The article posted on PowerShell Magazine explains how to utilize the Windows.Forms.Screen Class in order to determine the resolution of the monitors attached to the current system. It can also be used to determine the location of the monitors relative to each other. This can be useful when working with Windows Forms in PowerShell.
To read the full article head over to PowerShell Magazine:
http://www.powershellmagazine.com/2013/05/09/pstip-working-with-the-windows-forms-screen-class/
I recently uploaded a new script, Get-OrphanHomeFolder.ps1 to the TechNet Gallery. The script is designed to get a list of all folders in a path and for each of those folders it will query AD to verify if there is a matching Sam account. If this property is not found the script considers this to be an orphaned home folder. If the -FolderSize property is specified the script will retrieve the size of the orphaned folder and display the results as an array of objects.
The script is available here: Technet Gallery: Get-OrphanHomeFolder.ps1
This portion of the script will grab the folder name and query AD for a matching samaccountname, to do this I utilize the [adsisearcher] accelerator so there is no dependency on the AD Cmdlets in this script:
49 50 | $CurrentPath = Split-Path $_ -Leaf $ADResult = ([adsisearcher]"(samaccountname=$CurrentPath)").Findone() |
If a matching account is not found the script will display the error, in this case the ‘Account does not exist and has a home folder‘ message and the full path to the folder. This information is stored in a hashtable. The code for that look like this:
54 55 56 57 | $HashProps = @{ 'Error' = 'Account does not exist and has a home folder' 'FullPath' = $_.FullName } |
The information gathered in this hash table is then used to build a custom PowerShell object with the hash table as its properties:
65 | New-Object -TypeName PSCustomObject -Property $HashProps |
For more information about this script or any of the other contributions, drop me a line and I will be happy to discuss this further.
Using the Active Directory Recycle Bin I will demonstrate the consequences of deleting and restoring an Domain Administrator user account and display which properties are affected or changed.
First off we create a new user which we then add to the Domain Admins group with the following PowerShell commands:
New-ADUser -Name Admin_Jaap -SamAccountName Admin_Jaap -Enabled:$true ` -AccountPassword (ConvertTo-SecureString -AsPlainText 'Secret01' -Force) Add-ADGroupMember -Identity 'Domain Admins' -Members Admin_Jaap |
Then we capture output of Get-ADObject with all properties in a variable:
$BeforeDel = Get-ADObject -LDAPFilter "(samaccountname=Admin_Jaap)" -Properties * |
The next step is to delete the user using Remove-ADUser:
Remove-ADUser -Identity Admin_Jaap -Confirm:$false |
Now the account can be restored:
Restore-ADObject -Identity $BeforeDel.ObjectGUID -Confirm:$false |
Now that the object has been restored, the password that we originally set has been recovered as well. This can be verified by running the following PowerShell command:
Invoke-Command -ScriptBlock {whoami} -Credential admin_jaap -ComputerName dc1 |
We capture the information stored in AD to the $AfterRes variable:
$AfterRes = Get-ADObject -LDAPFilter "(samaccountname=Admin_Jaap)" -Properties * |
Now that we have captured both the account information when the account was just created and after the account was restored we can use this information to have a look at which attributes if any have changed. To make this comparison the Compare-Object Cmdlet can be used. To be able to compare these AD Object, the variable is first piped into Out-String and then split up into an array of strings.
Compare-Object -ReferenceObject (($BeforeDel|Out-String) -split '\n') ` -DifferenceObject (($AfterRes|Out-String) -split '\n') -IncludeEqual |
The results show that most attributes are completely unchanged. Attributes containing information related to either replication, or when the object was last changed will be the only changed objects.
Lately I have been playing around with the AD Recycle Bin on Windows Server 2012. It is a useful feature that was introduced in Server 2008 R2 and has been improved in Server 2012. New features include:
Enable-ADOptionalFeature -Identity 'Recycle Bin Feature' ` -Scope 'ForestOrConfigurationSet' -Target 'dmn.com' -Confirm:$false |
Note that this feature can never be disabled after it has been enabled. To test its functionality we will create a user:
New-ADUser -SamAccountName Jaap -Name Jaap -Enabled:$true ` -AccountPassword (ConvertTo-SecureString -AsPlainText '$ecret01' -Force) |
Get-ADobject -Filter 'samaccountname -eq "jaap"' |
([adsisearcher]'(samaccountname=jaap)').findone() |
Remove-ADUser jaap |
Get-ADobject -Filter 'samaccountname -eq "jaap"' ([adsisearcher]'(samaccountname=jaap)').findone() |
Get-ADobject -Filter 'samaccountname -eq "jaap"' -IncludeDeletedObjects |
$Searcher = [adsisearcher]'(samaccountname=jaap)' $Searcher.Tombstone = $true $Searcher.FindOne() |
And that how to query accounts have been deleted and stored in the AD Recycle Bin.
Today Microsoft has released four new IT Pro exams leading up to two new MCSE certifications. As both Windows Server 2012 and Windows 8 have been released to manufacturing (Source: Windows Server Blog) the accompanying certifications have been released as well. The exams will be available as Beta exams from the 6th of August until the 20th of August with registration commencing at the 1st of August. For more information regarding Beta exams please have a look at the official FAQ by Microsoft here.
In case you have not received an invitation from Microsoft make sure you read up in my previous post on how to setup your Microsoft SME profile here:
New beta exams released for Windows Server 2012
The exams that and certifications that have been released are as follows:
So if you are interested head out to the Prometric Registration Website to sign up for any of the exams. Good luck!
