Log. You don’t even have to use –LogName as long as you explicitly call out the name of the actual log you are looking for so in this example I could have written;

PS c:\ Get-EventLog Application

I’m going to leave the –LogName parameter in my examples to make sure they are as explicit as possible.

-ComputerName

Pretty self-explanatory. This allows you to explicitly call out the name of the machine(s) you want to query for their event logs.

PS c:\ Get-EventLog –LogName Application –ComputerName srv1

Now my command will reach across the wire to a machine called srv1 and grab the contents of the Application log! Awesome!

-Newest

OK, so no one wants to grab the entire contents of the windows log and output that to a screen. It is way too noisy. The –Newest parameter allows you to specific how many of the most recent events you want to grab.

PS c:\ Get-EventLog –LogName Application –ComputerName srv1 –Newest 20

I know, the line is getting longer but look how intuitive this is. Amazing.

-Source

Source essentially specifies where the events actually come from. So in my environment I want to see if anything interesting is happening wrt Specops Product. Srv1 is my Specops Deploy Server in this case.

PS c:\ Get-EventLog –LogName Application –ComputerName srv1 –Newest 20 –Source *Spec*Depl*

Did I forget to tell you the –Source parameter (and –Message and others) take Wildcards? What? That is amazing! Why yes it is. So when I run this command I don’t leave my desk, I grab all pertinent events from remote system on the fly to help troubleshoot and get to know my environment. That above command may wrap by the way… but you get it.

Here is the console output.

Console Output Get-EventLog

Play around with this. Use Get-Help, learn the syntax. It is fun and has a huge impact on how much time you spend on repetitive tasks. And it is so much more intuitive than VBScript or Kix or any other attempt at providing a shell or automation to Windows. There is so much more you can do, pipe results to a file or a web page!, run against multiple machines at a time, format the output, only output errors, or warnings, endless possibilities.

Enjoy Playing!