Use R2’s PowerShell Tools and New AD GUI on 2003
From Mark Minasi’s website:
For an “R2,” Server 2008 R2 delivered a fairly impressive list of new goodies for Active Directory (AD) techies. One of the most important of those goodies was Active Directory’s new support of PowerShell scripting, in combination with 73 new AD-related PowerShell cmdlets and their GUI cousin, a brand-new administrative tool for AD called the Active Directory Administrative Center (ADAC). Why is ADAC a “cousin” of PowerShell? Simple: PowerShell 2.0, which Microsoft embedded in Windows Server 2008 R2, offers the new ability to create GUI-based PowerShell tools… and ADAC is one of the first of those. Sure, ADAC looks like a it’s just a better-arranged version of the ten-year-old Active Directory Users and Computers (ADUC) MMC snap-in, but on the inside, the two are as different as night and day.
Now, I haven’t had time to put an R2 domain controller (DC) on my internal production network yet, but I really like some of the new PowerShell cmdlets and really like the ADAC GUI tool, so I was pleasantly surprised to learn that you can fairly simply bring R2’s PowerShell cmdlets and ADAC to any Active Directory running pre-R2 domain controllers. In fact, you can even retrofit Powershell and ADAC support on domain controllers as far back Windows Server 2003.
The key lies in the fact that under the hood, Microsoft built PowerShell clients to talk to the Active Directory with a completely new network protocol. Instead of having ADAC and PowerShell make AD requests to DCs via LDAP, ADSI or some sort of RPC, Microsoft built a brand-new web service for Active Directory. Thus, every time an administrator sits down and issues some command to AD via R2’s PowerShell tools or ADAC, then under the hood that PowerShell cmdlet or ADAC actually transmits the admin’s request as a pile of XML data packaged in one or more SOAP (Simple Object Access Protocol) packets, and then transferred via HTTP/HTTPS to the web service program running on every 2008 R2-based Active Directory DC.
Now, I hear a few heads getting ready to explode out there: “whaaaat???? Our DCs are web servers? Nooooooooo….” Relax; R2’s DCs are not web servers, they just run a web service. Those are two very different things, I promise. Heck, they don’t even use ports 80 and 443; instead, they use TCP port 9389, which is easy to remember if you’re leery about the whole web service thing, know a microscopic amount of German and recall the port number normally used by LDAP in Active Directory: “nein, 389!” Really, you do not have to run IIS on your DC to make this work.
Anyway, Microsoft decided to take their R2 AD web service and back-port it to Server 2003, Server 2003 R2, and Server 2008 DCs and, once you’ve done that, you’ll be ADAC-ing to your non-R2 DCs. There are, of course, a few details, mainly that you’ve got to download and install a bunch of stuff to make it all work, but it’s worth it in the end.
First, you’ll need a Windows 7 desktop or a Windows Server 2008 R2 member server. You need one of them because the only way that I know of to get PowerShell 2.0, the AD PowerShell Module, and ADAC is either to be running a 2008 R2 system, or to download the “Remote Server Administrations Tools for Windows 7″ (RSAT) from Microsoft’s Download Center and you can unfortunately only install RSAT on a Windows 7 system. In other words, sorry… you’ll have to do the AD administration from a Win 7 system rather than a Vista or XP box.
Second, the client Windows 7 system (or 2008 R2 member server) should be a member of the domain that you aim to do your PowerShelling on. (You could probably make it work otherwise, but it’d be a pain.)
Third, you need a DC that can support the AD web service. That would be a DC built upon Server 2003 with SP2 or Server 2008.
Fourth, your DC needs .NET 3.5 SP1. Search www.microsoft.com/downloads for “Microsoft .NET Framework 3.5 Service Pack 1 ” and take the download with that exact name, as it’s not only an SP1 that you’d add to .NET 3.5 but instead it is .NET 3.5 with its SP1 already installed.
Fifth, your DC probably needs a hotfix or two. Apparently there’s something about the way that Windows 7 talks to Server 2003 and 2008-based DCs that confuses them, and these hotfixes address that.
- Server 2003 SP2 systems need the hotfix in KB 969429. You can’t just download it, you’ve got to “request” it. (It happens immediately and automatically, you needn’t talk to anyone for it, but it takes a minute or two waiting for your “request” to be granted. Perhaps it’s a hotfix with mildly narcotic side-effects and thus is unlawful in some localities?)
- Server 2008 SP1 and 2003 SP2 systems both also need the hotfix in KB 967574. 2008 SP2 systems do not need this hotfix. The page explaining this hotfix seems to indicate that 2003 systems do not need this hotfix, and that KB 969429 and 967574 are either/or hotfixes, but I tested this on a 2003 R2 DC and it seemed to need both hotfixes before I could proceed.
Sixth, you’re ready to install the AD web service on those prepared DCs. Search for the “AD management gateway service” at Microsoft’s Download Center, and note that there are four possible choices of files to download depending on whether you’re installing it to 2003 x86, 2003 x64, 2008 x86 or 2008 x64. It’s packaged as an MSU (Microsoft update), so it’s a simple install.
Now log onto that Win 7 system with RSAT, fire up ADAC and you’re ready to go. Happy PowerShelling!
Aditional info: http://technet.microsoft.com/en-gb/magazine/ee914610.aspx
Free eBook Mastering Powershell
“Mastering PowerShell” by Dr. Tobias Weltner, Windows PowerShell MVP, is now available as a free PDF eBook. You can download it here or read the online version.
Powershell Search URL / LNK files
At my current project I am investigating the software used within that organization. As part of this I want a overview of all the URL’s (*.url) and shortcuts (*.lnk) used. I created two PowerShell scripts to scan a server location (eg. the fileshare containing the roaming profiles of the users) and report all the found *.url / *.lnk files and write these to a csv file.
Get_URL.ps1
$strLocation = "Y:\"
$strExtension = "*.url"
$objUrls = @()
$strResultFile = "D:\Work\output\URLs " + [DateTime]::Now.ToString( "yyyy-MM-dd hh-mm-ss" ) + ".csv"
$intCounter = 0
$sh = New-Object -ComObject "WScript.shell"
Write-Host "Start..."
$objFolders = Get-ChildItem $strLocation -Recurse -Filter $strExtension
$intCounterMax = $objFolders.Length
Write-Host "Processing URLs..."
ForEach ($I in $objFolders)
{
[string]$x = $I.FullName
if ($x.Contains("["))
{
Write-Host "* Skipped"$x" *"
$objTemp = New-Object PSObject
$objTemp | Add-Member -membertype Noteproperty -Name Name -Value $I.Name
$objTemp | Add-Member -membertype Noteproperty -Name Owner -Value "*Skipped*"
$objURLs += $objTemp
}
else
{
$strUserId =($x.Split("\"))[1]
$strOwner = (get-QADUser $strUserId).Name
if ($strOwner) {} else {$strOwner = "<unkown>"}
$strName = $I.Name
$size = Get-ChildItem $x -rec |measure-object -property length -sum
if ($size.Sum)
{
$y = get-content $I.FullName -ErrorAction SilentlyContinue
if ($y.length)
{
if (($y.GetType().name) -eq "object[]")
{
$strUrl = ($y[1].Split("="))[1]
}
else
{
$strOwner = "*Skipped*"
$strUrl = ""
}
}
}
else
{
$strUrl = "-"
}
$objTemp = New-Object PSObject
$objTemp | Add-Member -membertype Noteproperty -Name Name -Value $strName
$objTemp | Add-Member -membertype Noteproperty -Name Owner -Value $strOwner
$objTemp | Add-Member -MemberType Noteproperty -Name Url -Value $strUrl
$objTemp | Add-Member -membertype Noteproperty -Name FullName -Value $I.FullName
$objURLs += $objTemp
}
$intCounter++
Write-Host "["$intCounter"/"$intCounterMax]" User: " $StrOwner " " $strName
}
#$objURLs
$objURLs | Export-Csv $strResultFile -noTypeInformation
Write-Host "Done"
Get_LNK.ps1
$strLocation = "y:\"
$strExtension = "*.lnk"
$objShortcuts = @()
$strResultFile = "D:\Work\output\shortcuts " + [DateTime]::Now.ToString( "yyyy-MM-dd hh-mm-ss" ) + ".csv"
$intCounter = 0
Write-Host "Start..."
Write-Host "Getting shortcuts..."
$z = Connect-QADService
$sh = New-Object -ComObject "WScript.shell"
$objFolders = Get-ChildItem $strLocation -Recurse -Filter $strExtension
$intCounterMax = $objFolders.Length
Write-Host "Processing Shortcuts..."
ForEach ($I in $objFolders)
{
$x = $sh.CreateShortcut($I.fullname)
$strUserId = (($x.FullName).Split("\"))[1]
$strOwner = (get-QADUser $strUserId).Name
$objTemp = New-Object PSObject
$objTemp | Add-Member -membertype Noteproperty -Name Owner -Value $strOwner
$objTemp | Add-Member -membertype Noteproperty -Name Name -Value $strName
$objTemp | Add-Member -MemberType Noteproperty -Name TargetPath -Value $x.Targetpath
$objTemp | Add-Member -MemberType Noteproperty -Name Arguments -Value $x.Arguments
$objTemp | Add-Member -MemberType Noteproperty -Name WorkingDirectory -Value $x.WorkingDirectory
$objTemp | Add-Member -membertype Noteproperty -Name FullName -Value $x.FullName
$objShortcuts += $objTemp
$intCounter++
Write-Host "["$intCounter"/"$intCounterMax]" User: " $StrOwner " " $StrName
}
$objShortcuts | Export-Csv $strResultFile -noTypeInformation
Write-Host "Done."
Powershell Quick reference
Eric sloof posted a link to a Powershell Quick Reference sheet. The download from the Microsoft site gives a word doc in ‘legal’ format.
I converted it to A4 for an easy print.
Powershell quick reference A4 (76.0 KiB, 189 hits)
Quick Migration for VMware
Earlier this year VMware released the VMware Infrastructure Toolkit (for Windows). This was a new PowerShell interface for VMware Infrastructure 3. I’m a big fan of the power and simplicity of PowerShell so I thought I’d try to create something with the script and show it off during my talk at VMworld on Deploying VMware in a Microsoft Shop. The question is what do I create? Well, there has been some great debate of Microsoft’s Quick Migration and VMware’s VMotion and are they equal or not, do they solve the same problems, etc. This post isn’t to go back into that debate. One of the things that was also brought up over and over again in the debate was the fact that Quick Migration was free and came with Hyper-V since it was based on Microsoft Clustering whereas VMware VMotion was only available in the most expensive Enterprise SKU of VMware Infrastructure. So there it was – I need to create Quick Migration for the lower priced and free VMware solutions. I went off, built my little script, and showed it off at VMworld. There was a GREAT response to it so I’m posting it here for others to use or improve upon however you see fit.
The script works just like Microsoft Quick Migration – the virtual disk is stored on shared storage, the VM is suspended to disk, and the VM is then resumed on the destination. Presto! Here’s a quick video:
To set this up in your environment you’ll need a few things:
- 2 VMware Infrastructure 3 hosts
- Windows PowerShell (and all of the pre-requirements for that if needed)
- VMware Infrastructure Toolkit (for Windows)
- The VM Migrator script from me
- A VM you want to migrate – it doesn’t matter what the guest OS is
Once you’ve got all of that you’re ready to go. Assuming you have Microsoft PowerShell installed and the VMware Toolkit installed on top of that you should be ready to run the script. PowerShell has some built-in security so you might have to either (a) answer yes when it prompts you to run unsigned scripts, (b) sign this script and make it yours, or (c) Set-ExecutionPolicy unrestricted. After you’ve got all of that sorted out just run the script by opening a new PowerShell window, changing to the path of the file, and running it using ./vmmigrator-1.0.ps1. The script will prompt you for the VirtualCenter address and an appropriate username and password to connect to it. You’ll next prompted for which VM you want to migrate and where you want to migrate it to. The script does some rudimentary checking for network, datastore, and connected devices before it will let you migrate.
Some last minute notes:
- I’m not a developer or scripter by trade. This thing can probably be improved a lot. Feel free to do just that.
- You can post the script or your modifications wherever you want. I just ask for a courtesy link back to here as well.
- Unfortunately the free ESXi has a VERY limited API set enabled in the current 3.5 U2 release. This script won’t work with it. I’ve brought this to the product manager’s attention and I’m hoping we can open the API set up to everything shortly. Not really sure why it was restricted in the first place. For now you’ll need at least the Foundation SKU of Virtual Infrastructure.
Some future things I’d like to do with this:
- I say the script requires shared storage right now but actually it doesn’t. The PowerShell cmdlet that does the migration actually does a “Relocate VM” which will move the storage for the VM from one internal datastore to another. That process is SLOW but it does work. Right now the script is hard coded to keep things on the same datastore. With some slight modifications it can do a Quick Migration with 2 standalone hosts. I’ll probably make a version 2 that will do that.
- I’d like to integrate this into PowerGUI so you can just right-click on a VM in Virtual Center and run this script which will do a Quick Migration to a host of your choice. That project is a little further down my to-do list.
I hope you enjoy the script. Feel free to leave comments to let me know if this is useful or not.
Source: http://mikedatl.typepad.com/mikedvirtualization/2008/10/quick-migration.html
