### -----------------------------------------------------------------
### Written by Matt Brown
###
### Description: This Grabs a list of all the Domain Controllers and tries to connect to them via SSL over Port 636
###
### -----------------------------------------------------------------
$DCList = @(
"dc1.domain.com",
"dc2.domain.com",
"dc3.domain.com",
"dc4.domain.com",
"domain.com"
)
$DCList | foreach {
$DC = $_
$LDAPS = [ADSI]"LDAP://$($DC):636"
try {
$Connection = [adsi]($LDAPS)
} Catch {
}
if ($Connection.Path) {
Write-Host "Active Directory server correctly configured for SSL, test connection to $($LDAPS.Path) completed." -foregroundcolor Green
} else {
Write-Host "Active Directory server not configured for SSL, test connection to LDAP://$($DC):636 did not work." -ForegroundColor Yellow
}
}
Wednesday, November 12, 2014
Powershell: Test Domain Controller Certificates
When replacing Domain Controller certificates for Active Directory with a valid 3rd party certificate I use this script to quickly test my domain and all my domain controllers directly to make sure they are serving out the certificate.
Monday, November 10, 2014
PowerShell: Add Computer to Domain directly to OU
Here's a PowerShell script to add computers to the Domain to a specific OU (Organizational Unit) and allows you to select the OU Location. I did not use the AD modules as they are not pre-installed on most desktops, even though it would of been much easier to write with them.
### -----------------------------------------------------------------
### Written by Matt Brown
### - http://universitytechnology.blogspot.com/
### PowerShell script to search OU Structure and add computer to domain
###
### -----------------------------------------------------------------
Param(
$user = $(Get-Credential -Credential "domain\user"), # Prompts user for credentials
$filter = "(objectClass=organizationalUnit)", # Do not change
$ouLocatoin = "LDAP://OU=Departments,DC=domain,DC=com", # Starting Organizational Unit
$mydomain = "domain.com", # FQDN of Domain
$whatif = "-WhatIf" # change to "" to actually run
)
#--------------------------------------------------------------------
Function GetSecurePass ($SecurePassword) {
$Ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($SecurePassword)
$password = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($Ptr)
[System.Runtime.InteropServices.Marshal]::ZeroFreeCoTaskMemUnicode($Ptr)
$password
}
#--------------------------------------------------------------------
Function AddTabs($mystring,[int]$numtabs=5) {
for([int]$len = (([string]$mystring).length / 8.9); $len -lt $numtabs; $len++) { $mystring += "`t" }
return $mystring
}
#--------------------------------------------------------------------
Function SelectOU($dn,$up) {
Clear-Host
Write-Host "### -----------------------------------------------------------------" -ForegroundColor Green
Write-Host "### Select OU and Add Computer to Domain " -ForegroundColor Green
Write-Host "### Written by Matt Brown " -ForegroundColor Green
Write-Host "### - http://universitytechnology.blogspot.com/ " -ForegroundColor Green
Write-Host "### PowerShell v.2 (Windows 7 / Server 2008 R2) " -ForegroundColor Green
Write-Host "### -----------------------------------------------------------------" -ForegroundColor Green
Write-Host "`nThe Number in the Select column adds the computer to the OU, where the List column will list Sub-OU's of the OU." -ForegroundColor Green
Write-Host $dn
Write-Host $up
Write-Host "`n"
Write-Host ("List Of " + (([string]$dn).split("/"))[2]) -ForegroundColor Yellow
Write-Host " Select List`tOU"
Write-Host " ----------------------------------------------------"
Write-Host " 0`t L0 <- Up a Level"
#$ou = Get-ADOrganizationalUnit -SearchBase $dn -SearchScope OneLevel -Filter 'Name -like "*"'
$auth = [System.DirectoryServices.AuthenticationTypes]::FastBind
$de = New-Object System.DirectoryServices.DirectoryEntry($dn,$user.UserName,(GetSecurePass $user.Password),$auth)
$ds = New-Object system.DirectoryServices.DirectorySearcher($de,$filter)
$ds.SearchScope = "OneLevel"
$ou=($ds.Findall()) | Sort-Object -Property Name
$sel = $null
$selectList = @("0","L0","C")
for($x=1; $ou.count -ge $x; $x++) {
# output line, decide if it needs to be in yellow or white
$selectList += $x
$selectList += ("L"+$x)
$outname = (AddTabs ($ou[$x-1].Properties['name']))
$lineout = (" " + $x + "`t " + ("L"+$x) + "`t" + $outname)
if($x % 2 -eq 0) {
Write-Host $lineout -BackgroundColor White -ForegroundColor Black
} else {
Write-Host $lineout -BackgroundColor Gray -ForegroundColor Black
}
}
Write-Host " C`t C -- Cancel & Exit"
Write-Host "`n"
while($selectList -notcontains $sel) {
$sel = Read-Host " Select OU or List Sub-OUs"
}
## Figure out what the user selected
if ( $sel[0] -eq "L") {
## Users Selected List Mode
$y = ($sel.split("Ll")[1])
if([int]$y -eq 0) {
$newup = ("LDAP://" + ($up -replace (($up -split ",")[0] + ",")))
SelectOU $up $newup
} else {
SelectOU $ou[$y-1].Properties['adspath'] $dn
}
} elseif ($sel -eq "c") {
## User Selected Cancel
return $false
} else {
## User Selected the OU
if([int]$sel -eq 0) {
return ([string]$dn).split("//")[2]
} elseif([int]$sel -le [int]$ou.count) {
return $ou[$sel-1].Properties['distinguishedname']
} else {
SelectOU $dn $up
}
}
}
#--------------------------------------------------------------------
#--------------------------------------------------------------------
## Main
#--------------------------------------------------------------------
## Select / View OU
while($ou = (SelectOU $ouLocatoin $ouLocatoin)) {
## Add to Domain
Write-Host (" Will add computer (" + $env:computername + ") to:") -ForegroundColor Yellow
Write-Host (" " + $ou + "`n") -ForegroundColor Green
$continue = Read-Host " Continue (y | n)"
if($continue -eq "y") {
## Now Add the Computer to the Domain
add-computer -domainname $mydomain -OUPath $ou -Credential $user $whatif
break
}
}
Friday, November 7, 2014
Powershell: Test VMWare Host Networks
Here's a handy script I use to verify networks on my VMWare Clusters. This script takes a test VM and changes the Network and IP Address from a list, then does a simple ping from the VM on each host to let you know your networks are working correctly before moving Production Machines to it. The need for this spawned from a missing "allowed vLan id" not being configured across the ether channel ports on one of the hosts.
### -----------------------------------------------------------------
### Written by Matt Brown
###
### Description: Test VMWare Host Networks
###
### Requires:
### VMWare Snapin
### Test VM with a Local Admin Account, may need to turn UAC Off
### CSV File with Network Info
###
### Sample CSV File:
### Name,VLanId,ip,netmask,gateway
### VM-Subnet01,21,192.168.3.5,255.255.255.0,192.168.3.1
### VM-Subnet02,22,192.168.4.5,255.255.255.0,192.168.3.5
### -----------------------------------------------------------------
## Load VMWare Snapin
if(-not (Get-PSSnapin | where { $_.Name -match 'VMware.VimAutomation.Core' })) {
Add-PSsnapin VMware.VimAutomation.Core
}
## Vars to Configure
$vCenterServer = "VC.domain.com"
$clusterToTest = "ProductionCluster"
$TestMachine = "TestVM"
$vmnicname = "Local Area Connection"
$NetworkListFile = "VMNetworkTestList.csv"
function TestNetwork($currenthost,$newhost,$vm,$gateway,$guestCred) {
if($currenthost -notmatch $newhost) {
Write-Host ("Moving $TestMachine to " + $_.Name) -ForegroundColor Cyan
$VM | Move-VM -Destination $_.Name | Out-Null
}
$script = ("ping " + $gateway)
Write-Host $script -ForegroundColor Yellow
$pingtest = Invoke-VMScript -VM $vm -ScriptText $script -scriptType bat -Credential $guestCred
if($pingtest.ScriptOutput -match "(0% loss)") { Write-Host "Test Success" -ForegroundColor Green } else { $pingtest.ScriptOutput }
#$continue = Read-Host "Hit Enter to Test on Next Host."
return $newhost
}
## Connect to vCenter and grab information
Connect-VIServer -Server $vCenterServer -credential (Get-Credential -Message ("vCenter Account"))
$hosts = Get-VMHost -Location $clusterToTest | select Name
$VM = get-vm -name $TestMachine
$currenthost = $vm.VMHost.Name
$guestCred = Get-Credential -UserName ($TestMachine + "\") -Message "Local Admin Account"
$NetworksToTest = Import-Csv $NetworkListFile
$NetworksToTest | foreach {
$NetworkName = $_.Name
$IP = $_.ip
$gateway = $_.gateway
$netmask = $_.netmask
Write-Host "Changing Network on $TestMachine to $NetworkName" -ForegroundColor Cyan
Get-NetworkAdapter -VM $vm | Set-NetworkAdapter -NetworkName $NetworkName -Confirm:$false | Out-Null
#$continue = Read-Host "Hit Enter to Set the IP Address."
Write-Host "Changing IP Address on $TestMachine to $IP" -ForegroundColor Cyan
$VM | Get-VMGuestNetworkInterface -GuestCredential $guestCred | Where-Object { $_.Name -eq $vmnicname } | Set-VMGuestNetworkInterface -GuestCredential $guestCred -Ip $IP -Netmask $netmask -Gateway $gateway | Out-Null
#$continue = Read-Host "Hit Enter to Run Ping Tests."
$x = @()
$hosts | where { $_ -notmatch $currenthost } | foreach { $x += $_.Name }
$currenthost = TestNetwork $currenthost $currenthost $vm $gateway $guestCred
$hosts | foreach {
$currenthost = TestNetwork $currenthost $_ $vm $gateway $guestCred
}
}
Wednesday, November 5, 2014
Powershell: Get AD Users from Group with Email Address
Here's a handy script I use to Generate a list of all "Users" with email addresses within a group. It's a recursive function so it will dig through nested groups to make sure all users are picked up. It does not do checking for duplicates as I normally just open the output in Excel and run the Remove Duplicates command.
### -----------------------------------------------------------------
### Written by Matt Brown
###
### Description: Get Username / Email from All Users in AD Group
###
### Requires: ActiveDirectory Module
### -----------------------------------------------------------------
Import-Module ActiveDirectory
$group = "Employees"
$outfile = ("c:\" + $group + "_output.csv")
function RecurseMyGroup($group,$outfile) {
Write-Host ("Checking Group " + $group)
(Get-ADGroup $group -properties members).members | foreach {
$object = Get-ADObject $_ -Properties mail,samaccountname
if($object.objectClass -eq "Group") {
RecurseMyGroup $object.DistinguishedName $outfile
} else {
($object.samaccountname + "," + $object.mail) | Out-File -FilePath $outfile -Append
}
}
}
RecurseMyGroup $group $outfile
Monday, November 3, 2014
Powershell: VMWare Snapshot Report
Here's a handy script I use to send me a report on all VM's in my VMWare Environment with active snapshots. This script finds all VM's with Snapshots, creates an HTML report and emails the info to the provided list. I schedule this to run via the Task Manager automatically every week.
### -----------------------------------------------------------------
### Written by Matt Brown
###
### Description: Powershell script grabs a list of snapshots from the
### VMWare Enviornment and emails them out as a report.
###
### Requires: VMWare Powershell Extenstions
### -----------------------------------------------------------------
$thedate = Get-Date -f yyyy-MM-dd_HH-mm
$scriptname = "VMWareSnapshots.ps1"
$scriptlocation = "C:\Scripts\VMWare\"
$filename = $scriptlocation + "Transcripts\" + $thedate + "_Snapshots.rtf"
start-transcript -path $filename
$htmlOutFile = "C:\Scripts\VMWare\Reports\snapshot_list.htm"
$vCenterServer = "VC.domain.com"
$vCenterLocation = "ProductionCluster"
### Load VMWare Snapin
Add-PSSnapin -Name VMware.VimAutomation.Core
### -----------------------------------------------------------------
### Start Functions
### -----------------------------------------------------------------
function SendEmail($body,$subject=("Script ERROR: " + $scriptname + " on " + ($env:COMPUTERNAME)),$to=@("admin@domain.com"),$attFile=$false) {
$message = New-Object System.Net.Mail.MailMessage
if($attFile) {
$attachement = New-Object System.Net.Mail.Attachment($attFile)
$message.Attachments.Add($attachement)
$message.Headers.Add("message-id", "<3BD50098E401463AA228377848493927-1>") # Adding a Bell Icon for Outlook users
}
$message.From = "admin@domain.com"
$to | foreach {
$message.To.Add($_) # default is admin in function
}
$message.Subject = $subject
$bodyh = "----------------------------------------------------------------------------------------------------`n"
$bodyh += "Server: " + ($env:COMPUTERNAME) + "`n"
$bodyh += "User: " + ($env:USERDOMAIN) + "\" + ($env:USERNAME) + "`n"
$bodyh += "Location: " + $scriptlocation + $scriptname + "`n"
$bodyh += "----------------------------------------------------------------------------------------------------`n`n"
$message.Body = $bodyh + $body
$smtp = New-Object System.net.Mail.SmtpClient
$smtp.Host = "smtpserver.domain.com"
$smtp.UseDefaultCredentials = $true
$smtp.Send($message)
}
### -----------------------------------------------------------------
Connect-VIServer $vCenterServer
# HTML/CSS style for the output file
$head = ""
$title = ($vCenterLocation + " VMWare Snapshots as of ” + (get-date -Format "MM-dd-yyyy"))
$data = @()
Get-VM -Location $vCenterLocation | foreach {
$snapshots = Get-SnapShot -VM $_
if ($snapshots.Name.Length -ige 1 -or $snapshots.length){
ForEach ($snapshot in $snapshots){
$myObj = "" | Select-Object VM, Snapshot, Created, Description
$myObj.VM = $_.name
$myObj.Snapshot = $snapshot.name
$myObj.Created = $snapshot.created
$myObj.Description = $snapshot.description
$data += $myObj
}
}
}
# Write the output to an HTML file
$data | Sort-Object VM | ConvertTo-HTML -Head $head -Body (""+$title+"
") | Out-File $htmlOutFile
SendEmail ("See Attached VMWare Snapshot Report") $title (@("joe@domain.com","fred@domain.com")) $htmlOutFile
DisConnect-VIServer -Confirm:$false
stop-transcript
Subscribe to:
Posts (Atom)