PowerShell for Windows Admins


June 29, 2015  12:06 PM

CIM filters

Richard Siddaway Richard Siddaway Profile: Richard Siddaway
CIM, Powershell, WMI

I was looking up Win32_SystemDriver on the MSDN site and noticed there was some PowerShell example code

Get-WmiObject -Class Win32_SystemDriver |
Where-Object -FilterScript {$_.State -eq “Running”} |
Where-Object -FilterScript {$_.StartMode -eq “Manual”} |
Format-Table -Property Name,DisplayName

A better way to write this would be:

Get-WmiObject -Class Win32_SystemDriver -Filter “State=’Running’ AND StartMode=’Manual'” | Format-Table -Property Name, DisplayName –AutoSize

or

Get-CimInstance -ClassName Win32_SystemDriver -Filter “State=’Running’ AND StartMode=’Manual'” | Format-Table -Property Name, DisplayName -AutoSize

Do the filtering in the CIM call – especially if you’re running this against a number of remote machines. That way you limit the network traffic you’re returning

June 29, 2015  9:12 AM

Parsing ipconfig /displaydns with regular expressions

Richard Siddaway Richard Siddaway Profile: Richard Siddaway
DNS, Powershell

In yesterdays post I used a series of split operations to parse the strings produced by ipconfig /displaydns

 

Regular expressions should give a more power full way to perform this task. Not being a big fan of regular expressions I tend not to use them but for the sake of experimentation I thought I’d try and figure out a set of regex to use.

 

This is as far as I’ve got

 

$props = [ordered]@{
RecordName = “”
RecordType = “”
Section    = “”
TimeToLive = 0
DataLength = 0
Data       = “”
}

$recs = @()

$cache = ipconfig /displaydns
for($i=0; $i -le ($cache.Count -1); $i++) {
if ($cache[$i] -like ‘*Record Name*’){
$rec = New-Object -TypeName psobject -Property $props
$rec.RecordName = $cache[$i] -replace “(\s*\w*){2}(\s\.){5}(\s\:\s)”, “”
$rec.Section = $cache[$i+4] -replace “\s*\w*(\s\.){7}(\s\:\s)”, “”
$rec.TimeToLive = $cache[$i+2] -replace “(\s*\w*){3}\s(\s\.){4}(\s\:\s)”, “”
$rec.DataLength = $cache[$i+3] -replace “(\s*\w*){2}(\s\.){5}(\s\:\s)”, “”

$irec = ($cache[$i+5] -split “: “)
$rec.RecordType = ($irec[0].TrimStart() -split ‘ ‘)[0]
$rec.Data = $irec[1]

$recs += $rec
}
else {
continue
}
}

$recs | Format-Table –AutoSize

 

I still need to work out how to process the data and record type using regular expressions


June 28, 2015  1:53 PM

Parsing ipconfig /displaydns

Richard Siddaway Richard Siddaway Profile: Richard Siddaway
DNS, Powershell

 

A recent question on the forum asked how you could get the contents on Windows 7 machines and earlier.

On later machines – Windows 8 and above –  its easy because you can use Get-DnsClientCache from the DnsClient module. This module is based on CIM classes that aren’t present on Windows 7 and earlier systems.

You can use ipconfig /displaydns to display the data but it looks like this

Record Name . . . . . : ns-nw.noaa.gov
Record Type . . . . . : 1
Time To Live  . . . . : 81966
Data Length . . . . . : 4
Section . . . . . . . : Additional
A (Host) Record . . . : 161.55.32.2

so you need to parse the strings into a format that you can work with.

This is one solution

$props = [ordered]@{
RecordName = “”
RecordType = “”
Section    = “”
TimeToLive = 0
DataLength = 0
Data       = “”
}

$recs = @()

$cache = ipconfig /displaydns
for($i=0; $i -le ($cache.Count -1); $i++) {
if ($cache[$i] -like ‘*Record Name*’){
$rec = New-Object -TypeName psobject -Property $props
$rec.RecordName = ($cache[$i] -split -split “: “)[1]
$rec.Section = ($cache[$i+4] -split -split “: “)[1]
$rec.TimeToLive = ($cache[$i+2] -split -split “: “)[1]
$rec.DataLength = ($cache[$i+3] -split -split “: “)[1]

$irec = ($cache[$i+5] -split “: “)
$rec.RecordType = ($irec[0].TrimStart() -split ‘ ‘)[0]
$rec.Data = $irec[1]

$recs += $rec
}
else {
continue
}
}

$recs | Format-Table –AutoSize

Create an ordered hash table of output properties and an empty array to hold the results.

Get the output of  ipconfig /displaydns into $cache which will be an array of strings

Loop through $cache

if the record is like *Record Name*’ then process that record and the next five records to give the results.  The actual data record is split twice to give the record type and the data – otherwise you’ll have to translate the numeric values in the Record Type line.

The results are put into an object which is added to the output array.

Continue looping through $cache until you meet the next line with a Record Name or end of file.

Finally display the results.

This works but is messy – I’m going to investigate alternatives


June 27, 2015  10:50 AM

Scripting Games

Richard Siddaway Richard Siddaway Profile: Richard Siddaway
Powershell

See what’s happening with the Scripting Games –  http://blogs.technet.com/b/heyscriptingguy/archive/2015/06/27/powershell-spotlight-yeah-it-s-the-scripting-games.aspx

Thank about the requirements and offer to help as outlined in the article.


June 27, 2015  9:58 AM

Multiple LDAP filters

Richard Siddaway Richard Siddaway Profile: Richard Siddaway
Active Directory, Powershell

Continuing our look at LDAP filters – remember the data set in use:

£> Get-ADUser -SearchBase ‘OU=Testing,DC=Manticore,DC=org’  -Properties * -Filter * | select Name

Name
—-
Dave Green
Dave Brown
Dave White
Jo Daven
Fred Green
Dale Greensmith
Dave Greenly

Individual filters work like this

£> Get-ADUser -SearchBase ‘OU=Testing,DC=Manticore,DC=org’  -Properties * -LDAPFilter ‘(givenName=Fred)’ | select Name

Name
—-
Fred Green
£> Get-ADUser -SearchBase ‘OU=Testing,DC=Manticore,DC=org’  -Properties * -LDAPFilter ‘(sn=Green)’ | select Name

Name
—-
Dave Green
Fred Green

You have two options for joining filters:

AND – uses & symbol

OR – uses | symbol

£> Get-ADUser -SearchBase ‘OU=Testing,DC=Manticore,DC=org’  -Properties * -LDAPFilter ‘(&(givenName=Fred)(sn=Green))’ |
select Name

Name
—-
Fred Green
£> Get-ADUser -SearchBase ‘OU=Testing,DC=Manticore,DC=org’  -Properties * -LDAPFilter ‘(|(givenName=Fred)(sn=Green))’ |
select Name

Name
—-
Dave Green
Fred Green


June 26, 2015  2:16 PM

AD module cmdlets accepting LDAPfilter

Richard Siddaway Richard Siddaway Profile: Richard Siddaway
Active Directory, Powershell

In case you were wondering which cmdlets in the Active Directory module allowed you to use LDAP filters

 

£> Get-Command -Module ActiveDirectory -ParameterName LDapFilter

 

Name
—-
Get-ADAuthenticationPolicy
Get-ADAuthenticationPolicySilo
Get-ADCentralAccessPolicy
Get-ADCentralAccessRule
Get-ADClaimTransformPolicy
Get-ADClaimType
Get-ADComputer
Get-ADFineGrainedPasswordPolicy
Get-ADGroup
Get-ADObject
Get-ADOptionalFeature
Get-ADOrganizationalUnit
Get-ADResourceProperty
Get-ADResourcePropertyList
Get-ADResourcePropertyValueType
Get-ADServiceAccount
Get-ADTrust
Get-ADUser


June 26, 2015  2:10 PM

Basic LDAP filters

Richard Siddaway Richard Siddaway Profile: Richard Siddaway
Active Directory, Powershell

I recently showed how to create an LDAP filter for an attribute that wasn’t set.  I thought it would be useful to show some other LDAP filters.

The examples are from a testing OU in my AD

£> Get-ADUser -SearchBase ‘OU=Testing,DC=Manticore,DC=org’  -Properties * -Filter * | select Name

Name
—-
Dave Green
Dave Brown
Dave White
Jo Daven
Fred Green
Dale Greensmith
Dave Greenly

Finding objects where an attribute matches a given value is probably the easiest:

£> Get-ADUser -SearchBase ‘OU=Testing,DC=Manticore,DC=org’  -Properties * -LDAPFilter ‘(sn=Green)’ | select Name

Name
—-
Dave Green
Fred Green

£> Get-ADUser -SearchBase ‘OU=Testing,DC=Manticore,DC=org’  -Properties * -LDAPFilter ‘(givenName=Dave)’ | select Name

Name
—-
Dave Green
Dave Brown
Dave White

You can also match on substrings

£> Get-ADUser -SearchBase ‘OU=Testing,DC=Manticore,DC=org’  -Properties * -LDAPFilter ‘(sn=Gre*)’ | select Name

Name
—-
Dave Green
Fred Green
Dave Greenly
Dale Greensmith

£> Get-ADUser -SearchBase ‘OU=Testing,DC=Manticore,DC=org’  -Properties * -LDAPFilter ‘(name=D*G*)’ | select Name

Name
—-
Dave Green
Dale Greensmith
Dave Greenly

You can also use an Ambiguous Name Resolution (ANR) filter which expands the filter to check a number of properties including:

displayname

givenname

proxyaddress

name

samaccountname

sn (surname)

£> Get-ADUser -SearchBase ‘OU=Testing,DC=Manticore,DC=org’  -Properties * -LDAPFilter ‘(anr=Green)’ | select Name

Name
—-
Dave Green
Fred Green
Dale Greensmith
Dave Greenly

ANR is useful if you’re not sure what attributes to use but is a more expensive search option as you have to scan a number of attributes per object – indexed attributes help speed the process but its still quicker to hit a single attribute

Next time we’ll look at combining


June 24, 2015  1:47 PM

DSC resources

Richard Siddaway Richard Siddaway Profile: Richard Siddaway
Powershell

New DSC resources are available on the PowerShell gallery.  See

http://blogs.msdn.com/b/powershell/archive/2015/06/23/dsc-resource-kit-flourishes-as-open-source.aspx

for details.

Note the comment about DSC resource kit will no longer be published as waves but will be updated on the PowerShell gallery as required.

There is also a post showing some examples of writing DSC resources against a singleton instance

http://blogs.msdn.com/b/powershell/archive/2015/06/23/want-to-write-a-dsc-resource-where-only-a-single-instance-can-be-configured.aspx


June 23, 2015  2:46 PM

LDAP filter for a property that isn’t set

Richard Siddaway Richard Siddaway Profile: Richard Siddaway
Active Directory, Powershell

Filtering on a particular LDAP property is straight forward

Get-ADUser -SearchBase ‘OU=Testing,DC=Manticore,DC=org’  -Properties * -Filter {Title -eq ‘Boss’}

 

You can also use an LDAP filter

Get-ADUser -SearchBase ‘OU=Testing,DC=Manticore,DC=org’  -Properties * -LDAPFilter ‘(Title=Boss)’

I prefer LDAP filters as I find them more powerful and the I can use them in the GUI tools.

I was recently asked how do I filter on  a property that isn’t set. That’s a bit more tricky as  AD  doesn’t store a value if the property isn’t set.

You can do this with an LDAP filter

Get-ADUser -SearchBase ‘OU=Testing,DC=Manticore,DC=org’  -LDAPFilter ‘(!(Department=*))’  -Properties *

 

(Department=*) searches for accounts where department is set

(!(Department=*)) searches for accounts where its not set

 

Note that the filter is =*

You can’t use other characters

You can also check for multiple properties that aren’t set

 

Get-ADUser -SearchBase ‘OU=Testing,DC=Manticore,DC=org’  -LDAPFilter ‘(&(!(Company=*))(!(Department=*)))’  -Properties *

 

The & in the filter means AND.  Note how the filter is constructed though with the individual filters after the &

 


June 16, 2015  2:01 PM

Service startup type

Richard Siddaway Richard Siddaway Profile: Richard Siddaway
CIM, Powershell

Get-Service has been part of PowerShell since version 1. One thing it doesn’t do though is display the service startup type:

£> Get-Service | select -f 1 | fl *
Name                : 7f11b722
RequiredServices    : {}
CanPauseAndContinue : False
CanShutdown         : False
CanStop             : True
DisplayName         : AppendRunner
DependentServices   : {}
MachineName         : .
ServiceName         : 7f11b722
ServicesDependedOn  : {}
ServiceHandle       : SafeServiceHandle
Status              : Running
ServiceType         : Win32OwnProcess
Site                :
Container           :

You need to use the Win32_Service CIM class to get that information:

£> Get-CimInstance -ClassName Win32_Service -Filter “DisplayName = ‘AppendRunner'” | fl *
Name                    : 7f11b722
Status                  : Degraded
ExitCode                : 0
DesktopInteract         : False
ErrorControl            : Ignore
PathName                : “C:\windows\system32\rundll32.exe” “c:\Program Files
(x86)\AppendRunner\AppendRunner.dll”,serv
ServiceType             : Own Process
StartMode               : Auto
Caption                 : AppendRunner
Description             :
InstallDate             :
CreationClassName       : Win32_Service
Started                 : True
SystemCreationClassName : Win32_ComputerSystem
SystemName              : RSSURFACEPRO2
AcceptPause             : False
AcceptStop              : True
DisplayName             : AppendRunner
ServiceSpecificExitCode : 0
StartName               : LocalSystem
State                   : Running
TagId                   : 0
CheckPoint              : 0
ProcessId               : 1568
WaitHint                : 0
PSComputerName          :
CimClass                : root/cimv2:Win32_Service
CimInstanceProperties   : {Caption, Description, InstallDate, Name…}
CimSystemProperties     : Microsoft.Management.Infrastructure.CimSystemProperties

 

If you want to see the startup type for all services

Get-CimInstance -ClassName Win32_Service | Format-Table Name, DisplayName, State, StartMode –AutoSize

If you wan to group by start mode:

£> Get-CimInstance -ClassName Win32_Service | sort StartMode | Format-Table Name, DisplayName, State, StartMode -GroupBy
StartMode –AutoSize

The sort is essential otherwise a new group will be generated every time the start mode changes

 


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: