Tagged: PowerShell Toggle Comment Threads | Keyboard Shortcuts

  • Chris 11:18 pm on January 1, 2011 Permalink | Reply
    Tags: postaweek2011, , PowerShell,   

    Get the Local Time for your VMHost 

    Hi Folks ,

    Quick one liner to get the local time of your vmhost . Its good to check to make sure that your host is not out of sync because your VM’s depend on it.

    get-vmhost -Name (FQDN of Host ) | % {Get-View $_.ExtensionData.ConfigManager.DateTimeSystem} | %{$_.QueryDateTime().ToLocalTime()}

    Happy New Year 🙂


    • Glenn 11:38 pm on March 20, 2011 Permalink

      Hey Chris,

      I was so happy to find this “one liner”. It is (almost) exactly what I was trying to do. I am trying to run this across all hosts on a VC by removing the -Name.

      I am trying to work out how to include the host name (before or after) on the same line as the date /time. Any ideas? I am only new to powercli and having trouble working it out.



  • Chris 12:03 am on August 22, 2010 Permalink | Reply
    Tags: , Computer Objects, PowerShell   

    Stale Computer Accounts 

    You know stale computer accounts are like stale peanuts . You just want to get rid of them as fast as possible. Its a good idea to have a script that is scheduled to run for this type of task. The same thing can be said for stale user accounts but let’s focus on the stale computer accounts.

    Here is the script in its entirety :

    Function Process-ComputerObject ($server)

    # set the date to be used as a limit - 180 days earlier than the current date
    $old = (Get-Date).AddDays(-180)

    #Disabled Computers OU
    $DestOU = "contoso.com/disabled Computers"

    #This pipeline creates the report.
    Get-QADComputer -Identity $server.Name -IncludedProperties pwdLastSet -SizeLimit 0 | where { $_.pwdLastSet -le $old }|select-object Name,ParentContainer,OperatingSystem,Description,pwdLastSet |Format-Table -AutoSize| Out-File -Append -Width 700 ".\Disabled_Computers.txt"

    #This pipeline is to actually Disable the server and move it to the disabled computers OU
    Get-QADComputer -Identity $server.Name -IncludedProperties pwdLastSet -SizeLimit 0 | where { $_.pwdLastSet -le $old } |%{ Disable-QADComputer $_ } | %{Move-QADObject $_ -NewParentContainer $DestOU}


    Function Send-EmailReport ()

    #Send Mail message
    send-mailmessage -from "ServerTeam@contoso.com" -to "Supportperson@contoso.com" -subject "180 Day Stale Computer Object Report.**PLEASE DO NOT REPLY**" -body "Please see the following attached text file for Computer objects that were disabled and moved to the disabled computers OU." -Attachments ".\Disabled_Computers.txt" -smtpServer mysmtpserver


    ####################Entry Point of Script##########################

    #Load Quest Cmdlets
    Add-PSSnapin Quest.ActiveRoles.ADManagement

    # No Errors shown
    $ErrorActionPreference = "SilentlyContinue"

    #Builds an Array of Ad Computer Objects and Uses the Quest CmdLets.This is where 2 filters are defined.
    #One that excludes the OU's that we do not want to search and another that defines the Type of Systems we want to search.
    #$Computers is the variable that holds this Array.

    $Computers = Get-QADObject -SizeLimit 0 -SearchScope OneLevel |? {$_.Name -ne "Australia"} | ? {$_.Name -ne "Disabled Computers"} | ? {$_.Name -ne "NetIQRecycleBin"} | % {Get-QADComputer -SearchRoot $_.DN -Includedproperties pwdLastSet -sizelimit 0 -OSName 'Windows 2000 Server*','Windows Server 2003*','Windows Server 2008*'}

    #Start pipeline
    $Computers | %{ `

    #Clear Errors

    # Load .net Ping Class Object
    $net = New-Object System.Net.NetworkInformation.Ping

    #perform ping on Server
    $result =$net.send($_.Name)
    if ($Error)

    Process-ComputerObject $_



    #Call the Send-emailmessage function

    sleep -Seconds 10

    #Delete Text File
    del ".\disabled_computers.txt"

    Now that you see the script let me explain some of the parts .There are 2 functions : one to process the object and another to send an e-mail to the support team that includes a report attached.

    Let’s start at the entry point into the script :

    I’m using the Quest cmdlets which are really easy to work with . So that is what I do first is load the PSnappin.
    Add-PSSnapin Quest.ActiveRoles.ADManagement

    Remember we are going to run this as a scheduled task and want to make sure that the quest ad cmdlets get loaded.

    Next is we do not want errors shown . (I may change this in the future) $ErrorActionPreference = “SilentlyContinue”

    The next part is a bit tricky .We have a variable $computers . What we are doing is creating a list of OU’s we want to exclude. You might not want to search everyOU.

    So we set $computers to get every object on the root level of AD then we build our exclude list : In this case I DO NOT want to search the Australia OU ,Disabled ComputersOU or the NetIQrecyclebin OU.

    The rest of the objects pass thru the pipeline. Now I use the Get-QADComputer cmdlet to get computers (only servers in this case) 2000,2003,2008 Servers . I include the pwdlstset property which I’m interested in.

    Now $computers is set to go … I start my final pipeline ….

    Clear any errors from $error. Load the .net ping class .

    I perform a ping on the System to see if its offline . This is important cause you will find some systems like Cluster Names that might have a stale pwdlast set value but they are very much alive and needed . That might be because they haven’t failed over to the other node in a long time. So I want two conditions met (Not online and pwdlastset greater than 180 days.)

    If not online then I call the process computer object function.

    This function processes the computer object ,disables it if its past 180’s and moves it to the disabled computers OU . I also creates the text file to be used in the report.

    Last but not least I call the mail function which uses the send-mailmessage cmdlet .

    Hope this helps you fight those stale computer objects in your environment. Now where did I put those peanuts again ? 🙂

    • ServerGuyScott 10:55 am on August 22, 2010 Permalink

      Great script, Chris!

    • Joshua 9:08 am on October 23, 2013 Permalink

      I don’t know if you still monitor this or not… but I wanted to ask a couple of questions
      1. Can you modify this to ONLY do computers and not servers
      2. Can you remove the ping option?

  • Chris 10:45 am on March 27, 2010 Permalink | Reply
    Tags: PowerShell, Scripting Games 2010   

    Scripting Games 2010! 

    Hi Folks ,

    Haven’t posted in awhile but that will change soon . Here is a link to the Scripting Games. I might participate because this is always a good learning experience.

    2010 Scripting Games

    Grab this badge here!

    Have Fun !

  • Chris 1:09 pm on January 31, 2010 Permalink | Reply
    Tags: Advanced Function parameters, PowerShell   

    Advanced Function Parameters 

    Hi Folks ,

    Not a long post but I just wanted to mention that I had emailed the scripting guys about help on creating  parameters that get passed to advanced functions because the syntax looks strange to me . Ed Wilson emailed me back right away (Thank you Ed ) and gave me some information that will help me out that I wanted to pass on. I read Ed’s windows Powershell book which was about 1.0 and I was very impressed with it . He also has Powershell Version 2 best practices out now that I may pick up in the near future here.

    To get more information about advanced function parameters you can simple get help in powershell by entering this in the console .Wealth of information here :

    Help about_Functions_Advanced_Parameters

    Also by downloading the powershell SDK  here.


    The powershell SDK I believe is part of the Windows SDK now.

    Hope this helps 🙂 .


  • Chris 12:38 pm on January 31, 2010 Permalink | Reply
    Tags: , PowerShell   

    PowerGui 2.0 

    Get the best free editor around Powergui 2.0 here. They are always making this editor better and enhancing its features. 🙂


  • Chris 6:09 am on December 5, 2009 Permalink | Reply
    Tags: , PowerShell   

    PowerGui 1.9.6 

    Get the latest free editor for powershell . Did I mention its free and its awesome .


    Have a Great Day !


  • Chris 10:08 pm on November 25, 2009 Permalink | Reply
    Tags: AD CMDLETS, PowerShell, Quest AD CMDLETS   

    AD Cmdlets 1.3 from Quest RTM’ed 

    If you have not used Quests AD Cmdlets your missing out on a real treat . Head over to Dmitry’s blog for more information . You will not be disappointed.


    They are free and feature rich 🙂





  • Chris 11:53 am on November 20, 2009 Permalink | Reply
    Tags: Get-content, netlogon.log, PowerShell   

    Creating a Unix like tail with Get-content 

    Wow I haven’t written a blog in a long time ….

    Hi everyone hope you’re doing well . A very short blog about the Get-Content cmdlet . Get-content has a very nice parameter called -wait . I have been using this for example to find users that lock out there AD accounts frequently and don’t know why they are getting locked out . The netlogon.log captures this info (If your DC is set up for debugging this info ) so it makes it easy to catch these lockouts . What -wait does is monitor the log file or text file so that anything added to it it will display . If you pipe that to a regex statement you can narrow down your search and pinpoint what you’re looking for … So for example if Bob.Roberts is locking out is account and doesn’t know why you can do this :

    gc \\DcName\c$\Windows\debug\netlogon.log -wait | ? {$_ -match "Bob.Roberts"}

    So now any entries that contain Bob.Roberts will be displayed and if not it will just sit there and wait and monitor the log . A great way to just put the powershell window to the side and do other things will waiting for results 🙂 .

    Hope you like this tip 🙂


  • Chris 3:42 pm on June 11, 2009 Permalink | Reply
    Tags: PowerShell, Printer Security, subinacl.exe   

    Hi Folks ,   I was given a task at work … 

    Hi Folks ,

    I was given a task at work to add a global group to 100’s of printer queue’s . I knew I wanted to use powershell to do this task but was unsure how to permission printers . I came across this utility (Subinacl.exe) that I knew about but didn’t think it permissioned printer queue’s . It took just one line to accomplish this task . In minutes I permssioned 100’s of queue’s and my manager was very happy with the result .

    So here is the one line :

    gwmi -class Win32_Printer -comp ServerName | %{$_.Name} | % { subinacl.exe /printer \\ServerName\$_ /grant=DomainName\GroupName=F}

    F means Full Control…

    You can also use M for Manage Documents or P for Print .

    This is a good example also of Powershell’s ability to work with command line utilities .

    I thought this was cool and a super time saver . If you have any questions please comment below and I will respond pronto 🙂



    • Serge Meeuwsen 5:50 am on January 31, 2010 Permalink

      Chris, cool one liner which I’m sure is gonna save a lot of admins a lot of work. One question tho, why did you pipe $_.Name twice? Wouldn’t the following suffice?
      gwmi -class Win32_Printer -comp ServerName | % { subinacl.exe /printer \\ServerName\$_.Name /grant=DomainName\GroupName=F}

    • Chris 12:31 pm on January 31, 2010 Permalink

      Hi Serge ,

      Yes … thank you ! That would work just as well . Thank you for your input 🙂


    • Casey 10:22 am on November 5, 2010 Permalink

      Perfect. I’ve been looking for this as we are just moving to Microsoft printing.

      Serge Meeuwsen suggestion does not work. Get’s invalid printer names. You must use the original post >

      “Chris, cool one liner which I’m sure is gonna save a lot of admins a lot of work. One question tho, why did you pipe $_.Name twice? Wouldn’t the following suffice?
      gwmi -class Win32_Printer -comp ServerName | % { subinacl.exe /printer \\ServerName\$_.Name /grant=DomainName\GroupName=F}”

    • Jay 11:39 am on June 3, 2011 Permalink

      Sweet!! This saved me a few hours of work, thanks!

    • denvergoals 5:42 pm on October 3, 2014 Permalink

      saved me a bunch of time. much appreciated…

  • Chris 8:03 pm on May 5, 2009 Permalink | Reply
    Tags: $ofs, PowerShell   

    Powershell Using $OFS 

    Hello ,

    $OFS which is a special variable in powershell . OFS stands for Output field separator . You would use this to separate objects in your array for example :


    PS H:\> $numbers = 1,2,3,4,5
    PS H:\> $numbers



    What if you wanted to separate these let say with a semi colon . You can use the $OFS variable..

    PS H:\> $ofs = “;” ;[string]$numbers


    This could be useful lets say if your getting users out of AD to setup an e-mail in outlook .

    Not to bad … 🙂

    For More info :



    Have Fun !


    • Is dis 10:02 am on June 20, 2014 Permalink

      exists for lines ?
      what I mean:
      what separates lines by default is “\r\n”
      what I want:
      change globally (in a script) this default to “\n”

    • Chris 10:43 am on June 20, 2014 Permalink

      Hi … I do not really understand what your asking … Can you explain or give an example ?

Compose new post
Next post/Next comment
Previous post/Previous comment
Show/Hide comments
Go to top
Go to login
Show/Hide help
shift + esc