Create an AD Drive for Specified Domain

Posted on April 16th, 2017

When you load the Active Directory Module, you get, by default, an Active Directory PSDrive for the current domain.   You can avoid the drive from loading by setting $Env:ADPS_LoadDefaultDrive = 0. When writing scripts to export and import AD delegations, connecting to this remote drive became important to me. Here is an example of the code I used:

Update to Dot Source Reminder with Search and Replace

Posted on April 2nd, 2017

“The pause doesn’t work for me”, said one of my team members about the pause function in my  Dot Source Reminder code.  We took some time to analyze why and found that his shell settings were different from mine.  Instead I decided to focus on whether the code executed inside the ISE.  Next was to update all the affected scripts.  Here is what I did:

A couple of notes.  I used the “here string” option for the search and replace text.   Next, I used the RegEx escape method to make sure that the replacement code would be properly interpreted.   The code above does a search and replace of all of scripts in z:\PowerShell, replacing the old text with the new.

Get MAC Address from IP Address

Posted on March 18th, 2017

I got a call last week from a member of one the other teams where I work.  He asked, “Do you have a script which will resolve a list of IP Addresses to MAC Addresses?” My answer was, “not yet”.  I did a search and found some very convoluted Pinvoke code. I wanted something easier.

When I automate a task, I begin with the manual steps for the task. To get a MAC address from an IP address, I ping the address, then look at the ARP cache. Get-MACFromIP.ps1 does the same thing,  using the inline script method to make the process run in parallel for speed.  It does not require any administrative rights to run, and is an advanced function.  A use example follows, others are in the code help:

I the use WMI ping method to enable name resolution and the return codes.  The script outputs the IP address, DNS Name (if it can be resolved), MAC address, and the verbose level ping reply.  Capture of the output of the ARP table is based on this post, by Joe Keohan.

Script Text

Open the PowerShell ISE (and other Programs) with Alternate Credentials

Posted on March 14th, 2017

RunAS for PowerShell is pretty easy. This opens the ISE:


Update GPOs with Newer Version

Posted on March 1st, 2017

If you use GPOs to enforce baselines, you may find that your enterprise is moving from version 1.1 to version 1.2 of a GPO.  Unfortunately for you, version 1.1 linked in a dozen places.  Wouldn’t you rather just you search for version 1.1 and replace it with version 1.2?  Use Update-GPOLinks.ps1 to do just that.  The script not only finds all the original links and updates them to the new version, it also keeps the link order.

Script Text

Get All GPOs Linked to an OU

Posted on March 1st, 2017

Get-AllGPOsLinkedToOU.ps1 returns a unique list of all GPO’s linked to an OU. You can also run a onelevel or subtree search to get a unique list of linked OUs at or below the selected OU. You are prompted for the domain, and navigate to desired OU.
Script Text

Reset GPO Cache

Posted on March 1st, 2017

This script deletes the locally stored copies of GPOs and forces a GPUPdate on a computer. Reset-GPOCache.ps1 works by a remote connection to the registry provider to get the path to the Group Policy\History folder, then deletes the files beneath that path. This ensures a fresh application of group polices.

Script Text

Get Resultant Set of Polices (RSOP) with User Selection

Posted on March 1st, 2017

The Get-GPResultantSetOfPolicy cmdlet in the GroupPolicy module of PowerShell has a parameter for a user name.  Often I have no idea who has logged onto the computer.  Get-RSOP.ps1 uses WMI to give you a pick list of users on the remote computer and then passes that to the user parameter of Get-GPResultantSetOfPolicy.

Script Text

Remove Active Directory Delegations

Posted on February 25th, 2017

Over time, Active Directory delegations tend to accumulate and drift from the standards in the enterprise.  Removing the delegations for a user or group can be slow, especially if you do it manually.  Microsoft has a good article about this process, but none of the methods I found did what I needed.  I wanted a script which could look at all or selected OUs in AD for a delegation, and then delete them all.

Remove-DelegatedOUPermissions.ps1 is an advanced function which can be used to report and remove assigned delegated permissions from OU objects and containers.  You can choose the domain and searchbase, and you can search for full name or partial matches.  For example, if you wanted to report on or delete the delegations for Site1PWAdmins and Site2PWAdmins, you could simply specify “PWAdmins”.  The search is case-insensitive, and you can search for more than one string by separating your search terms with a comma.

This function always creates a log file.  The default name is derived from the domain name, and the default location is the desktop.  The function requires the ActiveDirectory module, but unlike Set-ACL, it can be used to write permissions in another domain.  It supports WhatIf, and a confirmation is required before you commit changes.  Because it is an advanced function, you can use Get-Help for details about use.

Script Text

Get Downtime Using PowerShell

Posted on February 25th, 2017

I have been having problem with a computer with random reboots, and hanging on restart.  I wanted to know how long the computer had been unavailable.   I decided to use System Event ID 12 as the startup event for the purposes of my calculations.  The script takes these steps: 1) connect to the remote system and get the oldest event from the System Log.  Use this as the earliest start date for queries.  2) Collect all the startup events from user selected date.  3) For each startup event, collect the event immediately previous by record number.  4) Calculate the difference.

Get-DownTime.ps1 is the advanced function which gets the information.  It is the first function I have written which includes A Dot Source Reminder for Advanced Functions.

Script Text

