Tidbits of Information from Virot
Get-ChildItem -Force
Okey I had the need to check what values were set for the Software Publishing “State”. This is the registry value where Windows stores if it should do CRL revocation check or say all okey even if the CRL is unavailable. And some other stuff. I found all the values on the MSDN page WintrustGetRegPolicyFlags. So I wrote a small Powershell function to help decode it.
And here is the function: [Read more…]
So I was reading up on the AD Module filters. I found a thing, Microsoft usually says keep it simple. I found an over complex way of initializing a date variable. So what did the documentation suggest:
|
1 |
$date = new-object System.DateTime -ArgumentList @(2007,1,1,0,0,0) |
Whoa.. Yes you can use .NET but if possible use Powershell cmdlets. Do we have any cmdlet we can use? Get-Date. Get-Date can be initialized with year, month and day.
|
1 |
$date2=Get-Date -Year 2007 -Month 1 -Date 1 |
That looks easier to read so it is better. But are they the same. And they arent. So what is the difference? Let’s convert it to the FileTime structure.
|
1 2 3 4 5 6 |
PS C:\> $date -eq $date2 False PS C:\> $date2.ToFileTime() 128120796000000001 PS C:\> $date.ToFileTime() 128120796000000000 |
Here we see that we get a 100-nanosecond difference. Im not really sure why. But now we know that if you want the real 12am you cant use Get-Date. As it will add a 100ns extra. Bonus link to MSDN article for DateTime Structure.
So I was at a customers location and well we got talking about scripts. They had the need for a script that populates a group if the user has a cellphone number configured and remove him the number is removed after.
They had already a script that did it. The script did what was needed but I felt there was room for improvement, so I got rid of a try catch where the catch was empty. That is just as bad as ON ERROR RESUME NEXT from the old VBScript days. Anyway I thought later there has got to be a better way of doing this.
This is a compressed version written from memory.
|
1 2 |
Get-ADUSer -Filter {mobile -ne ''}|{Try{Add-AdgroupMember -Identity GroupA -Member $_}Catch{}} Get-ADGroupMember GroupA|Get-ADUser -properties mobile|Where{$_.mobile -eq $Null}|ForEach{Remove-ADGroupMember -Identity GroupA -Members $_} |
So why not just be happy. Well there is still performance improvements and let the DC do the heavy lifting. Lets start using LDAPFilter.
|
1 2 3 4 5 |
$GroupDN=Get-ADGroup GroupA|Select-Object -ExpandProperty DistinguishedName #Start by adding all members that have a mobile number but not member of the group. Add-ADGroupMember -Identity $GroupDN -Members (Get-ADUser -LDAPFilter "(&(mobile=*)(!(memberof=$GroupDN)))") #Then remove all group members that dont have a mobile number. Remove-ADGroupMember -Identity $GroupDN -Members (Get-ADUser -LDAPFilter "(&(!(mobile=*))(memberof=$GroupDN))") -Confirm:$False |
Okay so now we got new requirements of course but that is really simple. Lets just instruct the Get-ADUser to search only in one part using SearchBase.
|
1 |
Get-ADUser -Searchbase 'OU=Company,DC=domain,DC=tld' -LDAPFilter ..... |
So just add the searchbase parameter and path.
First lets check what Microsoft says about the GUID:
“GUIDs are the Microsoft implementation of the distributed computing environment (DCE) universally unique identifier (UUID)”
Well what is a UUID then? Lets check RFC4122:
This specification defines a Uniform Resource Name namespace for
UUIDs (Universally Unique IDentifier), also known as GUIDs (Globally
Unique IDentifier). A UUID is 128 bits long, and can guarantee
uniqueness across space and time. UUIDs were originally used in the
Apollo Network Computing System and later in the Open Software
Foundation’s (OSF) Distributed Computing Environment (DCE), and then
in Microsoft Windows platforms.
So now we know that the GUID is a value which should be unique (there is not such thing as a guaranteed unique since there is no central authority). So lets check how the GUID is built and why this entry is needed.
Lets look at a sample GUID ED7BA470-8E54-465E-825C-99712043E01C. Here there is a small difference between the UUID and the GUID specification, but it does not change anything. Both start using one 32bit Unsigned Integer followed by two 16bit Unsigned Integers. Then the UUID is specified as two 8bit Unsigned Integers followed by 6 bytes. Where as the GUID is specified as 8 bytes. But it does nothing to change the problem or the solution so lets leave it as 8 bytes.
RFC4122 specifies that the GUID must be precented as big endian but Intel processors are little endian. This is where the problem comes from. There are some applications that read the GUID in little endian format and store it as a string which does not do the little to big endian conversion by magic. In these cases you need to use a cmdlet as mine to convert between the endian formats. [Read more…]
I got a request from a system owner what was the SID of the domain since their license was bound to the domain SID. The Domain SID is not really that is going to change and its really unlikely that anyone will collide with yours, so not really a bad choice.
Anyways if you have the Active Directory Powershell module its really easy to do this. Without the AD Powershell module its not really that hard either, but Im lazy when the three latest published versions of Windows has the modules available I feel that I can skip doing it the long way.
Lets continue with the show:
|
1 2 3 4 5 6 7 8 |
PS C:\Users\virot> Import-Module ActiveDirectory PS C:\Users\virot> (Get-ADForest).Domains| %{Get-ADDomain -Server $_}|select name, domainsid name domainsid ---- --------- test S-1-5-21-15748454-485475757-1574545454 subdomain S-1-5-21-4545185484-4581287845-1575484548 another S-1-5-21-1112151888-844548645-148348348 |
And there we go, easy as 1-2-3
So the first question might be why should I even care about this. I have heard things like “I am running Windows version xxx, so I have a tombstone life of 180 days.”. This might not be the case, the tombstone lifetime is set at the time of the promotion of the first domain controller in the forest. So okey if you have have an old forest running on a new Windows version you cant be sure that the tombstone life what you want. To make things a bit more silly, Microsoft decided during Windows 2003 to increase the value from the default of 60 days to 180 days. Jane Lewis wrote a Technet blog about this in 2006, but this is still an area where you can find forests which still run with a 60 day tombstone lifetime. Microsoft has a nice article about this, but I like powershell instead of dsquery.
|
1 2 3 |
Import-Module ActiveDirectory $ConfNameContext = Get-ADRootDSE | Select-Object -Expandproperty configurationNamingContext Get-ADObject -Identity “CN=Directory Service,CN=Windows NT,CN=Services,$ConfNameContext” -properties tombstonelifetime |Format-List |
If no value..Note the value in the Value column. If the value is <not set>, the value is 60 days. [Read more…]
So I was doing some scripting and and after a while the code got a bit bigger than just one line. So I decided it is time to bring out the big guns enter PowerShell Integrated Scripting Environment (ISE). So I copied the oneliner that was working perfectly into the ISE and noticed that it wasn’t working anymore. So what black magic was changing what I just had copied and pasting into the ISE.
|
1 2 3 4 |
$array = ('Row1 Row2 Row3').split() $array.count |
So after a bit of research I found out the following logic.
When running by just inserting the text into a Powershell window everything is great. When I tried both just executing a ps1 file or from the ISE I got the following results:
A friend is doing a project where he is downloading files from the internet using powershell. Well files in a Unix system can have lots of characters you cant use in a Window systems. So what kind of characters could that be? Backslashes \, slashes / and many more, in all a lot of characters. So lets try to do a list of all invalid characters, well I think we will miss some. Lets get Windows to tell us.
[System.IO.Path]::GetInvalidFileNameChars()
Powershell .NET function call to list invalid filename characters
So I was a bit lazy when I setup my home network the from the begining, I used the default vlan (1). So now this has haunted me for so long that I thought: It’s time to fix it.. So first this is still my private network. So I decided to use vlan 5 instead. So how do I make the transition easy for me and my networking equipment? Lets just loop vlan 1 and vlan 5. So a short ethernet cable later all machines on both vlan 1 and 5 can talk to each other.
So first of do I even have any virtual machines in my Hyper-V that is running on the default vlan? With the help of a simple Powershell query we shall soon find out.
|
1 |
Get-VM *|Get-VMNetworkAdapterVlan | ?{$_.accessvlanid -eq 1} |
Lets break it down. First we get all virtual machines on the current host. Then we get all adapters on those virtual machines. And last a where AccessVlanID is 1. Simple as 1-2-3. [Read more…]
So my default verbose and debug messages might not really be good looking, so I needed to standardize how I wrote them. I wanted the time, function name and message to be printed and standardized. So I came up with this invoke way.
Well first we need to save the standard to a variable and then execute it when needed. Well that is easy in powershell.
|
1 2 |
$command = {Get-Date} &$command |
That command first will save the script block to be run in the $command variable and then using the invoke operator runs it. If you run the later command again you will notice that the Get-Date is executed now to.
But we wanted to add the function name too. So lets look into that. I wrote an article before that talked about good constants in Powershell. These aren’t really constants but Powershell variables that powershell itself populates. Tada if you look in $MyInvocation.MyCommand.Name you will find the current functionname. So lets try that on the commandline:
|
1 2 3 |
PS C:\> $MyInvocation.MyCommand.Name PS C:\> |
Well I didn’t get any output.. Well I’m not running in a function am I? So lets build a function and then throw it in.
|
1 2 3 4 |
function Test-VirotFunction { "This used to be my playground $($MyInvocation.MyCommand.Name)" } Test-VirotFunction |
Okey so that works. But remember that we will do another invoke later and that will get a new $MyInvocation. So lets add a message instead. That feels just like building a function, add a param and a variablename.
|
1 2 3 |
$PS C:\> $message = {param($string)"You sent: $string"} PS C:\> &$message 'Hello' You sent: Hello |
|
1 2 3 4 5 6 7 8 9 10 |
Function Test-VirotMessages{ [CmdletBinding()] Param() Process { $DebugMessage = {Param([string]$Message);"$(get-date -Format 's') [$($MyInvocation.MyCommand.Name)]: $Message"} Write-Verbose (&$DebugMessage 'Testing Verbose message') } } Test-VirotMessages -Verbose |
Hey.. why did I not get the correct output? Well you did.. In a way. MyInvocation does provide information about the current invocation, but you are invoking the script block right? So how do we get the MyInvocation from the function. We have to dig a little in powershell scoping. I can access the MyInvocation of the function by calling Get-Variable -Scope 1 MyInvocation -ValueOnly. So what is that scope 1? That tells the cmdlet to walk up 1 level in the invocation stack and get the variable there, in this case the calling function.