Monday, 29 December 2008

Get-Scripting Podcast Episode 6 - (Ben Pearce - Microsoft Premier Field Engineer)

This is Episode 6 of the Get-Scripting podcast. Tune in to listen to us talk and interview people about Powershell.

Download it here, subscribe in iTunes or via a different feed reader.


Ways to learn Powershell - Part 6
  1. Powershell TFM book 2nd edition.
  2. Powershell releated blogs we read


Ben Pearce's blog

Ben's 6 tips for learning Powershell:

#1 - Don't use cmd.exe anymore
#2 - Ed Wilson's Powershell Step-by-step book
#3 - Scripting Guy's Powershell Week
#4 - Beginner's Guide to WMI
#5 - Powershell Cheat Sheet
#6 - Channel 9 quick start

Eureka Script:

Add custom fields to VI client

Christmas scripts:
write-host ("Christmas Day in " + ( (get-date -date 25/12/2008) - (get-date)).TotalDays.tostring('0') + " Days")
write-host ("Christmas Day in " + ( (get-date -date 25/12/2008) - (get-date)).TotalMinutes.tostring('0') + " Minutes")
write-host ("Christmas Day in " + ( (get-date -date 25/12/2008) - (get-date)).TotalSeconds.tostring('0') + " Seconds")


Win a signed copy of Jeff Hick's book 'Managing Active Directory With Windows Powershell' .

Fill in some of the speech bubbles in the picture below and send your entries to

get [dash] scripting [at] hotmail [dot] co [dot] uk


Send us feedback at

get [dash] scripting [at] hotmail [dot] co [dot] uk

or leave a comment here on the blog

Follow us on Twitter and join our Facebook Group

Get-Scripting Facebook Group

Extensive list of Powershell Twitterers

Tuesday, 2 December 2008

Episode 5 - Competition: Win a print copy of Jeff Hicks' Managing AD with Powershell book

In Episode 5 of the podcast we announced details of a competition to fill in some of the speech bubbles above the heads of community members from the Teched Powershell Panel Discussion photo.

Those nice people at Quest have given us a print copy of Jeffrey Hicks' recent book 'Managing Active Directory With Windows Powershell' to give away as a prize - they are also going to get Jeffrey to sign it too.

If you'd like to be in with a chance of winning simply send us some suggestions for what some of the panel members below might be thinking and the one we think is the best will get the book. We've got a few other freebies left over from Teched in the Get-Scripting prize cupboard so there should be a runners up prize too.

Send your entries to:

get [dash] scripting [at] hotmail [dot] co [dot] uk

We'll announce the winner in Episode 6 of the podcast which should be recorded mid-December.

Wednesday, 26 November 2008

Get-Scripting Podcast Episode 5 - (Dmitry Sotnikov - Quest AD cmdlets and PowerGUI)

Episode 5 of the Get-Scripting podcast. Tune in to listen to us talk and interview people about Powershell.

Download it here, subscribe in iTunes or via a different feed reader.


Alan's audit script.

TechEd Powershell Panel Discussion Video:

Download (High res - approx 900MB):

Or if you prefer not to crack your monitor / TV screen

Download (Low res):

A big thank you goes to for helping put this discussion panel together. We were joined by:

  • Ben Pearce - Microsoft
  • Richard Siddaway - Powershell MVP
  • Dmitry Sotnikov - Powershell MVP
  • James O'Neill - Microsoft
  • Tobias Weltner - Powershell MVP
  • Jeffrey Snover - Microsoft and Powershell Creator
  • MoW - Powershell MVP

Teched Powershell Community Dinner photos

Ways to learn Powershell - Part 5:

  1. Powershell TFM book 2nd edition.
  2. Course 6434 "Automating Windows Server 2008 Administration with Windows Powershell".

Course slides

Course demos


Dmitry's blog

Quest AD cmdlets

Full list of Microsoft's AD cmdlets



Fill in some of the speech bubbles in the picture below and send your entries to

get [dash] scripting [at] hotmail [dot] co [dot] uk

We will announce details of the prize(s) for the best entries ASAP.


Send us feedback at

get [dash] scripting [at] hotmail [dot] co [dot] uk

or leave a comment here on the blog

Follow us on Twitter

Get-Scripting Facebook Group

Wednesday, 5 November 2008

Get-Scripting Podcast Episode 4 - (TechEd EMEA Powershell Panel Discussion )

(aka...The one where we discover Jeffrey is a Kung-Fu master and a Kaiser Chiefs backing singer - ruby, ruby, ruby, ruby!)

Welcome to Episode 4 of the Get-Scripting podcast! Tune in to listen to us talk and interview people about Powershell.

Download it here, subscribe in iTunes or via a different feed reader.

This episode was recorded live on Tuesday 4th November at TechEd EMEA, Barcelona and features only the recorded Powershell Panel Discussion.

Please bear in mind that it was recorded in a large exhibition hall full of people, so there is a lot of background noise going on during the discussion - the content was so good I decided to get this out as I guess an 'out of band' episode and you never know I might even beat the Teched website for which it was also videoed.

A big thank you goes to for helping put this discussion panel together. We were joined by:

  • Ben Pearce - Microsoft
  • Richard Siddaway - Powershell MVP
  • Dmitry Sotnikov - Powershell MVP
  • James O'Neill - Microsoft
  • Tobias Weltner - Powershell MVP
  • Jeffrey Snover - Microsoft and Powershell Creator
  • Mow - Powershell MVP

Thanks for listening!

Update 8th November:

We managed to track down a photo on someone's blog.


Send us feedback at

get [dash] scripting [at] hotmail [dot] co [dot] uk

or leave a comment here on the blog

Follow us on Twitter

Thursday, 30 October 2008

Get-Scripting Podcast Episode 3 - (Richard Siddaway - Powershell MVP)

Welcome to Episode 3 of the Get-Scripting podcast! Tune in to listen to us talk and interview people about Powershell.

Download it here, subscribe in iTunes or via a different feed reader.

In this episode we welcome long time friend of the show Alan Renouf as our new co-host - you can find out more about Alan via his blog:

Today's interview is with Richard Siddaway - Powershell MVP.

Blog note links:

Ways to learn Powershell:

Go to a Powershell Usergroup.


Richard Siddaway's Blog

Richard's book, Powershell in Practice

How to add SQL 2008 snappin into your own Powershell Profile

Make Powershell talk to you

$SpVoice = New-Object -Com "SAPI.spvoice"
Function Global:Say { $SpVoice.speak("$Args") | Out-Null }
Say "X"

(Thanks to Andrew Tearle for sending this in.)


Send us feedback at

get [dash] scripting [at] hotmail [dot] co [dot] uk

or leave a comment here on the blog

Follow us on Twitter

Monday, 27 October 2008

My stuff is moving......where and why

So with the imminent arrival of the new podcast co-host I decided it would make sense for me to split off my own posts and leave the Get-Scripting blog for the podcast only.

So you can now find my own postings over at:

and from now everything on here will be about the podcast.

Speaking of which we shall be recording Episode 3 tomorrow night Tue 28th Oct, so hopefully should have the show out by the end of this week.

Friday, 17 October 2008

70-113: TS: Windows® Server 2008 Active Directory, Configuring - Beta Exam

After seeing James' post about this exam I decided to give it a shot - given the fact that you have a pretty good chance of getting 3 free exam vouchers valid for any other MS test it seemed like a useful way to spend a couple of hours.

The interesting thing about this exam is the interactive lab sections. For a long time in some corners the MS exams have been looked down on for people's ability to pass them without having much experience of the products themselves. This was particularly so back in the NT4 days, although the situation seems to have improved a fair amount with the 2003 track.

Taking this forward MS seems keen to add a more interactive element to the exam, i.e. gearing it more to the use of the product, rather than just theory. This is obviously a good step since it should give the certification more credibility.

Having passed the upgrade for the MCSE 2003 back in March which includes a third on AD 2008, I decided to not spend too much time preparing for it, just a general refresh, so here's how it went. (Obviously I cannot reveal details of the exam, but I can give you a flavour of the experience)


There were two performance labs to complete and then a third section with the standard multiple choice type questions - each section had 60 minutes to complete it.

Problem #1

So I'm all geared to start the first lab and click the launch button to start it. It appears to be connecting to a virtual machine on the Internet, similar to the test labs available on the Technet website, but it fails to connect. So I try again, and again, and again...eventually give up after about the 10th time. I call in the exam moderator, show her the problem and she suggests I continue to the next section and leave comments about the problems.

Problem #2

So I continue to the next section, it warns me I can't go back and then presents the comments screen. I intend to leave some notes, but for some reason the keys I type don't match what appears on the screen! So I give up with that too.

Problem #3

So I'm now on Lab 2, hit start lab, it tries to connect and fails with the same 'lab not available' message as Lab 1. At this point I'm starting to think I've wasted my time, its not going to work, maybe even this machine doesn't have web access. Give it another couple of tries, still nothing. Just about to give up, one more try and it works - the lab begins, hurray! I've never been so pleased to start an exam. :-)

(I guess that's why it's a beta exam)

The lab works as smoothly as you would expect connecting to a VM over the Internet. You are presented with a set of tasks which you can complete in any order during the time limit - this is useful because if you get stuck on one you can just skip it and come back to it later.

The difficulty level ranged from the fairly basic to some where more advanced knowledge would be required, i.e. knowledge of command line tools - overall I felt it was a good mix.

Tip #1: If you get stuck, don't forget although there is no Internet access you do have access to Windows Help. :-)

Once complete, it was then on to the final section which was very familiar to the multiple choice style of exam if you have taken MS exams before.

Funnily enough I felt I did a lot better on the interactive section than the multi-choice questions and this has left me with the opinion that this is definately a good route for the exam style to take since it tests your ability to use the product, rather than just memorising factual information.

Overall, I'm pleased the exams are heading in this direction, they just need to iron out the issues connecting to the labs because you really wouldn't want the experience I had if you were taking the exam for real.

Sunday, 12 October 2008

Episode 2 - Competition

In Episode 2 of the Podcast those great guys at Specops gave me a couple of the below magic pens to give away. Not only are they a nice pen, but they also contain a 1GB USB drive and a laser pointer.

So if you want to win one all you have to do is send in your favourite Powershell cmdlet and why. We'll pick the best couple and announce the winners (x2) in Episode 3 (recording towards the end of Oct). We've had a few entries so far, but there's still time to send yours in. Send them to

get [dash] scripting [at] hotmail [dot] co [dot] uk

Also, I'm pleased to say joining us from the next episode will be a regular new co-host to beef up the Powershell knowledge on the show. He's UK based and is a well known member of the Powershell community through his forum postings and blog. If you want to take a guess at who it is then send an email to the usual address before the next show and we'll draw any correct entries out of a hat and dig something out of the Get-Scripting prize cupboard for you.

Clue 1: He has quite an interest in VMware.

get [dash] scripting [at] hotmail [dot] co [dot] uk

Wednesday, 8 October 2008

Powershell UK User Group November Meeting

Richard has confirmed details of the next Powershell UK User Group Meeting.

Date: Thursday 20th November
Time: 6.30 - 9.30pm
Location: Memphis Room, Building 3, Microsoft Campus, Thames Valley Park, Reading


Powershell Introduction: Objects and get-member
PowerGUI SQL Server Reporting Services powerpack
Powershell in SQL Server 2008

If you want to attend please send an email to so that you can have a badge waiting for you on arrival.

These are always great events and are well worth attending for anyone with an interest in Powershell (or even SQL this time!). There'll be free pizza too. :-)

Tuesday, 7 October 2008 was the first time that we met.

I just found out I won I competition I entered, run by Technet Plus subscription, for a place at tech.ed in Barcelona next month! This is so exciting!

I keep re-reading the email because I can't quite believe that I won!

I'm going to be able to get such great material for the podcast........

The only thing is I think on my budget (i.e. the reason I had no chance of going in the first place) I'll have to hitch-hike my way there and stay at the YMCA, but who cares. :-)

Wednesday, 1 October 2008

Specops Remote Admin CTP

So I recently saw a demo of Specops Remote Admin CTP, an update on the very popular GPUpdate tool, which is now based around Powershell. I was particularly excited by it because they have taken a similar approach to the Exchange 2007 team , i.e. build the GUI tool on top of Powershell cmdlets and show in the tool the Powershell commands which are running to complete your GUI actions. This approach is great because it gets people interested in Powershell and shows them how simple it is to be very effective with it.

There are two flavours, GPUpdate 2.0 and Remote Admin. GPUpdate is free, Remote Admin is currently CTP and will be chargeable on full release.

The Setup Assistant gets you up and running by checking if you meet the system requirements and installing them for you if you don't have them. Basically you need .Net 3.5, Powershell and register a Display Specifier in AD.

Once installed, within ADUC right-click a computer and you will see Specops Remote Admin.

Choosing Specops Remote Admin displays a list of the tools you can use.

Selecting one of the tools shows the available options you can execute or schedule and best of all it shows the Powershell code which is running the command!

Of course you can use all of these tools from the command line. First you need to add the Specops snapins to your profile.

add-pssnapin Specopssoft.GpUpdate
add-pssnapin Specopssoft.Adx

Then you can find the commands available to you from Specops.

So, say you want to get all the machines in a particular OU to check in with the WSUS server, its as simple as:

Try it out for yourselves here. You can also listen to Thorbjörn Sjövold CTO of Special Operations Software talk about the tool in Episode 2 of the Get-Scripting Podcast.

Tuesday, 23 September 2008

Get-Scripting Podcast Episode 2 - (If you don't learn Powershell, tomorrow you'll be serving fries in McDonalds)

Welcome to Episode 2 of the Get-Scripting podcast! Tune in to listen to us talk and interview people about Powershell.

Download it here, subscribe in iTunes or via a different feed reader.

In this episode we have an interview with Thorbjörn Sjövold CTO of Special Operations Software.

Blog note links:

Ways to learn Powershell:

Windows Powershell Cookbook - Lee Holmes.

Powerscripting Podcast - Check out their back catalogue if you are new to Powershell, there is a lot of great content for you. Recent interviews include Jeffery Snover, Jeffery Hicks......upcoming is an interview with Don Jones and Greg Shields.


Special Operations Software

New version of Gpupdate based on Powershell

Specops Command - Powershell remoting through Group Policy

Other Specops products we talked about

Scandinavian Powershell Usergroup

Favourite cmdlets


Eureka Scripts

Jon Noble - Setting AD logon hours in Powershell, or "How to disable an AD user account and still allow delivery to the Exchange mailbox"

Dmitry Sotnikov - Setting Demo AD environments

Favourite Cmdlets

Send us what your favourite cmdlet is and why, and we'll enter you into the prize draw for Specops USB Pens and Mug.

get [dash] scripting [at] hotmail [dot] co [dot] uk


Send us feedback at

get [dash] scripting [at] hotmail [dot] co [dot] uk

or leave a comment here on the blog

Wednesday, 10 September 2008

Exchange 2003, WMI, AD and Powershell - Part 5 (Querying AD for Exchange 2003 Information)

In previous posts in this series we have looked in particular at some of the Exchange 2003 WMI classes. So far this has required manual specification of which Exchange server you want to retrieve info from; wouldn't it be nice if you could use Powershell to find all the Exchange 2003 servers in your environment then run the WMI query against the results? Fortunately for us Exchange 2003 stores a lot of configuration information in Active Directory so we can query AD to retrieve what we need. There is a great article here which details how you can do this. We do the following:

Create a new directory object using .Net for the current AD domain.

$root= New-Object System.DirectoryServices.DirectoryEntry("LDAP://RootDSE")

Use ADSI to get the configuration partition of AD.

$cfgNC = [adsi]("LDAP://" + $root.Get("configurationNamingContext"))

Create a directory search object

$search = New-Object System.DirectoryServices.DirectorySearcher($cfgNC)

Filter on the Exchange Server object class - the below image should help illustrate what we are doing here. (other classes you can search on can be found here)

$search.filter = '(objectclass=msExchExchangeServer)'

Use the FindAll method to execute the search.

$ExchServer = $search.FindAll()

Finally, return the names of all the results.

$ExchServer | foreach {$}

Which in the example from the screenshot would produce a result:


You can now combine this with any of the previous WMI scripts to run them against all the Exchange servers in your environment, e.g. for Top 10 largest mailboxes on each server:

$root= New-Object System.DirectoryServices.DirectoryEntry("LDAP://RootDSE")
$cfgNC = [adsi]("LDAP://" + $root.Get("configurationNamingContext"))
$search = New-Object System.DirectoryServices.DirectorySearcher($cfgNC)
$search.filter = '(objectclass=msExchExchangeServer)'
$ExchServer = $search.FindAll()

foreach ($server in $ExchServer)
$ExchangeServers = $ExchangeServers + $ExchServer | foreach {$}
foreach ($computer in $ExchangeServers) {
Get-Wmiobject -namespace root\MicrosoftExchangeV2 -class Exchange_Mailbox -computer $computer | sort-object Size -Descending | select-object -First 10 MailboxDisplayName,Servername,StorageGroupName,StoreName,Size}

Wednesday, 3 September 2008

IKEA, Bjorn Borg, Henrik Larsson, Powershell.........the Get-Scripting Podcast heads to Sweden.

In the interests of audio quality (ok so they have invited me over and are funding the trip) I'll be interviewing the great guys at Special Operations Software in person in Stockholm for Episode 2 of the podcast. If there's anything you always wanted to ask them then let me know.

Coinciding with the visit they are helping to run a Powershell event at Microsoft in Sweden. This will be a great event to attend if you are in the area and / or able to make it there since Richard Siddaway from the UK Powershell user group will be presenting the event.

In case you can't speak Swedish, in the morning is an official Technet event (sign up here) and in the afternoon is the inaugural meeting of the Swedish / Nordic Powershell usergroup.

Update 10/09/08: the Scandanavian Powershell Usergroup now has a website!

Since I'll be in town for the interview I'll be tagging along to the event, hopefully I might bump into some of the listeners to the podcast there - if you are going please say hello if you see me. I'll be the other English guy there who isn't at the front of the room. :-)

Wednesday, 27 August 2008

Get-Scripting Podcast Episode 1

Welcome to Episode 1 of the Get-Scripting podcast! Tune in to listen to us talk and interview people about Powershell.

Download it here , subscribe in iTunes or via a different feed reader.

In this epsiode we have part 2 of an interview with James O'Neill from Microsoft - we talk about Cmdlets v Providers, V2 CTP and the Powershell Community.

Blog note links:

Ways to learn Powershell:

Powershell Step by Step - Ed Wilson is available as a free eBook. (Look on the Special Offers tab)


Update 29/08: A helpful listener Brad Bruce has pointed out the above link no longer has the ebook available. I checked it out and he is correct. :-( It was there last week when I prepared the show and has been for around the last year, unfortunately I never got round to downloading it myself - if anyone has it can they please get in contact and I can then pass it around to anyone who wants it.

Maybe they removed it because so many people tried to get it after listening to the podcast!


2008 Scripting Games


James O'Neill's blog

OCS Powerpack for Powergui. Authors blog

Eureka Scripts

Check Active Directory Latency - Brandon Shell

Exporting Virtual Infrastructure Information to MS Word - Alan Renouf

Selling Powershell to IS Management

Don Jones / Jeffrey Snover video

Powershell Event / Usergroup in Sweden

Sign up here

Richard's Blog post about it

Send us feedback at

get [dash] scripting [at] hotmail [dot] co [dot] uk

or leave a comment here on the blog

Tuesday, 26 August 2008

Exchange 2003, WMI and Powershell - Part 4.5 (Counting Users in Storage Groups and Mailbox Stores)

OK, so this wasn't going to be in the original series I was writing, but an issue came up at work where I needed to quickly find the total number of users in each Storage Group.

Naturally I turned to Powershell for the solution.

Just supply the names of the Storage Groups in a text file, use Powershell to open the text file and for each of the Storage Groups use the Exchange_Mailbox class and filter on the Storage Group name. Use the feature .count to just return the number of users rather than any properties and write to the screen the result.

$StorageGroups = Get-Content c:\Scripts\StorageGroups.txt
foreach ($SG in $StorageGroups){
$Total = (Get-Wmiobject -namespace root\MicrosoftExchangeV2 -class Exchange_Mailbox -computer ExchangeServerName -filter "StorageGroupName = '$SG'").count
Write-Host $SG ":" $Total "users"

Which produces something along the lines of:

Storage Group 01 : 152 users
Storage Group 02 : 373 users
Storage Group 03 : 259 users
Storage Group 04 : 220 users

Taking this one step futher you can drill down into the Mailbox Stores with similar code (this time with the names of the Mailbox Stores in a text file) and find how many users on each store:

$MailboxStores = Get-Content c:\Scripts\MailboxStores.txt
foreach ($Store in $MailboxStores){
$Total = (Get-Wmiobject -namespace root\MicrosoftExchangeV2 -class Exchange_Mailbox -computer ExchangeServerName -filter "Storename = '$Store'").count
Write-Host $Store ":" $Total "users"

Which gives you the result:

Mailbox Store 01 : 23 users
Mailbox Store 02 : 32 users
Mailbox Store 03 : 41 users
Mailbox Store 04 : 30 users
Mailbox Store 05 : 26 users
Mailbox Store 06 : 39 users

Friday, 8 August 2008

Exchange 2003, WMI and Powershell - Part 4 (Disconnected Mailboxes)

In parts 1 , 2 , 3 we looked at retrieving mailbox information from Exchange 2003 using WMI and Powershell.

In part 4 we're going to take another look at this topic area for something slightly more advanced - how to get a list of all mailboxes which have been deleted, but are still in the time frame for 'Keep Deleted Mailboxes for: x days'.

A typical scenario might be a mailbox has been deleted incorrectly and you need to re-connect it to an AD account; however, since the AD account has gone, how do you know which Mailbox Store was the home for the mailbox?

In the Exchange management GUI you would need to browse through each mailbox store looking for mailboxes marked with the red cross. Not too bad a job if you only have one mailbox store, but if that number is in the 10's of Mailbox Stores then its a pretty tedious task.

Step forward Powershell!

Again use the Exchange_Mailbox class and this time look for the DateDiscoveredAbsentInDS value. This value gets populated after the mailbox has been marked for deletion. We look for a value which begins with "2", i.e. the mailbox has been deleted sometime after the year 2000 (there may be a better way to do this), and return info about each mailbox in this state, including the Servername and Mailbox Store Name so that you can easily track the mailbox down.

Get-Wmiobject -namespace root\MicrosoftExchangeV2 -class Exchange_Mailbox -computer ExchangeServerName | where { $_.DateDiscoveredAbsentInDS -like '2*' } | sort-object MailboxDisplayName | ft MailboxDisplayName,ServerName,StorageGroupName,StoreName,Size,DateDiscoveredAbsentInDS

Update 12/08/08:

Thanks to Shay Levy who has come back with a better way to do this!

"Using a -filter parameter which makes your query run on the server and return only the relevant mailbox objects". You should find that this significantly improves the speed of the query. Check the comments for this post for full details.

Get-Wmiobject -namespace root\MicrosoftExchangeV2 -class Exchange_Mailbox -computer ExchangeServerName -filter "DateDiscoveredAbsentInDS is not null" | sort-object MailboxDisplayName | ft MailboxDisplayName,ServerName,StorageGroupName,StoreName,Size

Get-Scripting Podcast - how frequent?

A few people have asked "how often we are going to release new episodes of the podcast"?

We hope to record one every month, so all being well look for Episode 1 in the week beginning Monday 25th August.........

Tuesday, 29 July 2008

Get-Scripting Podcast Pilot Episode

Welcome to the pilot episode of the Get-Scripting podcast! Tune in to listen to us talk and interview people about Powershell.

Download it here , subscribe in iTunes or via a different feed reader.

In the first epsiode we have part 1 of an interview with James O'Neill from Microsoft - we talk about Powershell, and in particular the work he has done with Hyper-V.

(It's a pilot OK, so bear with us as we get to grips with things like editing and publishing podcasts :-) )

Blog note links:

Ways to learn Powershell:

Download Powershell

Powershell Getting Started Guide


James O'Neill's blog

Hyper-V functions on Codeplex

Send us feedback at

get [dash] scripting [at] hotmail [dot] co [dot] uk

or leave a comment here on the blog

Friday, 25 July 2008

Exchange 2003, WMI and Powershell - Part 3 (Mailboxes Over 2GB)

In parts 1 and 2 we looked at retrieving mailbox information from Exchange 2003 using WMI and Powershell.

In part 3 we're going to take another look at this topic area for another potential common request along the lines of 'can you give me a list of all mailboxes over 2GB?'

Again we use the MicrosoftExchangeV2 WMI namespace and the Exchange_Mailbox class and this time use the where-object cmdlet to only return results where the size of the mailbox is greater than 2GB - obviously you can change this value to your own needs. (Note: the value is specified in KB)

Once again very simple to achieve a really effective result.

Get-Wmiobject -namespace root\MicrosoftExchangeV2 -class Exchange_Mailbox -computer ExchangeServerName | where-object { $_.Size -gt 2097152 } | sort-object MailboxDisplayName}

Thursday, 24 July 2008

Exchange 2003, WMI and Powershell - Part 2 (Top 10 Largest Mailboxes Per Server)

In part 1 I looked at how to retrieve mailbox information from Exchange 2003 using WMI and Powershell.

Taking this on one step further along the lines of your manager asks for a list of the biggest Exchange mailboxes, we can use a similar command to get the mailbox info, sort the list by size and then use the -First parameter of the Select-Object cmdlet to bring back only the top 10 say.

Its as easy as that. Of course you could then output the data to a csv file using an additional pipeline so that the info is easy to forward on.

Get-Wmiobject -namespace root\MicrosoftExchangeV2 -class Exchange_Mailbox -computer ExchangeServerName | sort-object Size -Descending | select-object -First 10 MailboxDisplayName,Servername,StorageGroupName,StoreName,Size | export-csv c:\scripts\top10.csv

Tuesday, 22 July 2008

Exchange 2003, WMI and Powershell - Part 1 (Get Mailbox Info)

OK, so I had some fun making a Powergui Powerpack for Exchange 2003, but its probably about time I wrote about how to do this natively in Powershell.

There is a lot of information you can get out of Exchange 2003 using WMI. Yikes, you might say if you previously thought about doing that with VBScript; however, with Powershell its easy!

We simply use the Get-WMIObject cmdlet, use the ExchangeV2 namespace and Exchange_Mailbox class and connect to the Exchange Server in question.

(You can find all about the Exchange_Mailbox class over on MSDN. Sysadmins amongst you might think MSDN is only for developers, but the Exchange WMI pages are pretty straightforward and all contain a very nice example in VBScript where you can figure most stuff out which is available to you.)

This will return you all the mailbox objects on that server. We then use some basic sorting and selecting to present the info nicely.

Get-WMIObject -namespace root\MicrosoftExchangeV2 -class Exchange_Mailbox -computer ExchangeServerName | sort-object MailboxDisplayName | format-table MailboxDisplayName,Servername,StorageGroupName,StoreName,Size

Thursday, 17 July 2008

Checking AD replication latency with Powershell

Having suffered from some AD replication issues in the past (the dreaded lingering objects), its been at the back of my mind on how to keep an eye on replication between all the DC's.

Also a frequent question from the helpdesk goes along the lines of they've made a change to somebody's AD account and how long is it going to be before that change will make it around to all of the DC's? In the past I've kind of stuck my finger in the air and given an approximate time based on replication intervals in the site links.

So how about some Powershell which checks AD replication latency for you (and at the same time confirms all DC's are replicating) so you can give a more precise figure on how long it takes for a change to replicate the whole way around?

Brandon at the BSonPosh blog has a frankly brilliant post with a script you can run which creates a temporary contact in AD, then polls each DC until it appears, records the time taken and finally removes the test contact.

For me this was a Snover moment (i.e. the top of my head exploded!), this is so useful for me its unreal, and possibly the best bit: my finger in the air estimate was pretty darn close. :-)

Thursday, 26 June 2008

PowerGUI / Exchange 2003

I've used the PowerGUI script editor as my editor of choice ever since I started using Powershell, but I never really got the PowerGUI thing.

Recently at the UK Powershell User Group we had the brilliant opportunity to visit Quest in the UK and be presented to by Dmitry Sotnikov about PowerGUI and the AD cmdlets. Before going I figured I'd better get to grips with PowerGUI so spent some time watching the online tutorial videos and started playing around with it.

Doing this combined with what I picked up from the Quest visit it started to dawn on me how useful this could be. It had frustrated me for a while that although there is great support for Powershell in Exchange 2007 there wasn't anything native for Exchange 2003, which is what we use in our environment.; so I thought why not try and make a PowerGUI powerpack for it.

There's a fair bit on the web about using WMI to manage Exchange 2003, in particular a very helpful article from Dmitry.

So with a little bit of playing I have posted version 0.1 to the PowerGUI powerpack library. With a bit of work I think it could be improved a lot (I have no actions or links yet, just script nodes), but I'd be interested in any feedback so leave me a comment if you've used it. I know there's a lot of uptake with Exchange 2007 now, but I'm sure there's plenty of 2003 sites still out there.

Even while putting the powerpack together I discovered things I could manage with Powershell so easily which would be really tricky to do through the Exchange Management GUI - my favourite is Get-DisconnectedMailboxes.

Quite often I need to find mailboxes which have had the AD account deleted and are waiting to expire from Exchange - not easy to do when the AD record has gone so you don't know which database they were on (we have over Exchang
e 40 databases). With the below Powershell WMI script it is dead easy to get a list of all disconnected mailboxes and which database they are in by using the DataDiscoveredAbsentInDS property:

Get-Wmiobject -namespace root\MicrosoftExchangeV2 -class Exchange_Mailbox -computer $computer | where { $_.DateDiscoveredAbsentInDS -like '2*' } | sort-object MailboxDisplayName | select-object MailboxDisplayName,Servername,StorageGroupName,StoreName,Size,DateDiscoveredAbsentInDS}

PowerGUI then displays the results in a really nice view!

I think I'll be using PowerGUI a lot from now on...........

Monday, 16 June 2008

HP Lights-Out Authentication With Active Directory

OK, so its not exactly scripting, but I just spent a bunch of time getting this working in our lab environment before a production rollout. Hit a number of not very obvious gotchas so thought I would put the information out there to assist anyone else trying to get the same thing working.

If you're not familiar with it then the HP Lights-Out management processor is typically a built-in (it used to be a seperate PCI card) component in Proliant servers which enables remote management of the physical machine independent of the OS. For instance, you can effectively access the power button or the console of the machine on a server in a remote office which has become unresponsive. Full details here. The feature which usually impresses people the most is the ability to view the console as the machine is booting up - remember those times when you rebooted a remote server and it didn't come back up because it was waiting for an F1 key press which you couldn't press!

We are looking at deploying this to all of our AD DC's, which are typically the only server at branch offices and can involve long and costly trips for engineers should the server need maintenance. One requirement we have for the project is auditing and accountability, i.e. if an engineer has used the tool to power off a DC we may need to know who did it. Consequently we examined in the lab how to use the authentication that HP Lights-Out provides against Active Directory.

First of all here are the requirements for what you will need:

  • HP servers with iLo enabled management processors. For advanced features like Remote Control you need an advanced license which typically can be purchased for around £80 per machine.
  • LDAP directory, we're using Active Directory. You will need admin accounts which belong to a group which iLo can use.
  • ilo wants to authenticate over SSL so you will need to enable your Active Directory to respond to LDAP requests on SSL which it does not do by default. (detailed info to follow)
  • HP Directories Support management software - download from the Proilant driver page.
  • A brick wall to bash you head against when you try to figure out the (undocumented) format to specify the login name as.

Get the latest Proliant support pack (currently 8.0) onto your server, there are some OS iLo updates in there. Update iLo itself to the latest firmware release. Patch the iLo card into your network, give it a DNS name and network settings - Tip: make sure the DNS server settings are correct (obvious, but I had it incorrect which led to some headscratching later on)

Active Directory

Download and ingest the Integrating HP Proliant Lights-Out processors with Microsoft Active Directory guide. Note there is an option to extend your AD schema to get some extra features, this blog post is around the schema-free integration.

You will need to enable SSL over LDAP on your DC's. There's a KB which makes it look very simple and in the main it is. Two tips from the field:

  1. You may need to reboot a DC before it will pick up the certificate.
  2. Add the Domain Controllers group to the CERTSVC_DCOM_ACCESS group as detailed in this KB article.

HP Lights-Out Directories Migration Utility

Run this tool as per the ilo AD guide - note: maybe it's just me, but it is not intuitve at all, you should be able to figure it out though. Essentially it will configure most of the settings you need, its just not obvious what to put in there sometimes.

A key gotcha later on is the naming context so make sure you populate the Directory User Context with the path to where you admin accounts and the 'ilo-admins' group which contains them lie.

Directory testing

Login to iLo via the webpage at its configured IP address and the local iLo Administrator account (you may want to keep this as an emergency account if directory login is not working). Navigate to Administration, Security, Directory and you should see settings you specified during the migration utility. Check these settings are what you expect and then use the very useful Test Directory Settings link at the bottom.

Obviously, this will test all the settings you have input and tell you anything which is incorrect. The key point here is that you have to input a username and password to use for the testing, what it does not tell you is that it is expecting the username in the format of the DN, e.g. CN=test admin,OU=admin accounts,dc=testdomain,dc=com (of course this is not in the iLo AD guide!)

Once you have successfully passed all of the tests you can then logout and log back in with an AD admin account. If you have correctly populated your directory search context you can use either:

  • test admin (note the space) or
  • CN=test admin
otherwise you will have to specify the full path, i.e. CN=test admin,OU=admin accounts,dc=testdomain,dc=com .

Final note:

If you specify a search context of some newgroup posts alledge that you can then login as test.admin, i.e. the accountname , but I couldn't get this to work.

Monday, 9 June 2008

Do I need all the transaction log files Exchange creates? Part 2

Back in April I posted about what to do if the disk your Exchange transaction log files reside on runs out of space. This was all done through the eseutil utility.

If you are not comfortable with this tool or would simply prefer a GUI-based way to do it, its possible to acheive the same result through the Exchange Troubleshooting Assistant (2003 or 2007).

There is a great post here which documents how to do it.

Something tells me I may well need to use this again sometime in the future.......

Friday, 6 June 2008

Compare-Object gotcha

A while back I used Compare-Object to examine differences between two AD groups. Unsuccessfully. The results appeared to come back inconsistently with known matches showing incorrect, double-entries etc.

At that point I unfortunately ran out of time to look into it any further. However, I have just read a great post from Dimitry which probably explains why it happens.

Its to do with SyncWindow parameter - basically Powershell by default only looks at items + or - 5 elements away. You can use -
SyncWindow to extend this to what you need.

Tuesday, 3 June 2008

Powerscripting Podcast

Found this the other day - great resource for what's going on in the Powershell World. New episodes weekly which is excellent, I like regular content.

Available through iTunes as well which is v. handy, easier than manual download of MP3s.

Currently working through the back catalogue which has some great tips on learning Powershell.

Saturday, 17 May 2008

Storage VMotion Plugin for VI client

Got pointed in the direction of this at a VMWare seminar last week. Previous storage vmotion was only on the command line from a downloaded VM appliance.

The very nice guys at Lost Creations have developed a great GUI plugin for the same job.

Thanks guys!

Powershell on Server Core

So you thought you couldn't install Powershell on Windows Server 2008 Server Core install?

Don't think too soon, Dimitry has the answer for you!

This is unsupported, but great for a testing environment.

Tuesday, 6 May 2008

More on Password Policies

As touched on in the previous post, doing a lot of work with password policies at the minute.

Say you need to find the date all the members of a group last changed their password, below is all you need to do:

Get-QADGroupMember 'domainname\groupname' | Get-QADUser -IncludeAllProperties | ft displayname,pwdlastset

The pwdlastset parameter will (obviously) give you the time and date the password was last checked. It's pretty straightforward moving on from there to start doing things like finding which of these users' passwords will expire shortly.

Password Policy Details / Updated Quest AD Cmdlets

Quest have released an updated version (1.1.0) of their AD cmdlets.

Published as part of the update is the ability to find details of the default domain password policy, previously a little tricky to get hold of.

A simple:

Get-QADObject domainname/ | format-list *

exposes the information you can obtain.

We've been doing a lot of work recently with password policies and

(Get-QADObject domainname/).MaximumPasswordAge

makes some of this work now a snap!



Or even easier

(Get-QADRootDSE).Domain | Format-List Name, *Password*, *Lockout*

Name : springfield
MinimumPasswordAge : 7 days
MaximumPasswordAge : 90 days
PasswordHistoryLength : 10 passwords remembered
MinimumPasswordLength : 6 characters
LockoutDuration : 30 minutes
LockoutTreshold : 5 invalid logon attempts
ResetLockoutCounterAfter : 30 minutes

Thanks Mr Sotnikov!

Tuesday, 22 April 2008

Do I need all the transaction log files Exchange creates?

Excellent posting here about Exchange transaction log files, in particular what to do if your transaction logs disk fills up.

Kind of handy when you come back to work after a week and the log file disk is full. ;-)

The main point I got from it was the fact that you do not necessarily need all of the transaction logs for a storage group. So say if your disk has filled up with transaction logs you can run eseutil to find out which log files you actually need and move the rest to a temporary location. This should then buy you some time to run a backup to flush the rest out properly.

Monday, 7 April 2008

Disabling Outlook Web Access on AD accounts

A request came up asking, "If we need to could we disable Outlook Web Access for a particuar list of users?"

After some digging around and some great help from Shay Levy on the Powergui message board I was able to come up with the following:

Set-QADUser 'springfield\homer.simpson' -ObjectAttributes @{ProtocolSettings='HTTP§0§1§§§§§§'}

If you need to disable more than one of the options it would be

Set-QADUser 'springfield\homer.simpson' -ObjectAttributes @{ProtocolSettings='HTTP§0§1§§§§§§,IMAP40§1§§§§§'}

The options detailed on the 'Exchange Features' tab of an AD account are stored in the ProtocolSettings field. If you look at that field in Adsiedit, you will see which options have been disabled, if any. From there you can grab the HTTP,IMAP etc string that you need.

More info here:
Making bulk protocolSettings changes

Friday, 28 March 2008

Add Users to an AD group from a CSV file

So I had a text file containing data in the following format:

basically Novell usernames.

These accounts have equivalent usernames in Active Directory in the format




ie. everything after the first dot is removed.

The task is to open up the text file, convert the Novell usernames to the AD format and then add each user to a group. With a bit of help from a post of Richard Siddaway's (!43CFA46A74CF3E96!822.entry) the below script does the job.

(As usual the Quest AD cmdlets are required)

# Open the text file, split out each username at the first '.' and keep the first part of each split.
$users = Get-Content C:\Scripts\UserList.csv | %{$_.split(".")[0]}

# For each username get the user's AD DN and add the user to the specified group.
foreach ($a in $users)
Get-QADUser -Identity $a | Add-QADGroupMember -Identity 'domainname\groupname'

Monday, 24 March 2008

ADMT and Windows Server 2008

Need to migrate from 2003 to 2008 using ADMT 3.0? Looks like you might be able to do it before the 3.1 release which supports 2008. Some great info here:

Tuesday, 18 March 2008

VMware Powershell Cmdlets

These are going to be seriously useful.......

I've been trying them out with some basic Get-VM commands and it is so easy to get info out of your VM infrastructure.

Friday, 14 March 2008

Friday, 7 March 2008

Find Last Logon Date

This script will find the last logon date for a supplied user on each DC in your domain and output to a text file. You can then pull the text file say into Excel and sort on the date column to find when the user last logged in.

(You need the Quest AD cmdlets to run this one)

$DomainControllers = Get-QADComputer -computerrole domainController

foreach ($DC in $DomainControllers)

$a = Get-QADUser -Service $ 'domain\user'
$ +" " +$a.lastlogon | Out-File -Append C:\Scripts\LastLogon.txt

Tuesday, 19 February 2008

Send Welcome Email

Wouldn't it be nice to send your new users an email welcoming them to the company and providing them with some info about how things work. Anyway, I had a request to do this and since I don't think you can do it natively within Exchange 2003 I turned straight away to Powershell.

So, all you need to do is run a daily sceduled task which calls the below Powershell script. It finds the current and next days's dates, searches AD for users created between those dates (i.e. on the current day) and sends an email to the users it finds with the relevant info attached.

(Note: You need the Quest AD cmdlets installed unless you want to use ADSI for the AD search part.)

Doing the search by specifiying the exact date didn't seem to work very successfully. Digging around the Internet revealed the correct format to get the dates into and also searching between the two adjacent dates.

#Find today's and tomorrow's dates and store them in the 'yyyyMMdd}000000.0Z' format
$dayStart = "{0:yyyyMMdd}000000.0Z" -f (Get-Date)
$dayEnd = "{0:yyyyMMdd}000000.0Z" -f ((Get-Date).AddDays(1))

#Find AD users created between the two dates
$newuser = Get-QADUser -searchroot 'springfield.local/userou' -LdapFilter "(&(whenCreated>=$dayStart)(whenCreated<=$dayEnd))" -size 0

#Find the email address for each of the users and send a mail to them with the WelcomeTo.doc attachment
foreach ($address in $newuser)
$recipient = $address.mail
$sender = ""
$server = "smtpservername"
$file = "path to attachment"
$subject = "subject"
$body = "body text"
$msg = new-object System.Net.Mail.MailMessage $sender, $recipient, $subject, $body
$attachment = new-object System.Net.Mail.Attachment $file
$client = new-object System.Net.Mail.SmtpClient $server
$client.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials

Wednesday, 13 February 2008

Scripting Games 2008

Scripting Games 2008 - looking forward to it. Entering the Powershell Beginners divison which should be interesting!

Bye bye my vbscripts?

OK, so I've moved onto Powershell these days, but I thought I'd start my blog posting with one of my favourites. Its adapted from a great idea at and essentially makes the description field of your computer accounts dynamically populated.

Why might you want to do this you ask?

Well, have you ever needed to find a computer name easily without needing to get the user to find it out? This script if run at login will populate the description field of the computer account with: username, current AD site, make and model of machine, time logged in, e.g.

Joe Bloggs logged on in Paris using HP 6710b, 08:30.

Simply sort your computer accounts by the description column and hey presto easy to find the computer the user is logged into. Simple, but very effective.

I also used it to easily sort computers into separate OU's for laptops and desktops.

On Error Resume Next
Set objSysInfo = CreateObject("ADSystemInfo")

Set objUser = GetObject("LDAP://" & objSysInfo.UserName)
Set objComputer = GetObject("LDAP://" & objSysInfo.ComputerName)
objSitename = objSysInfo.SiteName

strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_ComputerSystem")

For Each objItem in colItems
strManufacturer = objItem.Manufacturer
strModel = objItem.Model

strMessage = objUser.CN & " logged on in " & objSitename & " using " & strManufacturer & ", " & strModel & " " & Now & "."

objComputer.Description = strMessage

(By the way you'll need to add the 'Write description' property on the OU(s) where your computer accounts reside to something like Authenticated Users.)