Download Links for PowerGUI and QAD cmdlets

With Dell’s acquisition of Quest and all the IT reorganization that followed, it is actually not that easy to find these two popular free PowerShell tools any longer. So here are the links that work today (January 30, 2015):

PowerGUI

The download is freely available from Dell’s PowerGUI community.

The community itself also got moved from http://powergui.org to http://en.community.dell.com/techcenter/powergui.

Dell Software is still maintaining the product – as I am writing this the latest version is 3.8 released in April 2014.

UPDATE: Looks like Dell took the community site down but direct download link http://community-downloads.quest.com/powergui/Release/3.8/PowerGUI.3.8.0.129.msi still works.

Quest / QAD cmdlets

This one is a little more tricky to find: https://software.dell.com/register/71110

If this link for some reason changes, all Dell’s freeware and trial links can be found in this catalog: http://software.dell.com/trials/

UPDATE: Looks like this got hidden even further. Not sure where it can be found now. This site seems to have copied and made them available for download though: http://www.powershelladmin.com/wiki/Quest_ActiveRoles_Management_Shell_Download

Happy PowerShelling!

Advertisement

Freeing up memory in PowerShell using garbage collector

Just got this great tip from Lars on how he reduces memory consumption in his AD PowerShell scripts with a simple garbage collection call (basically explicitly telling .NET behind PowerShell to recycle the objects no longer in use):

Using Quest AD tools I often run in to memory consumption problems. I thought it was a question of memoryleaks, but its not, its the Garbage collection that doesn’t get collection until its to late.
So i’m using this when I use Quests AD Management Cmdlets in PowerShell, where $i is a simple counter

if (($i % 200) -eq 0)
{
[System.GC]::Collect()
}

Hope that helps!

PowerGUI and AD cmdlets usergroup at Deep Dive?

If you are planning to attend European TEC 2011 PowerShell Deep Dive in Frankfurt October 17-18 2011, I have a question for you: would you like to stay half a day longer and have a usergroup for PowerGUI and QAD cmdlets in the morning of Oct 19th -or in the afternoon of Sunday, Oct 16th?

We could discuss the features and roadmap, share our experience with the tools, and so on.

Let me know if you are interested – if there’s enough people wanting to do that I can work with the organizers to get us the room, etc.

Group Membership Unions and Intersections

A friend of mine recently asked for one-liners for Active Directory group membership union and intersection.

These are the one-liners which I sent him:

Group Union – users present in either of the groups (he needed a list of DNs of direct members of two groups):

(Get-QADGroupMember GroupA –Type user) + (Get-QADGroupMember GroupB –Type user) | 
 Select-ExpandProperty DN | 
 Sort | Select-Unique

Group Intersection – users present in both groups at the same time:

Compare-Object (Get-QADGroupMember GroupA –Type user) `
 (Get-QADGroupMember GroupB –Type user) `
 -ExcludeDifferent -IncludeEqual | Select-ExpandProperty InputObject

You can obviously tweak them to add indirect users (with -indirect parameter) or enabled only (-enabled), etc. – see Get-QADGroupMember help for all options.

I am pretty sure that there are multiple ways to skin these cats – so if you have better alternatives – please post these in the comments.

Show your support: Vote for AD cmdlets, PowerShell, and PowerGUI

If Get-QADUser (or any other QAD cmdlet) or PowerGUI ever saved your day – now is a good time to show your love and spread the news. 🙂

Windows IT Pro magazine put us in their community award finals. So if you want to show your support:

1. Simply go to the award voting page,

2. For the first nomination, Best Active Directory & Group Policy Product, pick Quest Software ActiveRoles Management Shell for Active Directory (who would have thought that the official name was so long):

3. And obviously leave them a note in the Give us a killer quote about your winner! box.

4. Also, believe it or not 17. Best Microsoft Product has PowerShell as one of the options.

5. 21. Best Scripting Tool has Quest Software PowerGUI:

6. And obviously feel free to either ignore all other categories or cast your vote there as well.

Cast your vote now – before the contest is over.

Clean up expired certificates from AD

Security MVP Vadims Podans just did a great post on using PowerShell to remove expired user certificates from Active Directory.

In a nutshell,

• If your company is using certificates for user authentication or encryption, these expire every now and then,
• Your Enterprise CA in that case appends new certificates to users’ userCertificate attribute, while leaving expired certs there as well,
• Over time these increasingly clutter your AD, making administration more difficult and negatively affecting AD replication traffic.

Luckily, cleaning up expired certificates with PowerShell is extremely easy.

To do the clean-up for a specific user you can run this one-liner:

Get-QADUser username | Remove-QADCertificate -Valid:$false

To clean-up the entire domain, just do:

Get-QADUser | Remove-QADCertificate -Valid:$false

See Vadim’s original post for details.

Read more about PKI management with PowerShell here.

Find everyone rolling up to me

Yesterday someone asked me to help create a distribution list for everyone reporting to a particular manager (directly or indirectly). Needless to say, that PowerShell makes getting a list of such user accounts a piece of cake!

Here’s the quick script (using AD cmdlets) which I emailed back:

function Get-QADIndirectReport {
param ($Identity)
  # Find all direct reports
  Get-QADUser -Manager $Identity | ForEach-Object {
      # Output direct report
    $_ 
    # Then recursively call this function for all
    # reports of this report
    Get-QADIndirectReport -Identity $_
  }

}

# usage example
Get-QADIndirectReport 'Dmitry Sotnikov'

Basically, AD cmdlets natively can retrieve all direct reports, and I have created a function which keeps going deeper level-by-level getting everyone reporting indirectly as well.

You can then take this a few steps further. For example, say, you want to get a list of users you could then just copy/paste into Outlook. Simply select the Email property from the user objects and ask PowerShell to put semicolon between the addresses:

# get a list of addresses for an email message
(Get-QADIndirectReport 'Dmitry Sotnikov' | 
  Select-Object -ExpandProperty Email) -join '; '

Or you could indeed use the list to populate a group:

# add everyone to a group
Get-QADIndirectReport 'Dmitry Sotnikov' |
  Add-QADGroupMember DmitrysReports

Or you could further restrict the list by City, Department and so on by simply tweaking Get-QADUser parameters in the code above. PowerShell is super-flexible!

Loose or exact matching in AD cmdlets

Do you know what is the difference between Get-QADComputer A2101 and Get-QADComputer -Name A2101?

When we were designing Quest AD cmdlets we did our best to be as forgiving as possible. So for example you can just do Get-QADUser and get the first 1000 user objects (or whatever is the default number you set) retrieved. Or you can just do a Get-QADUser Dmitry and get all the Dmitry’s you have in your organizations (if you have any :))

In most cases, this forgiving nature is what you are in the command-line interactively managing your Active Directory. If you have ever tried using some other snapins/modules from other vendors who went a different route – you should have noticed how much difference this makes.

However, sometimes you do want to be explicit and just get the exact object you want and not just whatever matches. In this forum thread Jason was trying to update a set of computer records based on a CSV file he was importing.

Unfortunately for him, some of computer names in his environment include other names. E.g. he not only has a computer called ‘A2101’, but also ‘A21012’ and ‘A21013’.

Which means that Get-QADComputer A2101 returns all three of those:
a2101
a21012
a21013

Jason obviously did not need the other two computers and explicitly wanted to update just the one which matches exaqctly.

Luckily the workaround is very simple. If you know what you need – be explicit when you are asking for it. For example, if the you are identifying the computer by its Name – just tell us so and if no wildcards are used we will only retrieve the exact match:

Get-QADComputer -Name A2101 only returns one computer record with Name being A2101.

Happy scripting!

Video: Sean Kearney – The Most Energized PowerShell MVP

At the MVP Summit this year I could not help recording this quick chat with the one and only ye110wbeard, a.k.a The Energized Tech, a.k.a. PowerShell MVP from Canada – Sean Kearney:

We talk about PowerShell (surprise! :)) and what he likes the most about it:

• Simplicity to get a lot of things in one command,
• Ease of Active Directory management (Unlock-QADUser is his favorite cmdlet),
• Ability to connect to web services from PowerShell scripts,
• PowerShell on his BlackBerry smartphone (via PowerGUI MobileShell), and
• Ways to get started with PowerShell.

For even more Sean’s videos visit his own video channel here.

Most other PowerShell MVPs make guest appearances in the background. As a bonus entertainment feature: see how many of them you can count! 😉

PowerGUI Editor 2.4 and AD cmdlets 1.4 compatibility issue

[UPDATE] This issue has been fixed in AD cmdlets 1.5.1 – please download the latest version of AD cmdlets here.

We have found a compatibility issue between PowerGUI Script Editor 2.4 and AD cmdlets 1.4 (these are the current versions at the time I am writing this post.)

SYMPTOMS

You execute a script which is using QAD cmdlets. The first time the script executes fine. However when you try to execute it again, the script fails with the “Object reference not set to an instance of an object.” error.

ISSUE

The issue is related to the way QAD cmdlets are handling initialization and unloading of the snapin.

SOLUTION

Set PowerGUI Script Editor to not reset PowerShell runspaces between the debug sessions:
1. Go to Tools / Options / Debug Options,
2. Select the Run all scripts in the same runspace option.
3. Restart PowerGUI Script Editor.

We are sorry for the inconvenience and are working on fixing the issue in the next releases.