Welcome to the pilot episode of the Get-Scripting podcast! Tune in to listen to us talk and interview people about Powershell.
Download it here , subscribe in iTunes or via a different feed reader.
In the first epsiode we have part 1 of an interview with James O'Neill from Microsoft - we talk about Powershell, and in particular the work he has done with Hyper-V.
(It's a pilot OK, so bear with us as we get to grips with things like editing and publishing podcasts :-) )
Blog note links:
Ways to learn Powershell:
Download Powershell
Powershell Getting Started Guide
Interview
James O'Neill's blog
Hyper-V functions on Codeplex
Send us feedback at
get [dash] scripting [at] hotmail [dot] co [dot] uk
or leave a comment here on the blog
Tuesday, 29 July 2008
Friday, 25 July 2008
Exchange 2003, WMI and Powershell - Part 3 (Mailboxes Over 2GB)
In parts 1 and 2 we looked at retrieving mailbox information from Exchange 2003 using WMI and Powershell.
In part 3 we're going to take another look at this topic area for another potential common request along the lines of 'can you give me a list of all mailboxes over 2GB?'
Again we use the MicrosoftExchangeV2 WMI namespace and the Exchange_Mailbox class and this time use the where-object cmdlet to only return results where the size of the mailbox is greater than 2GB - obviously you can change this value to your own needs. (Note: the value is specified in KB)
Once again very simple to achieve a really effective result.
Get-Wmiobject -namespace root\MicrosoftExchangeV2 -class Exchange_Mailbox -computer ExchangeServerName | where-object { $_.Size -gt 2097152 } | sort-object MailboxDisplayName}
In part 3 we're going to take another look at this topic area for another potential common request along the lines of 'can you give me a list of all mailboxes over 2GB?'
Again we use the MicrosoftExchangeV2 WMI namespace and the Exchange_Mailbox class and this time use the where-object cmdlet to only return results where the size of the mailbox is greater than 2GB - obviously you can change this value to your own needs. (Note: the value is specified in KB)
Once again very simple to achieve a really effective result.
Get-Wmiobject -namespace root\MicrosoftExchangeV2 -class Exchange_Mailbox -computer ExchangeServerName | where-object { $_.Size -gt 2097152 } | sort-object MailboxDisplayName}
Thursday, 24 July 2008
Exchange 2003, WMI and Powershell - Part 2 (Top 10 Largest Mailboxes Per Server)
In part 1 I looked at how to retrieve mailbox information from Exchange 2003 using WMI and Powershell.
Taking this on one step further along the lines of your manager asks for a list of the biggest Exchange mailboxes, we can use a similar command to get the mailbox info, sort the list by size and then use the -First parameter of the Select-Object cmdlet to bring back only the top 10 say.
Its as easy as that. Of course you could then output the data to a csv file using an additional pipeline so that the info is easy to forward on.
Get-Wmiobject -namespace root\MicrosoftExchangeV2 -class Exchange_Mailbox -computer ExchangeServerName | sort-object Size -Descending | select-object -First 10 MailboxDisplayName,Servername,StorageGroupName,StoreName,Size | export-csv c:\scripts\top10.csv
Taking this on one step further along the lines of your manager asks for a list of the biggest Exchange mailboxes, we can use a similar command to get the mailbox info, sort the list by size and then use the -First parameter of the Select-Object cmdlet to bring back only the top 10 say.
Its as easy as that. Of course you could then output the data to a csv file using an additional pipeline so that the info is easy to forward on.
Get-Wmiobject -namespace root\MicrosoftExchangeV2 -class Exchange_Mailbox -computer ExchangeServerName | sort-object Size -Descending | select-object -First 10 MailboxDisplayName,Servername,StorageGroupName,StoreName,Size | export-csv c:\scripts\top10.csv
Tuesday, 22 July 2008
Exchange 2003, WMI and Powershell - Part 1 (Get Mailbox Info)
OK, so I had some fun making a Powergui Powerpack for Exchange 2003, but its probably about time I wrote about how to do this natively in Powershell.
There is a lot of information you can get out of Exchange 2003 using WMI. Yikes, you might say if you previously thought about doing that with VBScript; however, with Powershell its easy!
We simply use the Get-WMIObject cmdlet, use the ExchangeV2 namespace and Exchange_Mailbox class and connect to the Exchange Server in question.
(You can find all about the Exchange_Mailbox class over on MSDN. Sysadmins amongst you might think MSDN is only for developers, but the Exchange WMI pages are pretty straightforward and all contain a very nice example in VBScript where you can figure most stuff out which is available to you.)
This will return you all the mailbox objects on that server. We then use some basic sorting and selecting to present the info nicely.
Get-WMIObject -namespace root\MicrosoftExchangeV2 -class Exchange_Mailbox -computer ExchangeServerName | sort-object MailboxDisplayName | format-table MailboxDisplayName,Servername,StorageGroupName,StoreName,Size
There is a lot of information you can get out of Exchange 2003 using WMI. Yikes, you might say if you previously thought about doing that with VBScript; however, with Powershell its easy!
We simply use the Get-WMIObject cmdlet, use the ExchangeV2 namespace and Exchange_Mailbox class and connect to the Exchange Server in question.
(You can find all about the Exchange_Mailbox class over on MSDN. Sysadmins amongst you might think MSDN is only for developers, but the Exchange WMI pages are pretty straightforward and all contain a very nice example in VBScript where you can figure most stuff out which is available to you.)
This will return you all the mailbox objects on that server. We then use some basic sorting and selecting to present the info nicely.
Get-WMIObject -namespace root\MicrosoftExchangeV2 -class Exchange_Mailbox -computer ExchangeServerName | sort-object MailboxDisplayName | format-table MailboxDisplayName,Servername,StorageGroupName,StoreName,Size
Thursday, 17 July 2008
Checking AD replication latency with Powershell
Having suffered from some AD replication issues in the past (the dreaded lingering objects), its been at the back of my mind on how to keep an eye on replication between all the DC's.
Also a frequent question from the helpdesk goes along the lines of they've made a change to somebody's AD account and how long is it going to be before that change will make it around to all of the DC's? In the past I've kind of stuck my finger in the air and given an approximate time based on replication intervals in the site links.
So how about some Powershell which checks AD replication latency for you (and at the same time confirms all DC's are replicating) so you can give a more precise figure on how long it takes for a change to replicate the whole way around?
Brandon at the BSonPosh blog has a frankly brilliant post with a script you can run which creates a temporary contact in AD, then polls each DC until it appears, records the time taken and finally removes the test contact.
For me this was a Snover moment (i.e. the top of my head exploded!), this is so useful for me its unreal, and possibly the best bit: my finger in the air estimate was pretty darn close. :-)
Also a frequent question from the helpdesk goes along the lines of they've made a change to somebody's AD account and how long is it going to be before that change will make it around to all of the DC's? In the past I've kind of stuck my finger in the air and given an approximate time based on replication intervals in the site links.
So how about some Powershell which checks AD replication latency for you (and at the same time confirms all DC's are replicating) so you can give a more precise figure on how long it takes for a change to replicate the whole way around?
Brandon at the BSonPosh blog has a frankly brilliant post with a script you can run which creates a temporary contact in AD, then polls each DC until it appears, records the time taken and finally removes the test contact.
For me this was a Snover moment (i.e. the top of my head exploded!), this is so useful for me its unreal, and possibly the best bit: my finger in the air estimate was pretty darn close. :-)
Thursday, 26 June 2008
PowerGUI / Exchange 2003
I've used the PowerGUI script editor as my editor of choice ever since I started using Powershell, but I never really got the PowerGUI thing.
Recently at the UK Powershell User Group we had the brilliant opportunity to visit Quest in the UK and be presented to by Dmitry Sotnikov about PowerGUI and the AD cmdlets. Before going I figured I'd better get to grips with PowerGUI so spent some time watching the online tutorial videos and started playing around with it.
Doing this combined with what I picked up from the Quest visit it started to dawn on me how useful this could be. It had frustrated me for a while that although there is great support for Powershell in Exchange 2007 there wasn't anything native for Exchange 2003, which is what we use in our environment.; so I thought why not try and make a PowerGUI powerpack for it.
There's a fair bit on the web about using WMI to manage Exchange 2003, in particular a very helpful article from Dmitry.
So with a little bit of playing I have posted version 0.1 to the PowerGUI powerpack library. With a bit of work I think it could be improved a lot (I have no actions or links yet, just script nodes), but I'd be interested in any feedback so leave me a comment if you've used it. I know there's a lot of uptake with Exchange 2007 now, but I'm sure there's plenty of 2003 sites still out there.
Even while putting the powerpack together I discovered things I could manage with Powershell so easily which would be really tricky to do through the Exchange Management GUI - my favourite is Get-DisconnectedMailboxes.
Quite often I need to find mailboxes which have had the AD account deleted and are waiting to expire from Exchange - not easy to do when the AD record has gone so you don't know which database they were on (we have over Exchange 40 databases). With the below Powershell WMI script it is dead easy to get a list of all disconnected mailboxes and which database they are in by using the DataDiscoveredAbsentInDS property:
Get-Wmiobject -namespace root\MicrosoftExchangeV2 -class Exchange_Mailbox -computer $computer | where { $_.DateDiscoveredAbsentInDS -like '2*' } | sort-object MailboxDisplayName | select-object MailboxDisplayName,Servername,StorageGroupName,StoreName,Size,DateDiscoveredAbsentInDS}
PowerGUI then displays the results in a really nice view!
I think I'll be using PowerGUI a lot from now on...........
Recently at the UK Powershell User Group we had the brilliant opportunity to visit Quest in the UK and be presented to by Dmitry Sotnikov about PowerGUI and the AD cmdlets. Before going I figured I'd better get to grips with PowerGUI so spent some time watching the online tutorial videos and started playing around with it.
Doing this combined with what I picked up from the Quest visit it started to dawn on me how useful this could be. It had frustrated me for a while that although there is great support for Powershell in Exchange 2007 there wasn't anything native for Exchange 2003, which is what we use in our environment.; so I thought why not try and make a PowerGUI powerpack for it.
There's a fair bit on the web about using WMI to manage Exchange 2003, in particular a very helpful article from Dmitry.
So with a little bit of playing I have posted version 0.1 to the PowerGUI powerpack library. With a bit of work I think it could be improved a lot (I have no actions or links yet, just script nodes), but I'd be interested in any feedback so leave me a comment if you've used it. I know there's a lot of uptake with Exchange 2007 now, but I'm sure there's plenty of 2003 sites still out there.
Even while putting the powerpack together I discovered things I could manage with Powershell so easily which would be really tricky to do through the Exchange Management GUI - my favourite is Get-DisconnectedMailboxes.
Quite often I need to find mailboxes which have had the AD account deleted and are waiting to expire from Exchange - not easy to do when the AD record has gone so you don't know which database they were on (we have over Exchange 40 databases). With the below Powershell WMI script it is dead easy to get a list of all disconnected mailboxes and which database they are in by using the DataDiscoveredAbsentInDS property:
Get-Wmiobject -namespace root\MicrosoftExchangeV2 -class Exchange_Mailbox -computer $computer | where { $_.DateDiscoveredAbsentInDS -like '2*' } | sort-object MailboxDisplayName | select-object MailboxDisplayName,Servername,StorageGroupName,StoreName,Size,DateDiscoveredAbsentInDS}
PowerGUI then displays the results in a really nice view!
I think I'll be using PowerGUI a lot from now on...........
Monday, 16 June 2008
HP Lights-Out Authentication With Active Directory
OK, so its not exactly scripting, but I just spent a bunch of time getting this working in our lab environment before a production rollout. Hit a number of not very obvious gotchas so thought I would put the information out there to assist anyone else trying to get the same thing working.
If you're not familiar with it then the HP Lights-Out management processor is typically a built-in (it used to be a seperate PCI card) component in Proliant servers which enables remote management of the physical machine independent of the OS. For instance, you can effectively access the power button or the console of the machine on a server in a remote office which has become unresponsive. Full details here. The feature which usually impresses people the most is the ability to view the console as the machine is booting up - remember those times when you rebooted a remote server and it didn't come back up because it was waiting for an F1 key press which you couldn't press!
We are looking at deploying this to all of our AD DC's, which are typically the only server at branch offices and can involve long and costly trips for engineers should the server need maintenance. One requirement we have for the project is auditing and accountability, i.e. if an engineer has used the tool to power off a DC we may need to know who did it. Consequently we examined in the lab how to use the authentication that HP Lights-Out provides against Active Directory.
First of all here are the requirements for what you will need:
-------
Get the latest Proliant support pack (currently 8.0) onto your server, there are some OS iLo updates in there. Update iLo itself to the latest firmware release. Patch the iLo card into your network, give it a DNS name and network settings - Tip: make sure the DNS server settings are correct (obvious, but I had it incorrect which led to some headscratching later on)
Active Directory
-------
Download and ingest the Integrating HP Proliant Lights-Out processors with Microsoft Active Directory guide. Note there is an option to extend your AD schema to get some extra features, this blog post is around the schema-free integration.
You will need to enable SSL over LDAP on your DC's. There's a KB which makes it look very simple and in the main it is. Two tips from the field:
HP Lights-Out Directories Migration Utility
--------
Run this tool as per the ilo AD guide - note: maybe it's just me, but it is not intuitve at all, you should be able to figure it out though. Essentially it will configure most of the settings you need, its just not obvious what to put in there sometimes.
A key gotcha later on is the naming context so make sure you populate the Directory User Context with the path to where you admin accounts and the 'ilo-admins' group which contains them lie.
Directory testing
-------
Login to iLo via the webpage at its configured IP address and the local iLo Administrator account (you may want to keep this as an emergency account if directory login is not working). Navigate to Administration, Security, Directory and you should see settings you specified during the migration utility. Check these settings are what you expect and then use the very useful Test Directory Settings link at the bottom.
Obviously, this will test all the settings you have input and tell you anything which is incorrect. The key point here is that you have to input a username and password to use for the testing, what it does not tell you is that it is expecting the username in the format of the DN, e.g. CN=test admin,OU=admin accounts,dc=testdomain,dc=com (of course this is not in the iLo AD guide!)
Once you have successfully passed all of the tests you can then logout and log back in with an AD admin account. If you have correctly populated your directory search context you can use either:
Final note:
If you specify a search context of @testdomain.com some newgroup posts alledge that you can then login as test.admin, i.e. the accountname , but I couldn't get this to work.
If you're not familiar with it then the HP Lights-Out management processor is typically a built-in (it used to be a seperate PCI card) component in Proliant servers which enables remote management of the physical machine independent of the OS. For instance, you can effectively access the power button or the console of the machine on a server in a remote office which has become unresponsive. Full details here. The feature which usually impresses people the most is the ability to view the console as the machine is booting up - remember those times when you rebooted a remote server and it didn't come back up because it was waiting for an F1 key press which you couldn't press!
We are looking at deploying this to all of our AD DC's, which are typically the only server at branch offices and can involve long and costly trips for engineers should the server need maintenance. One requirement we have for the project is auditing and accountability, i.e. if an engineer has used the tool to power off a DC we may need to know who did it. Consequently we examined in the lab how to use the authentication that HP Lights-Out provides against Active Directory.
First of all here are the requirements for what you will need:
- HP servers with iLo enabled management processors. For advanced features like Remote Control you need an advanced license which typically can be purchased for around £80 per machine.
- LDAP directory, we're using Active Directory. You will need admin accounts which belong to a group which iLo can use.
- ilo wants to authenticate over SSL so you will need to enable your Active Directory to respond to LDAP requests on SSL which it does not do by default. (detailed info to follow)
- HP Directories Support management software - download from the Proilant driver page.
- A brick wall to bash you head against when you try to figure out the (undocumented) format to specify the login name as.
-------
Get the latest Proliant support pack (currently 8.0) onto your server, there are some OS iLo updates in there. Update iLo itself to the latest firmware release. Patch the iLo card into your network, give it a DNS name and network settings - Tip: make sure the DNS server settings are correct (obvious, but I had it incorrect which led to some headscratching later on)
Active Directory
-------
Download and ingest the Integrating HP Proliant Lights-Out processors with Microsoft Active Directory guide. Note there is an option to extend your AD schema to get some extra features, this blog post is around the schema-free integration.
You will need to enable SSL over LDAP on your DC's. There's a KB which makes it look very simple and in the main it is. Two tips from the field:
- You may need to reboot a DC before it will pick up the certificate.
- Add the Domain Controllers group to the CERTSVC_DCOM_ACCESS group as detailed in this KB article.
HP Lights-Out Directories Migration Utility
--------
Run this tool as per the ilo AD guide - note: maybe it's just me, but it is not intuitve at all, you should be able to figure it out though. Essentially it will configure most of the settings you need, its just not obvious what to put in there sometimes.
A key gotcha later on is the naming context so make sure you populate the Directory User Context with the path to where you admin accounts and the 'ilo-admins' group which contains them lie.
Directory testing
-------
Login to iLo via the webpage at its configured IP address and the local iLo Administrator account (you may want to keep this as an emergency account if directory login is not working). Navigate to Administration, Security, Directory and you should see settings you specified during the migration utility. Check these settings are what you expect and then use the very useful Test Directory Settings link at the bottom.
Obviously, this will test all the settings you have input and tell you anything which is incorrect. The key point here is that you have to input a username and password to use for the testing, what it does not tell you is that it is expecting the username in the format of the DN, e.g. CN=test admin,OU=admin accounts,dc=testdomain,dc=com (of course this is not in the iLo AD guide!)
Once you have successfully passed all of the tests you can then logout and log back in with an AD admin account. If you have correctly populated your directory search context you can use either:
- test admin (note the space) or
- CN=test admin
Final note:
If you specify a search context of @testdomain.com some newgroup posts alledge that you can then login as test.admin, i.e. the accountname , but I couldn't get this to work.
Subscribe to:
Posts (Atom)
