jonoble.com

Yesterday I was asked how you can find the locations of a list of computer objects in the Active Directory. Not an issue if all of your computers are in Computers, but we've got a structure of OUs that would put any ant colony to shame, so it's a valid question.

My answer was as follows:

Put your list of machines in a file (c:\temp\machine.txt - one computer name per line) and depending on where you’re going to run this it’s a bit different. If you were on a Server 2008 R2 server which has the Active Directory cmdlets, then you need to do:

Get-Content c:\temp\machine.txt | Foreach-Object{
Get-ADComputer $_
} | Select-Object name,@{
name="ou";expression={
$_.distinguishedname.substring($_.name.length+4)
}
} | Format-Table -AutoSize

If not, I would suggest installing the AD cmdlets from Quest (http://www.quest.com/powershell/activeroles-server.aspx) and doing this:

Get-Content c:\temp\machine.txt | Foreach-Object{
Get-QADComputer $_
} | Select-Object name,parentcontainer | Format-Table –AutoSize

...

I'm just outputting to a table because I wasn't told how the output was going to be used. You could use Export-Csv instead to pop it in a file. I should also point out that each of those examples works as a single line of code. I've just put it on different rows to stop my blog wrapping it in a confusing place - they're actually pretty easy to read as a single line.

Now those are the ways that I would do it, but if you have to do something without the Microsoft or Quest AD cmdlets (if your environment is really locked down), all is not lost. This should work anywhere in your domain you can run PowerShell:

$ds = New-Object DirectoryServices.DirectorySearcher
$ds.SearchRoot="LDAP://DC=yourdomain,DC=com"
Get-Content c:\temp\machine.txt | Foreach-Object{
$ds.Filter="(&(objectclass=computer)(name=$_))"
$ds.FindOne() | Select-Object path
} 

One of the most common issues when buidling computers with Windows Deployment Services (WDS, and RIS before that) are typos in the GUIDs used to net-boot the PCs. When you're entering them by hand as you pre-stage the computer objects in Active Directory it's very easy to make mistakes, especially when you're entering a lot of them. It's also extremely time consuming if you have to boot each machine to the point of PXE displaying the MAC and GUID - that's why the smart move is to request that information from the supplier, preferably before they deliver the machines.

Anyone who has pre-staged a computer object before will be aware of the jiggery-pokery that goes on with switching round the first half of the GUID, so that when you view it later in ADUC, you see something significantly different to what you typed in. It appear that this conversion is done by the GUI when you create the object, so when you're adding them programatically, you need to change the format yourself.

Microsoft published a VBScript function to reformat the GUIDs so they could be added to AD by a script, but I haven't seen similar in PowerShell, so here it is:

function flip-guid ([string]$g) {
    $g = $g.replace("-","").replace(" ","")
    -join $g.substring(0,16).tochararray()[6,7,4,5,2,3,0,1,10,11,8,9,14,15,12,13] + $g.substring(16,16)
}

The function takes the GUID as a string and first removes any dashes or spaces (since I've received them from suppliers with both at different times). Next it converts the first half into an array of characters, selects them back in the new order and uses the join operator to make them back into a string, to which it concatenates the second half, unchanged from the original. As with most things in PowerShell it could be reduced down to a single line, or expanded further to enhance readability.

So, given the ability now to change the format, I use Quest's AD cmdlets (if you haven't come across these before, take a look now!) to create the computer objects. Assuming that you have a CSV file containing the new PC's name and GUID, just do this...

Import-Csv newpcs.csv | foreach {
   New-QADComputer $_.name -ParentContainer "SomeOU" -ObjectAttributes @{netbootguid = ([guid](flip-guid $_.guid)).ToByteArray()}
} 

That'll leave you with a load of new computer objects ready for WDS. :-)

NB. It's likely that the code snippets above have been wrapped to fit the page layout. In the function there are only two lines - everything from "-join" to the end is the same line. In the foreach scriptblock that's just a single line.

I was asked, rather tentatively, if I could setup 300 user accounts in the Active Directory for a project. I say tentatively because the person doing the asking thought that it would probably take me a day, or all week, or something. So this is how I actually did it with PowerShell in 30 seconds flat:

1..300 | ForEach-Object{
New-QADUser -Name $("user{0:0000}" -f $_) -ParentContainer "OU=Test Users,DC=domain,DC=com" -UserPassword "Abcd12234!"
}

I'm using a range there to give me 1 to 300, then for each of those, I'm using Quest's NewQADUser cmdlet to create a user with the name $("user{0:0000}" -f $_) - which is odd, but I'll step through it...

It's enclosed in $(), which is a subparse control - it tells the parser to do whatever's in the parentheses first. So what's in the parentheses? Well that's just a .Net formatting syntax. It has "user" in the string, so these user names are going to start "user", then {0:0000}. The 0: says it's a numerical syntax, then 0000 says it has four positions, for the item to the right of the formatting operator (-f), which is the item currently on the pipeline ($_). So while the number range is passing 1 down the pipeline, we'll get 0001, and when it is passing 300, we'll get 0300. That is to say that we'll get "user0001" to "user0300".

If that formatting stuff doesn't make a lot of sense, this might help:

1..3 | ForEach-Object{"{0:00}" -f $_}

would give you

01
02
03

If you were talking about financial values (in GBP), you might want to do

1..3 | ForEach-Object{"£{0:0.00}" -f $_}

which gives

£1.00
£2.00
£3.00

or say you have a large number that you want to put commas in to make it more readable, and limit to 2 decimal places, you could use

"{0:0,000,000,000.00}" -f 1234567890.12345

which returns

1,234,567,890.12

I hope that helps understand the syntax a bit better.

Incidentally, I know I've talked about using Quest's Active Directory cmdlets before, but I think it's worth repeating until everyone knows about them (even though the forthcoming release of Server 2008 R2 has its own set of native AD cmdlets).

VBUG Newcastle's first IT Pro event on Tuesday night was certainly a positive start, and one of my most enjoyable presentations. I promised to post links to the tools that I covered, so here they are, along with an overview and some things that I didn't get to in the presentation, which are good resources for people getting started with PowerShell...

In the first half of the session I did an overview of the PowerShell language, starting with the four cmdlets that let you discover what you can do with the shell and objects: Get-Help, Get-Command, Get-PSDrive and Get-Member. We then covered variables, arrays, objects and the pipeline, filtering and how to use the -whatif and -confirm parameters to save yourself from accidentally breaking things!

After a break for refreshments, I talked about and demoed a selection of free tools that can help you get up to speed and work better with PowerShell...

Free Tools

Help/Reference

• TechNet Script Center's PowerShell Graphical Help which contains more than Get-Help and is nicer to browse.
• Sapien's iPowerShell provides a handy copy of the PowerShell built-in help on iPhone and iPod Touch.

Cmdlets/Snapins/Extentions

• /\/\o\/\/'s PowerTab is tab-completion on steriods!
• Quest's PowerShell Commands for Active Directory provides cmdlets for managing AD objects.
• SDM Software's GPMC PowerShell Cmdlets let you work with Group Policy objects as long as you don't way to alter the internals of a GPO (they have a paid verison for that) - the free cmdlets let you copy/link/backup/etc.
• In the words of the Codeplex description: PowerShell Community Extensions (PSCX) is aimed at providing a widely useful set of additional cmdlets, providers, aliases, filters, functions and scripts for Windows PowerShell that members of the community have expressed interest in.

To build rich UIs with PowerShell

• Sapien's Primal Forms is a wysiwig editor for building a Windows Forms application with PowerShell. Primal Forms does all the code for the GUI and you add in your code to add the functionality.
• Joel Bennet's PowerBoots is a neat framework for creating Windows Presentation Foundation apps.
• PowerShellASP lets you include PowerShell code in your existing ASP.NET applications.

The biggest recommendation of the evening was to download and try Quest's PowerGUI, for both the main application, which can help you build PowerShell code by using the GUI, and for the script editor, which is great considering it's free. You should check out the additional PowerGUI Power Packs and forums at PowerGUI.org too.

Other Resources

I particularly encourage people to check out PowerShell.com, for the forums, Tobias' excellent daily email tips, a quick link (labeled "Live Chat") to the #powershell IRC channel on freenode.net (a great place to ask your PowerShell questions), and more.

In addition, it's worth looking at:

• PowerShellCommunity.org
• TechNet Script Center's PowerShell Scripting Hub
• The PowerShell code repository at poshcode.org
• The PowerShell Team Blog
• The PowerScripting and Get-Scripting podcasts
• Microsoft's official PowerShell newsgroup

If you're on Twitter, you can find lots of folk from the PowerShell community listed at mindofroot.com and on TweeterTags.com (where you can add the PowerShell tag to your Twitter account).