Monthly Archives: June 2015

New article on PowerShell Magazine: Determine compression ratio of compressed files

Yesterday I posted about using the System.IO.Compression.ZipFile class to compress and extract files, this article is available here: Compress files and folders with System.IO.Compression.ZipFile class

The same class can be leveraged to retrieve the compression ratio for compressed files. The full article  is available on PowerShell Magazine : Determine compression ratio of compressed files

For more articles like this, have a look at the External Articles section of my blog, it contains all the articles I have posted on external sources such as PowerShell Magazine.

Links in this Article
PSTip: Determine compression ratio of compressed files
PowerShell Magazine
External Articles
Share

New article on PowerShell Magazine: Compress files and folders with System.IO.Compression.ZipFile class

Unfortunately it is not possible to compress or extract zipped files using cmdlets in PowerShell. This feature will be introduced in PowerShell 5.0, but for the time being using the System.IO.Compression.ZipFile class can be a nice workaround. The full article  is available on PowerShell Magazine : Compress files and folders with System.IO.Compression.FileSystem class

1
[System.IO.Compression.ZipFile]::ExtractToDirectory('c:testing.zip', 'c:newtest')

For more articles like this, have a look at the External Articles section of my blog, it contains all the articles I have posted on external sources such as PowerShell Magazine.

Links in this Article
PSTip: Compress files and folders with System.IO.Compression.FileSystem class
PowerShell Magazine
External Articles
Share

Manage SCOM Report Operators role using PowerShell

Sharing SCOM reports with other users can be facilitated by adding those users to the SCOM Report Operator role. To view the users and groups that are a member of this role the following can be executed:

1
Get-SCOMUserRole -Name 'Operations Manager Report Operators'

The best practice is to add users into an AD group and then placing the user in that AD group. If there is already an AD Group in the User Role then the user can be added to that group directly. Otherwise an AD Group can be created and added to the SCOM User Role as follows:

1
2
3
4
5
6
7
8
9
10
11
# Create Domain Local Security Group
$TargetOU = [adsi]'LDAP://OU=SCOM,OU=Groups,DC=jaapbrasser,DC=com'
$Group = $TargetOU.Create('group','cn=SCOM_Report_Operators')
$Group.put('grouptype',0x80000004)
$Group.put('samaccountname','SCOM_Report_Operators')
$Group.SetInfo()
 
# Add the newly created group to the SCOM User Role
Get-SCOMUserRole -Name 'Operations Manager Report Operators' | ForEach-Object {
    Set-SCOMUserRole -UserRole $_ -User ($_.Users+'jaapbrasser\SCOM_Report_Operators')
}

Since the Set-SCOMUserRole cmdlet does not support adding a group or user account we are used to use ForEach-Object as an alternative to include the current User Role Members. By concatenating the existing users with the new user, domain\jaapbrasser, the new user is added to the User Role Members.
Now that the Active Directory group has been created and added to the list the user account can be added to the AD group:

1
2
3
4
$ADGroup = [adsi]([adsisearcher]'samaccountname=SCOM_Report_Operators').findone().path
$User = ([adsisearcher]'samaccountname=jaapbrasser').findone().path
$ADGroup.add($User)
$ADGroup.psbase.commitchanges()

Now that the AD Group has been added as a User Role member and the user has been added to the correct Active Directory group the user has the appropriate permissions to be able to view the reports created by SCOM.

SCOM Report Operators User Role
Implementing User Roles
Get-SCOMUserRole
Set-SCOMUserRole
Share

Active Directory Friday: Distribution group membership for AD User

To get a list of distribution groups an Active Directory user account is a member of of we can query Active Directory. For example by combining the Get-ADUser and Get-ADGroup cmdlets. To generate this list the following code can be used:

1
2
3
Get-ADUser -Identity JaapBrasser -property memberof |
Select-Object -ExpandProperty memberof | Get-ADGroup |
Where-Object {$_.groupcategory -eq 'Distribution'}

The Get-ADUser cmdlet gets all the groups Jaap Brasser is a member of, the Select-Object cmdlet expands the MemberOf attribute which is then piped into the Get-ADGroup cmdlet. The last step is using the Where-Object cmdlet to filter out only the Distribution groups to get the desired results.

Alternatively the DirectoryServices DirectorySearcher object can be used. This object does not require the Active Directory module to be installed and can run on any version of PowerShell. The following code can be used:

1
2
3
4
5
6
7
8
9
10
$ADSearcher = New-Object DirectoryServices.DirectorySearcher -Property @{
    Filter = "(samaccountname=JaapBrasser)"
} | ForEach-Object {
    $_.FindOne().Properties.memberof | ForEach-Object {
        $CurrentGroup = [adsi]"LDAP://$_"
        if (-not ([int](-join $CurrentGroup.Properties.grouptype) -band 0x80000000)) {
            $CurrentGroup.Properties.name
        }
    }
}

This sample works by querying Active Directory for the samaccountname JaapBrasser. Of this user account the distinguishedname of each group object is retrieved. The group type is explained in last weeks post as well, in which I explained about the hex codes which defines whether a group is a Security Group or a Distribution group. The article is available here: Creating Active Directory groups using PowerShell

For more information on this subject please refer to the following links:

Distribution group membership
Get-ADGroup
Get-ADUser
Understanding Groups
2.2.12 Group Type Flags
Creating Active Directory groups using PowerShell
Share

Three years of blogging; 100 posts

This month, June 2015 is a month of milestones. Just last week I posted an article on my 150000th download from the TechNet Script Gallery, today the occasion is my 100th blog post. remember when I started three years ago. I decided against making a obligatory first post in which I outlined my plans for making a blog, as I did not have a clear vision.

BooksSection

Now, more than three years later I use my blog as an outlet for any technical or otherwise interesting topics I come across. To celebrate the occasion I have opened up another section on my blog, Books.

To mark this joyful occasion, I have decided to bundle my ongoing series on this blog: Active Directory Friday into an ebook, available in the Books section of this site. The book is currently contains all thirteen articles and will be updated with new articles on a regular basis. It is available for download here: Active Directory Friday: All Articles

ADF-AllArticles

For a complete overview of all the links in this blog post I have created the following table containing all links.

Three years of blogging; 100 posts
150000 Downloads
New Books Section
Active Directory Friday
Download: Active Directory Friday: All Articles

 

Share