The PowerShell Summit 2014 NA is now over ! The organizers really did an awesome work !! I can't wait for next year!! In 2015 the event will be hosted in Charlotte, NC around the same time.PshSummit 2014 NA serie posts:
PowerShell Summit 2014 NA - Day 1
PowerShell Summit 2014 NA - Iron Scripter Competition
PowerShell Summit 2014 NA - Day 2
PowerShell Summit 2014 NA - Day 3 (current post)
Anyway, here is my small Day 3 retrospective:
 |
| Using PowerShell to Configure Secure Environments and Delegated Administration with Mark Gray and Hemant Mahawar |
 |
| Using PowerShell to Configure Secure Environments and Delegated Administration with Mark Gray and Hemant Mahawar New threats are coming from inside the company, typically due to admins or users who were granted too much permissions. It's easier to give full permissions instead of granular rights |
 |
| Using PowerShell to Configure Secure Environments and Delegated Administration with Mark Gray and Hemant Mahawar Plan of attack (or Defense) against threats coming from inside the domain Phase 1: Create an Isolated Environment Phase 2: Limit Access Phase 3: Add Server securely Phase 4: Configure Servers |
 |
| PowerShell and the Web - Leveraging Web Services with Trond Hindenes "After working with JSON, going back to XML looks like Japanese toilets" |
 |
| Typical 15 minutes break between sessions, best moment for networking |
 |
| Monitoring using PowerShell with Josh Swenson Josh showed us some script he created within the last years to monitor and report different information like:
|
 |
| View from the Meydenbauer Center Bellevue |
 |
| Detailing your objects with Kirk Freiheit Kirk talked about formatting objects, creating views, serialization-deserialization.... |
 |
Scripting PowerShell Best Practices with Ed Wilson (Scripting Guy)
|
 |
| Monad Manifesto Revisited - Jeffrey Snover Jeffrey did a retrospective of the Monad Manifesto initially wrote in 2002, |
 |
| Monad Manifesto Revisited - Jeffrey Snover Talking about the Monad Automation Model |
 |
| Monad Manifesto Revisited - Jeffrey Snover Talking about what is next for PowerShell! The Future looks awesome! :-) |
 |
| PshSummit 2014 is over... time to leave but not without a hug from Teresa (Scripting Wife) !! |
Thanks for reading! If you have any questions, leave a comment or send me an email at fxcat@lazywinadmin.com. I invite you to follow me on Twitter @lazywinadm / Google+ / LinkedIn. You can also follow the LazyWinAdmin Blog on Facebook Page and Google+ Page.
Hello !
ReplyDeletei tried your script and it doesn't work here. But, when i try without the script, every params works well
powershell said to me "check yours arguments" and this is the error message : ERROR_INVALID_PARAMETER 87 0x57
so i dont know what i do :/
ok, i found my mistake :D
ReplyDeleteexcel convert each column by ; and csv waiting for , so i replace each ; by , :)
works good, thx a lot for this awesome script :D
Hi Tetz! Awesome!
ReplyDeleteThanks for your message, Happy this works for you :-)
I have an interesting problem and I hope you guys can help.. I am all forwards and no reverses.
ReplyDeletei.e., how can we do this while *creating* the reverse zones as needed? I want to enumerate all of the forward records from multiple forward zones and create all of the associated PTR records. I do this by spitting out all the domain names, then using that to spit out all of the zone data from each zone into a separate file. this is where I run into a problem. I have MANY domains and PTR records must behave independently from them. So, I need to enumerate each domain's A records, create the reverse zone, and put all of that data where it belongs. in the end, we have c:\DNS_A_records.csv that is full of data in the "servername.domain.com","10.0.0.1" format with a different record on each line. this is what I must use to *create* and *populate* the reverse zones. here is where I am so far:
batch script 1:
###enumerate forward dns zones,
dnscmd /enumzones > c:\AllZones.txt
###dump forward zone data for each domain into a separate file, maybe we can use this later?
for /f %a in (c:\AllZones.txt) do dnscmd /ZoneExport %a export\%a.txt
powershell script 1:
###then i reformat each line (domain) of output to resemble this: $DNS_Zones += "domain1.com"
#empty the array to prevent unpredictable behavior
$DNS_Zones = @();
get-content c:\AllZones.txt | foreach-object {
add-content c:\output.txt "`$DNS_Zones += $([char]34)$_$([char]34)"
}
powershell script 2:
###dump A records from all enumerated forward zones, using data from AllZones.txt to populate the $DNS_Zones array:
#VARIABLES
$scriptpath = $MyInvocation.MyCommand.Path
$dir = Split-Path $scriptpath
$CSV = "c:\DNS_A_records.csv"
#parameters
$DNSServer = "dns.domain.com"
#SCRIPT MAIN
clear
$DNS_Zones += "domain1.com"
$DNS_Zones += "domain2.net"
$DNS_Zones += "domain3.org" ###imagine about 500 more lines with various domains just like this
$hosts = @()
$DNS_Zones | % {
$zone = $_
Write-Host "Getting DNS A records from $zone"
$DNS_A_records = @(Get-WmiObject -Class MicrosoftDNS_AType -NameSpace Root\MicrosoftDNS -ComputerName $DNSServer -Filter "ContainerName = `'$zone`'")
$DNS_A_records | % {
$hostA = "" | select "hostname","IPAddress"
$hostA.hostname = $_.OwnerName
$hostA.IPAddress = $_.IPAddress
$hosts += $hostA
}
}
$hosts = $hosts | Sort-Object @{Expression={[Version]$_.IPAddress}}
$hosts | Export-Csv $CSV -NoTypeInformation -Force
Hello all, I'm getting an error saying "the term ' dnscmd.exe' is not the name of a cmdlet,function,script file or operabel program...Anyone know what is wrong?
ReplyDeleteGot it working now with this code:
ReplyDelete$dns="dnsserver"
$zone="zonse"
Import-Csv c:\temp\script\powershell\Dns.csv | ForEach-Object {
dnscmd $dns /recordadd $zone $($_.name) A $($_.ip)
Got it working with PTR record as well:
ReplyDelete$dns="dnsserver"
$zone="zone"
Import-Csv c:\temp\script\powershell\Dns_reverse4.csv | ForEach-Object {
dnscmd $dns /recordadd $zone $($_.ip) PTR $($_.name)
}
the prepared csv file must be in format:
Name IP
S002Dbixxx 201.71.1
Thanks for your comment Anders, sorry did not see your message ealier! :-)
ReplyDeleteGood to see your fixed the problem.
We're using this where I work so supervisors and above can unlock accounts to cut down on the number of calls to IT. The thing is - everyone can run the script but it only works for those with the right permissions. If someone doesn't have permissions, nothing tells them that. They assume it worked. I'm trying to figure out how to display a message stating that the person doesn't have permissions to unlock an account if they try to use it and don't have the proper rights/permissions to do so. Can you help?
ReplyDeleteHi Stephen, Thanks for your comment.
ReplyDeleteI will update the script to show the errors in a few days.
Awesome. That would be great...I've had two calls now from people trying to use the app/script to unlock someone's AD account to say it doesn't work. I've had to explain to them it does work, they just don't have permissions to unlock accounts.
ReplyDeleteI've been running ESX for a long time and have lots of vms that are hardware version 4, sounds like I have to upgrade the hardware level of a bunch of vms before cbt will start working? :(
ReplyDeleteany tips for upgrading the hardware level of many vms at once?
Hi Jason,
ReplyDeleteI had this problem before, this can be automated using Update Manager or PowerCli.
However I had some issues when upgrading version (losing IP configuration etc...) so we kept the process manual.
Note also that this process requires downtime, so we basically did those steps during the windows patching.
Hi FX Sir,
ReplyDeleteFound another way to do this...probably everyone already knows this. But blogged it for my reference.
http://dexterposh.blogspot.in/2014/06/tip-add-syntax-highlighting-for.html
Thanks man, nice tip!
ReplyDeleteLove what you got going on here. Question, my domain has like 30 dcs is there a way to make this query a list of dcs and unlock on each? currently we have to use a lock out tool and right click and unlock on each DC.
ReplyDeleteThanks Ryan for your comment!! Appreciated!
ReplyDeleteHum... is different domains ? if it's the same domain you shouldnt need to do this on your 30 DCs.
Or are you talking about a tool to locate where the lockout come from ?
No same domain. What happens is you unlock from main dc but sometimes it takes a while to replicate through all 30 sites. So the script would query all the DC's in the domain then you can input a username and it will hit each DC and unlock that user. Currently I use "Account Lockout Status", add users name and list all dc and status. then i have to click one by one to unlock.
ReplyDeleteAlright, I'm thinking to add a check box to apply to all DC.
ReplyDeleteWill add this to my todo list, can't say when I will have time.
i know how that is. Thank you!
ReplyDeleteBonjour Francois,
ReplyDeleteI have modified the script to also allow for a check if the account is disabled.
$buttonDisabledCheck_Click = {
# Get the Current text in $textbox1
$name = $textbox1.Text
# Search for this account in the current domain
$Searcher = [ADSISearcher]"(sAMAccountName=$Name)"
$Results = $Searcher.FindOne()
# Get the current date and time
$DateFormat = Get-Date -Format "yyyy/MM/dd-HH:mm:ss"
if ($Results -ne $null)
{
# If an Account is found do the following
# Here we check the property "AccountDisabled", if it is greater that 0
# this mean the account is Disabled
if ($Results.GetDirectoryEntry().InvokeGet('AccountDisabled'))
{
# Show the information in the ListBox
Load-ListBox `
-ListBox $listBox1 `
-Items "$DateFormat - $name - Account Disabled" `
-Append
}
else
{
# Show the information in the ListBox
Load-ListBox `
-ListBox $listBox1 `
-Items "$DateFormat - $name - Account NOT Disabled!" `
-Append
}
}
else
{
# Show the information in the ListBox
Load-ListBox `
-ListBox $listbox1 `
-Items "$DateFormat - $name - Account Not Found!" `
-Append
}
}#$buttonDisabledCheck_Click
Thought this might be helpful...
Regards
Steve
Bonjour Francois,
ReplyDeleteI was also thinking that it might be use full to show if the account is expired. Any thoughts?
Regards
Steve
Thanks for your comment Steve and for sharing your code!
ReplyDeleteI started to work on another version that should be out soon, I will include the property "Enabled"
Thanks again, appreciated!
Hi Steve,
ReplyDeleteAs mentioned in the previous comment, I started to work on a new version.
I can include the expiration date and if the account is expired.
Thanks for your feedback, let me know if anything else would be useful