One of the useful things about Amazon’s Kindle ecosystem is that you can buy ebooks formatted for Kindle from other vendors and email them into your personal documents library. They can then be sent to your Kindle device or app.
Well they can be sent to a Kindle device or they can be sent to a Kindle app on an iPad. They can’t be sent to a Kindle app on a Windows device – that’s the desktop app downloaded from Amazon or the app from the Windows store for Windows 8.
Come on Amazon – lets have some equality here
By default Get-ADUser returns a limited number of properties. If you wanted to see all properties on a user account you would do this
Get-Aduser –Identity richard –Properties *
This option appears to be broken in Windows 2012 R2 / PowerShell 4
PS C:\Windows\system32> Get-ADUser -Identity richard -Properties *
Get-ADUser : One or more properties are invalid.
Parameter name: msDS-AssignedAuthNPolicy
At line:1 char:1
+ Get-ADUser -Identity richard -Properties *
+ CategoryInfo : InvalidArgument: (richard:ADUser) [Get-ADUser], ArgumentException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Commands.GetADUser
You can work round the problem like this:
Get-ADUser -Identity richard| Get-ADObject -Properties *
Manning have released an update MEAP for Active Directory Management in a Month of Lunches. This one adds chapter 21 and appendix B.
Almost done now. Enjoy
Many Active Directory objects have a ManagedBy attribute that shows the business owner of the group. Setting this doesn’t confer rights to manage the object. However in AD users and computers if you look at the Managed by tab for a group you will see a check box with the label “Manager can update membership list”
This doesn’t set an attribute – it sets permissions on the group members property. The Microsoft cmdlets don’t handle AD permissions – a major omission in my mind – but if you have a copy of the Quest cmdlets handy you can do this
$user = Get-QADUser -Identity dgreen
$group = Get-QADGroup -Identity Accounts -IncludeAllProperties
$group | Set-QADGroup -ManagedBy $user
$group | Add-QADPermission -Property Member -Account $user -ApplyTo ThisObjectOnly -Rights WriteProperty
Get the user and group objects. Set the managedBy property using Set-QADGroup. There is a switch to enable the manager update the membership list but you need Active Roles running to use it.
Instead use Add-QADPermission and define the property, the account to be granted the permissions, limit inheritance and state the permission being granted.
You can never have to many cmdlets even if you don’t use them that often.
First post in a short series on capacity planning now available on the Scripting Guy blog
Want to know more about using PowerShell in these contexts:
Arrays and Hash tables
Date, Time & Culture
Objects & Types
Then head over to http://powershell.com/cs/media/28/default.aspx
and look at the PowerTips Monthly volumes
Just a quick thought
31 OCT = 25 DEC
those really nice people at www.manning.com have some real bargains this weekend:
Thursday October 31–Half off all MEAPs
Friday November 1–Half off all pBooks
Saturday November 2–Half off all eBooks
Sunday November 3–Half off any purchase
WMI Query Language – WQL – is used to either form a query directly or indirectly in the –Filter parameter of Get-WmiObject and Get-CimInstance.
$query = “SELECT * FROM Win32_LogicalDisk WHERE DriveType = 3”
Get-CimInstance -Query $query
OR using the –Filter parameter
Get-CimInstance -ClassName Win32_LogicalDisk -Filter “DriveType = 3”
WQL is a limited subset of SQL.
If you want to find out more there is a help file available in PowerShell 3.0 and above
get-help about_WQL -ShowWindow
Manning’s deal of the day is Learn SCCM 2012 in a Month of Lunches – get 50% off – today only at www.manning.com