PowerShell for Windows Admins


November 9, 2013  11:04 AM

Windows Surface RT upgrade to Windows 8.1

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Having seen the comments regarding the removal of the RT upgrade to Windows 8.1 from the Windows app store I was surprised to see it had re-appeared last night.

Late this morning I started the upgrade. Its a 2GB+ download so make sure your Surface is plugged into the mains!

The download wasn’t a speedy affair but it progressed and immediately cut into the upgrade. Everything seemed to go well – usual questions regarding accepting T&Cs and configuration. Express seems to work OK.

The usual Windows.old is left behind (2GB+) so used Disk Cleanup to delete that through the Clean up System Files button and selecting to remove previous windows installations – see http://windows.microsoft.com/en-GB/windows-8/how-remove-windows-old-folder

The apps that I had installed appear to be preserved and at the moment everything looks good. A painless upgrade for me. Hopefully the earlier reported issues are all resolved.

November 8, 2013  3:01 PM

Get-ADUser issue fixed

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

I reported in this post http://richardspowershellblog.wordpress.com/2013/11/06/get-aduser-issue/ an issue with Get-ADUser under PowerShell 4.0 on Windows 8.1/2012 R2 where using –Properties * caused a failure.

I had a comment that this is schema related and a schema upgrade fixes the problem.

My starting point is a Windows 20012 domain

£> Get-ADDomain | ft DomainMode -a

DomainMode
———-
Windows2012Domain

And I have schema version 56

On a Windows 2012 R2 member server I try get-aduser

£> Get-ADUser -Identity richard -Properties *
Get-ADUser : One or more properties are invalid.
Parameter name: msDS-AssignedAuthNPolicy
At line:1 char:1
+ Get-ADUser -Identity richard -Properties *
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (richard:ADUser) [Get-ADUser], ArgumentException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Comm
ands.GetADUser

Now lets try the schema upgrade – looks like it goes to version 69 – that’s quite a big upgrade. Once the upgrade has been performed – let the schema replication occur & reboot the Windows 2012 R2 member server just to make sure nothing is cached that could affect the result.

Now to re-try Get-AdUser

Get-ADUser -Identity richard -Properties *
Get-ADUser -Identity richard -Property *

Both work – we have a winner. If you are seeing this problem the answer is to upgrade your schema. You don’t need to upgrade the Domain Controllers just the schema.

Its a bit naught that this happens – I don’t remember similar problems putting a Windows 8/2012 machine with PowerShell 3.0 into a Windows 2008 r2 domain


November 8, 2013  1:17 PM

Why are Windows devices 2nd class citizens for Kindle apps?

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

One of the useful things about Amazon’s Kindle ecosystem is that you can buy ebooks formatted for Kindle from other vendors and email them into your personal documents library. They can then be sent to your Kindle device or app.

Well they can be sent to a Kindle device or they can be sent to a Kindle app on an iPad. They can’t be sent to a Kindle app on a Windows device – that’s the desktop app downloaded from Amazon or the app from the Windows store for Windows 8.

Come on Amazon – lets have some equality here


November 6, 2013  1:11 PM

Get-ADUser issue

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

By default Get-ADUser returns a limited number of properties. If you wanted to see all properties on a user account you would do this

Get-Aduser –Identity richard –Properties *

This option appears to be broken in Windows 2012 R2 / PowerShell 4

PS C:\Windows\system32> Get-ADUser -Identity richard -Properties *

Get-ADUser : One or more properties are invalid.
Parameter name: msDS-AssignedAuthNPolicy
At line:1 char:1
+ Get-ADUser -Identity richard -Properties *
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (richard:ADUser) [Get-ADUser], ArgumentException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Commands.GetADUser

You can work round the problem like this:

Get-ADUser -Identity richard| Get-ADObject -Properties *


November 6, 2013  12:52 PM

Active Directory Lunches MEAPs chapter 21

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Manning have released an update MEAP for Active Directory Management in a Month of Lunches. This one adds chapter 21 and appendix B.

Almost done now. Enjoy


November 4, 2013  3:05 PM

Managed by for groups

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Many Active Directory objects have a ManagedBy attribute that shows the business owner of the group. Setting this doesn’t confer rights to manage the object. However in AD users and computers if you look at the Managed by tab for a group you will see a check box with the label “Manager can update membership list”

This doesn’t set an attribute – it sets permissions on the group members property. The Microsoft cmdlets don’t handle AD permissions – a major omission in my mind – but if you have a copy of the Quest cmdlets handy you can do this

$user = Get-QADUser -Identity dgreen

$group = Get-QADGroup -Identity Accounts -IncludeAllProperties
$group | Set-QADGroup -ManagedBy $user

$group | Add-QADPermission -Property Member -Account $user -ApplyTo ThisObjectOnly -Rights WriteProperty

Get the user and group objects. Set the managedBy property using Set-QADGroup. There is a switch to enable the manager update the membership list but you need Active Roles running to use it.

Instead use Add-QADPermission and define the property, the account to be granted the permissions, limit inheritance and state the permission being granted.

You can never have to many cmdlets even if you don’t use them that often.


November 4, 2013  3:43 AM

Scripting Guy–capacity planning

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

First post in a short series on capacity planning now available on the Scripting Guy blog

http://blogs.technet.com/b/heyscriptingguy/archive/2013/11/04/the-admin-s-first-steps-capacity-planning.aspx


November 2, 2013  2:50 PM

Useful PowerShell resources

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Want to know more about using PowerShell in these contexts:

File system
Arrays and Hash tables
Date, Time & Culture
Objects & Types
WMI
Regular Expressions
Then head over to http://powershell.com/cs/media/28/default.aspx

and look at the PowerTips Monthly volumes

Enjoy


October 31, 2013  2:58 PM

A thought for Halloween

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Just a quick thought

31 OCT = 25 DEC

Enjoy


October 31, 2013  11:58 AM

Book offers from Manning

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

those really nice people at www.manning.com have some real bargains this weekend:

Thursday October 31–Half off all MEAPs

Friday November 1–Half off all pBooks

Saturday November 2–Half off all eBooks

Sunday November 3–Half off any purchase

enjoy


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: