Archive for April, 2009

AD PowerPack now compatible with cmdlets 1.2

If you upgraded to AD cmdlets 1.2 and noticed that some links and actions in PowerGUI’s Active Directory and Network PowerPacks stopped working.

Now there are fixes available for both of the packs: just download and re-import them and you will get all the functionality back.

For those interested, the issue was related to AD cmdlets 1.2 losing Connection property in all their objects. This property was extensively used by our PowerPacks to provide for simultaneous work against multiple directories (e.g. test and production, AD and ADAM, or just multiple domains or forests).

AD cmdlets team is by the way working on a 1.2.1 patch release which would get the property back, but we thought we would provide a fix on PowerGUI side too.

As a free bonus AD PowerPack has a few other nice features:

  • Moved “Managed Domains” from the Network PowerPack to this PowerPack
  • Added top level Configuration node to allow you to set global settings that define what domain to connect to, what account to use, what properties to retrieve by default for each object type, what page size to use, what size limit to use and whether or not to perform searches across the entire forest or only the domain you connect to
  • Added several child nodes to provide fast access to common objects that users want to retrieve, including Locked Users, Disabled Users, Expired Users, Security Groups, Distribution Lists, Domain Controllers, and Exchange Servers
  • Fixed Empty Groups node such that it only returns truly empty groups (those which have no members and that aren’t set as primary group for any user or computer)
  • Added Unlock user action (this was overlooked in early releases)
  • Added Search… node to allow users to search their current Active Directory domain or the entire forest to which it belongs for objects by type and/or name

Here are the links to read more and download the updated Active Directory and Network PowerPacks.

Twitter PowerPack

Twitter and PowerShell are awesome together.

We kind of knew that for a long time and there are multiple PowerShell script libraries out there, but Jonathan Medd has taken it to the next level by creating a great PowerGUI-based UI for Twitter entirely on PowerShell. The PowerPack has everything: from locating new friends and subscribing to them (including integration with the PowerShell and VMware tweeters lists!), to actually reading and posting tweets.

Read more about the PowerPack in Jonathan’s blog.

Download the PowerPack here.

Free virtualization Visio stencil

Need to create cool-looking Visio diagrams for your virtual, VMware, Hyper-V, etc. infrastructure? You can actually get one for free!

The folks at VESI (Virtualization EcoShell Initiative) have shared the stencil they are using for Visio reporting (the same stencil is also used in PowerGUI’s VMware PowerPack). Just go to the VESI downloads page, scroll to the bottom of the page and download the stencil!

Tags: , , , , , , ,

PowerShell script to select email recipients

Here’s a real-life problem I had earlier this week. I had to set up a meeting which would have all key people from our St. Petersburg office. Now… How would Outlook know who “key people” are? PowerShell helped me figure that out with a quick one-liner!

We have a couple of local DLs which I could use (let’s call them “SPb Project Managers” and “SPb Program Managers”) but I was worried that these might not have dev architects who I also wanted to have. Turns out, we at Quest have another DL (let’s call it “Architects” – which has the folks I need but… spawns all Quest offices worldwide).

So looks like I had to invite “SPb Project Managers” and “SPb Program Managers” DLs, and everyone who is in the “Architects” one but only from St. Petersburg and outside the two other DLs. Turns out that new group membership AD cmdlets make this a piece of cake:

Get-QADUser -City 'Saint Petersburg' `
    -MemberOf 'Architects' `
    -NotIndirectMemberOf 'SPb Project Managers', 'SPb Program Managers'

Now I just need to turn this user list into a single string of names separated by semicolons (so I can copy/paste it into Outlook). This means I need to take only Name properties from the values and then join them with a separator.

In PowerShell v1 this can be done with [string]::join(), in v2 using the new -join operator.

So here’s the final PowerShell v1 code:

[string]::join( "; ", (Get-QADUser -City 'Saint Petersburg' `
    -MemberOf 'Architects' `
    -NotIndirectMemberOf 'SPb Project Managers', 'SPb Program Managers' |
    ForEach-Object { $_.Name }))

And here’s the one for v2:

(Get-QADUser -City 'Saint Petersburg' `
    -MemberOf 'Architects' `
    -NotIndirectMemberOf 'SPb Project Managers', 'SPb Program Managers' |
    ForEach-Object { $_.Name }) -join "; "

Now, if only I could type PowerShell right inside the Outlook To field… One day it will hopefully get that pervasive. 😉

Tags: , , , , , , ,

Video: Create PowerGUI distribution point

Suppose you have already customized the PowerGUI admin console for specific delegated admin role in your organization (e.g. AD helpdesk), rebranded and locked-down the console, the final step you probably want to have is actually pushing this customized tool to all helpdesk people in your company.

Fear not, PowerGUI 1.7 makes this very easy. Here’s the wiki page explaining centralized PowerGUI console distribution, and below is a video quick tip which Darin shot on this exact topic:

Tags: , , ,

Interview with AD cmdlets product manager

Guys from PowerScripting Podcast have just published the episode they did with Bob Bobel – Quest’s Product Manager for AD cmdlets, ActiveRoles Server and a few other products.

Bob managed to see the potential behind the idea of PowerShell-enabling his commercial products and releasing free AD cmdlets to the community back in 2006 (which seems a loooong time ago!) – so in a sense myself and others were having a lot of fun at his expense. 😉

  • Does PowerShell make any money for Quest?
  • Will AD cmdlets go on once Microsoft ships their cmdlets in Windows Server 2008 R2?
  • How many developers are working on AD cmdlets?

Learn that and much more from this podcast.

Tags: , , , , , , , ,

Video: Rebranding PowerGUI

Just noticed another Darin’s “Quick Tip” – this time on changing PowerGUI console’s welcome page:

This functionality comes handy if are in artistic mood or creating a custom console for other administrators in your office.

See also my previous blog posts on changing the PowerGUI welcome screen to a custom page and on resetting it to default.

YouTube has a bunch of other PowerGUI quick tips by Darin as well.

Tags: , , ,

So who did we hire last month?

CreatedOn, CreatedAfter, and CreatedBefore parameters added in 1.2 to all Get-QAD* cmdlets are another new feature I would like to spotlight in my blog.

These can accept DateTime values or just strings which PowerShell can convert to such (automated type conversion in PowerShell is pretty cool.)

# Let's see all the new user accounts created since the 1st of the month
Get-QADUser -CreatedAfter "April 1, 2009"

# Can narrow it down to specific OU to exclude service accounts
Get-QADUser -CreatedAfter "April 1, 2009" -SearchRoot mydomain.local/employees

# Same thing for groups, computers, OUs, or any AD objects
Get-QADComputer -CreatedAfter "April 1, 2009"
Get-QADGroup -CreatedAfter "April 1, 2009"

# Did we hire anyone today?
Get-QADUser -CreatedOn "April 17, 2009"

# Let's if we have anyone who is with the company for more than 10 years ;)
Get-QADUser -CreatedBefore (Get-Date).AddYears(-10) -SearchRoot d.local/emp -Enabled 

# Let's count how many employees we were hiring monthly
for ($d = Get-Date "January 1, 2008"; $d -le (Get-Date); $d = $d.AddMonths(1)) {
  "$($d.ToShortDateString()) to $($d.AddMonths(1).ToShortDateString()):"
  (Get-QADUser -CreatedAfter $d -CreatedBefore $d.AddMonths(1)).Count

And you can use other parameters to get the data by department, city, title, and so on!

Now go to your HR and ask them if they can provide data like that so quickly. 😉

Tags: , , , , , ,

Improved Find

PowerGUI Script Edit 1.7.1 has a few little improvements making editing and debugging scripts easier – one of my favorites is improved text search.

First of all, the Find (Ctrl-F) dialog box is no longer modal. Which means that you can access your script code, edit it, copy/paste and so on with the search dialog box on.

Even better, you can now search for anything without the dialog box open at all. F3 will find the next occurrence of whichever text you searched last time, and Shift-F3 for the previous occurrence.

Ctrl-F3 lets you find the next occurrence of the text currently selected in the editor (and Shift-Ctrl-F3 will do the same for the previous occurrence.)

All of these operations can be assigned different hotkeys using the Tools / Customize dialog box. The same dialog box also lets you put them on the editor toolbar.

I hope this makes editing and debugging your PowerShell scripts an even better experience!

Tags: ,

New group membership cmdlets

One of the most exciting set of features in our AD cmdlets 1.2 is the one related to various group membership operations. (See full what’s new in AD cmdlets 1.2 by the way.)

This includes both the new Get-QADMemberOf cmdlet, and a few membership-related parameters in other cmdlets. Let me give you a few examples of how they work.

Get-QADMemberOf cmdlet lets you find groups to which a particular object (user, group, computer) belongs. For example:

# Find all my direct group membership
Get-QADMemberOf 'Dmitry Sotnikov'

# Find all groups including indirect membership
Get-QADMemberOf 'Dmitry Sotnikov' -Indirect

# Count my groups
(Get-QADMemberOf 'Dmitry Sotnikov').Count

# Change my groups
Get-QADMemberOf 'Dmitry Sotnikov' -Indirect |
  Set-QADGroup -Description 'Dmitry was here'

MemberOf, IndirectMemberOf, NotMemberOf, NotIndirectMemberOf parameters of Get-QADComputer, Get-QADGroup, Get-QADObject, and Get-QADUser

# Find all users in London from Managers groups
Get-QADUser -City 'London' -IndirectMemberOf 'Managers'

# Find all users in an OU who do not belong to a specific group
Get-QADUser -SearchRoot 'mydomain.local/users/berlin' -NotMemberOf 'ToBeMigrated'

# And so on...

And, finally:

ContainsMember, ContainsIndirectMember, NotContainsMember, NotContainsIndirectMember parameters for Get-QADGroup

# Find all groups to which I do not belong and add me to them
Get-QADGroup -NotContainsIndirectMember 'Dmitry Sotnikov' |
  Add-QADGroupMember -Member 'Dmitry Sotnikov'

# Find all groups which contain myself but not Andrei
Get-QADGroup -ContainsMember 'Dmitry Sotnikov' -NotContainsMember 'Andrei Polevoi'

I am sure there are a lot of other interesting scenarios which these new features open. Find them and blog them! 🙂

Tags: , , , , , ,

My Recent Tweets


The posts on this blog are provided “as is” with no warranties and confer no rights. The opinions expressed on this site are mine and mine alone, and do not necessarily represent those of my employer - WSO2 or anyone else for that matter. All trademarks acknowledged.

© 2007-2014 Dmitry Sotnikov

April 2009

%d bloggers like this: