Archive

Posts Tagged ‘domain’

Powershell script: Invoke-CommandOnADComputers

October 13th, 2014 No comments

Sometimes I need to run some command on bunch of computers. So I’ve created little bit more advanced function to be able to run script block on computers list created from domain:

 


<#
.Synopsis
   This function provides you way to run scriptblock on remote machines in the domain.
.DESCRIPTION
   This function is extension to Cmd-Let Invoke-Command. This function lists computer names in domain
   based on ADSearchBase and Filter parameters. In invoke scriptblock on those computers in the list.
.EXAMPLE
   To restart service "Windows Time" on all machines in domain:
   Invoke-CommandOnADComputers -SearchBase "DC=domain,DC=local" -ScriptBlock { Restart-Service W32Time; }
.EXAMPLE
   To restart service "Windows Time" on all machines which containt number 7 in name:
   Invoke-CommandOnADComputers -SearchBase "DC=domain,DC=local" -Filter 'Name -like "*7*"' -ScriptBlock { Restart-Service W32Time; }
#>

Function Invoke-CommandOnADComputers
{
    [CmdletBinding(SupportsShouldProcess=$True,ConfirmImpact='Low')]
    Param
    (
        # This is Active Directory Search Base to limit selection for computer accounts in domain.
        # It can be for example "OU=Computers,OU=Company Name,DC=domain,DC=local"
        [parameter(Mandatory=$true)]
        [string]
        $SearchBase,

        # Active Directory filter to merge your computer selection in to the detail.
        # It can be for example 'Name -like "Desktop*"'
        [string]
        $Filter = "*",

        # This is scriptblock which should be run on every computer.
        # For example { Restart-Service W32Time; }
        [parameter(Mandatory=$true)]
        [scriptblock]
        $ScriptBlock
    )
    Begin
    {
        #
        # Get list of computer accounts
        #
        Write-Verbose "Getting list of computer from $ADSear"
        try
        {
            [array]$ADComputersList = Get-ADComputer -SearchBase $SearchBase -Filter $Filter -ErrorAction Stop
        }
        catch
        {
            Write-Error -Message "Couldn't search in $SearchBase" -ErrorAction Stop
        }
        #
        # Write number of found computers
        #
        Write-Host "Found $($ADComputersList.Count) computers"
        #
        # If in debug, write list of computers
        #
        Write-Verbose "List of machines:"
        If (!$PSDebugContext)
        {
            foreach ($item in $ADComputersList)
            {
                Write-Verbose " $($item.Name)"
            }
        }
        Write-Verbose "Done with domain computer list"
    }
    Process
    {
        #
        # Let's invoke command on remote computer
        #
        foreach ($ADComputer in $ADComputersList)
        {
            Write-Host $ADComputer.Name
                try
                {
                    Write-Verbose "Invoking scriptblock on computer"
                    Invoke-Command -ComputerName $ADComputer.Name -ScriptBlock { $ScriptBlock } -ErrorAction Stop
                    Write-Host " Scriptblock invoked successful."
                }
                catch
                {
                    Write-Host " Scriptblock invoked UNSUCCESSFUL."
                }
        }
    }
}

You can run it using

Invoke-CommandOnADComputers -SearchBase “DC=domain,DC=local” -ScriptBlock { Restart-Service W32Time; }

and it will read all computer accounts from domain and restart Windows Time service.

Enjoy,

PowerShell: Script to check for logged users

September 16th, 2014 No comments

I’m creating couple powershell scripts which I use in my work. I want to share couple of them with you. So here is a script which look for domain computers and then check who is logged on those online machines.

$ADSearchBase = "OU=Computers,DC=domain,DC=local"
$ADFilter = "*"

Function Get-LoggedUsersOnComputers
  {
  $ADComputersList = Get-ADComputer -SearchBase $ADSearchBase -Filter $ADFilter
  foreach ($ADComputer in $ADComputersList)
    {
    Write-Output $ADComputer.Name
    Try
       {
       $ExplorerProcesses = Get-WmiObject -ComputerName $ADComputer.Name -Class win32_process -Filter "Name='explorer.exe'" -ErrorAction Stop
       }
     Finally
       {
       If ($?)
         {
         foreach ($ExplorerProcess in $ExplorerProcesses)
           {
           Write-Output "  $($ExplorerProcess.GetOwner().User)"
           }
         }
       Else
         {
         Write-Output "  <<< Could not connect"
         }
       }
    }
  }

Get-LoggedUsersOnComputers

If you have any remark on my script, please, let me know. I will be happy to make it more cute 🙂

Quickie: Local admin has to have password to create domain

October 24th, 2012 1 comment

Today I was preparing new AD test environment for myself. I’ve created new W2008R2 VMs and when I ran dcpromo.exe I’ve got following error:

Local admin password empty

This was just a funny thing I never saw 🙂

Slow logging into domain

March 26th, 2012 No comments

When you are facing slow logons into domain and you also get events 1030 and 1006 you need to look into your network. By default Kerberos uses UDP packets to communicate. You need to force Kerberos to use TCP instead of UDP by changing registry key:

HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\ Kerberos\\Parameters

If it doesn’t exists just create it 🙂

Create DWORD key called MaxPacketSize and set it to value 1.

For more infor there is official KB http://support.microsoft.com/kb/244474/en-us