|
How do you share scripts with a group of people? Right now, our department just has a handful of scripts on a shared network drive that I just alias in Powershell and just call that way. On another note, do you post your scripts publicly on GitHub or other sites to put on resumes? It sounds like a good idea, but my scripts have so much company-specific parts I'd have to scrub that I don't know if it'd be worth it.
|
#
?
Apr 19, 2016 01:28
|
|
|
|
| # ? May 13, 2024 22:10 |
|
|
beepsandboops posted:How do you share scripts with a group of people? Right now, our department just has a handful of scripts on a shared network drive that I just alias in Powershell and just call that way. We're working on getting all of our scripts in github at the the moment to avoid any (more) fuckups. I do keep a few of my (scrubbed) scripts in my personal github in a /scripts repo that I guess could work as a mini showcase of what I can do. I probably wouldn't put it on a resume but when the question comes up in an interview I could point them over to it. I also keep my profile in there and that helps a lot.
|
|
#
?
Apr 19, 2016 03:49
|
|
|
What's the generally accepted practice with scripts you wrote at work and sharing them on the internet? I wrote some (well I think, anyways) pretty impressively elegant scripts that would genericize/sanitize easily that I would like to put up on github at some point. However at least one creepy dev at my last office has found and is following me on github now and it would be pretty easily attributable to me as I was pretty prolific with introducing powershell to our workflow.
|
|
#
?
Apr 19, 2016 12:14
|
|
|
Hadlock posted:What's the generally accepted practice with scripts you wrote at work and sharing them on the internet? I wrote some (well I think, anyways) pretty impressively elegant scripts that would genericize/sanitize easily that I would like to put up on github at some point. However at least one creepy dev at my last office has found and is following me on github now and it would be pretty easily attributable to me as I was pretty prolific with introducing powershell to our workflow. Check your contract. Generally stuff you code at work is owned by your company.
|
|
#
?
Apr 19, 2016 12:32
|
|
|
Been learning a lot more about functions and working with parameters for input. Right now I'm trying to write a script that accepts input via parameters, then passes the input on to a function. However, I think Powershell is getting tripped up b/c the parameters are named the same. Is there a good way to design around this? Exactly how rear end-backwards am I writing this? code:
|
|
#
?
Apr 21, 2016 01:51
|
|
|
beepsandboops posted:Been learning a lot more about functions and working with parameters for input. I'm by no means an expert, but you can prompt for user input using Read-Host instead of setting parameters twice. I personally don't see the point in using a function here since you just end up calling it once directly in the script. (Learning I guess) You don't seem to use $departureDate itself anywhere, so I'd just have it add the 18 hours from the get go instead of setting two different variables. You don't need the $task variable, don't need to use New-ScheduledTask, just Register-ScheduledTask. code:
|
|
#
?
Apr 21, 2016 06:01
|
|
|
As an effort to clean up our horribly maintained Active Directory Users OU, I've put together a project that I know can be done in powershell, but working out the logic for it has been a challenge for me thus far. The goal of this was to use a script to pull all of the user's in an OU down to a .CSV file, make sweeping changes and corrections in excel, then populate AD with that new information. I've gotten the first half of that to work. the CSV file generates with all of the requisite fields. Repopulating the attributes seems to be odd. I've made sure my objects and variables are set correct, and the column headers in the csv file match the variables in the script but only part of the attributes apply. Example - when applying the address tab information, sometimes the city will change, sometimes it won't, country never changes and I'm not sure why. Total PS newbie, so any help is appreciated. e: tried to edit for forum viewing D: sorry if I'm breaking tables. code:
|
|
#
?
Apr 22, 2016 18:08
|
|
|
What format are you specifying the country in? AD wants it as a two letter code as specified by ISO 3166. By default, Set-ADUser doesn't return any output to the pipeline if you don't use the PassThru parameter. So if you do Get-ADUser | Set-ADUser | Set-ADUser | Set-ADUser | Set-ADUser, as it looks like you're doing from the formatting there, and none of the Set-ADUsers have -PassThru specified, only the first one will actually complete, the rest have no idea which user object they would be operating on. Rather than doing 4 calls to Set-ADUser, it might also be better to just do the one, and to use splatting (type "help about_splatting") to help make things look more manageable. code:
|
|
#
?
Apr 23, 2016 12:58
|
|
|
PBS posted:I'm by no means an expert, but you can prompt for user input using Read-Host instead of setting parameters twice. I'm still figuring out how to put it all together, but I just got Powershell Step by Step so hopefully that will help me understand how it fits
|
|
#
?
Apr 27, 2016 19:05
|
|
|
So after writing a bunch of poo poo today I learned Forms cannot be passed to remote computers regardless of pssession or invoke command. Is best practice to create a secondary powershell or batch script and open that with invoke command? Or is there a better way to get a remote computer to display a message box with an input text box that writes to a file? Also, if a computer has a default security setting to not allow powershell execution, will invoke command fail when trying to execute it? Or will invoke command somehow use my admin credentials to bypass the security?
|
|
#
?
Apr 28, 2016 01:00
|
|
|
Judge Schnoopy posted:So after writing a bunch of poo poo today I learned Forms cannot be passed to remote computers regardless of pssession or invoke command. Is best practice to create a secondary powershell or batch script and open that with invoke command? Or is there a better way to get a remote computer to display a message box with an input text box that writes to a file? You want the remote computer to display a message to and request input from whatever user is currently logged in on the console? I believe you will need to somehow launch a new process for the user under their login session for that to work. Otherwise you'll probably run into session 0 isolation. Assuming the account you use for remoting to the computer has local administrator, I think you can create a scheduled task that runs one time, as the currently logged in user, and then point it to some script file you've either copied to the machine, or on the network.
|
|
#
?
Apr 28, 2016 06:16
|
|
|
Ok so the base idea here is I'm trying to troll a coworker at my company. He said he uses sleep mode every night, I told him it's a terrible idea and to stop doing it, he said he'll continue doing it every day out of spite. I have a powershell script that looks through his event logs for Event 42, sleep mode. If found, it notifies me through write-host. I want to make a very official looking error box saying something to the tune of him being detected for out-of-policy IT practices and to submit his apology in a text box. The apology is then written to a csv with the computer name and date. Locally, this works great. Remotely, I can get it to search through his event viewer and trigger on the event, but the error box will not appear on his screen (it's either my screen or an error). I've tried using InputBox in VBScript, sending the vbs to the remote computer and using powershell to execute it, but again the box doesn't actually appear since it's not in the user's context. I'm out of ideas. Using c:\windows\system32\msg.exe works to execute a message on his screen but can't accept input and has my name attached to the window. The premise sounds extremely trivial and dumb when I'm typing this out but at this point I'm finding it's a good exercise in thinking deeper with powershell to solve problems. Any ideas?
|
|
#
?
Apr 28, 2016 16:32
|
|
|
The actual best solution I'd say, would be to use the Task Scheduler to define a task running interactive as the user and have it trigger on the appropriate event. That or PSEXEC are your primary choices for getting a program to run on an interactive desktop from remote. Or if you do prefer to search through the event log with PowerShell (remotely?) and then trigger it to run from that, use New-ScheduledTask to create one that runs as his user, when he is logged on, right away or a few minutes later.
|
|
#
?
Apr 28, 2016 21:23
|
|
|
I ended up using his local task scheduler and storing the pop up script on his machine. I'll have to check apology.csv manually since he doesn't have write access to my machine.
|
|
#
?
Apr 28, 2016 23:10
|
|
|
Judge Schnoopy posted:I ended up using his local task scheduler and storing the pop up script on his machine. I'll have to check apology.csv manually since he doesn't have write access to my machine. Create a local share and give him write access to a single folder.
|
|
#
?
Apr 28, 2016 23:26
|
|
|
edit: late to the party
|
|
#
?
Apr 29, 2016 01:26
|
|
|
Does anyone know of a convenient way to interactively pick an OU (to create some object in) from AD, in a script? I can probably write something myself to make a basic menu kind of thing, but maybe something already exists.
|
|
#
?
May 9, 2016 13:56
|
|
|
nielsm posted:Does anyone know of a convenient way to interactively pick an OU (to create some object in) from AD, in a script? I can probably write something myself to make a basic menu kind of thing, but maybe something already exists. If you are just looking for the UI part and not the interacting with AD part: https://technet.microsoft.com/en-us/library/ff730949.aspx
|
|
#
?
May 9, 2016 14:27
|
|
|
Ended up writing a simple CLI menu function:code:
|
|
#
?
May 10, 2016 10:50
|
|
|
Edit: Solved the below. I was looking for Convertfrom-CSV, e.g. "$CSV = $testData | Convertfrom-CSV" I'm writing a connection test script that's going to be run from lots of remote client computers which we have little/no control over. I have a CSV of service names, IPs, and ports but would rather keep the data in the script instead of copying down & importing a CSV file on run time. Also do not want to save any new data on the remote computers Can I keep the CSV data in the script file without writing a PS object/array for it? (i.e. copy the text directly from the .csv into the script) example: $testData = "Function,HostName,PublicIP,Port Circus, gotothecircus.com,69.69.42.42,443 Slides,fun.slidesrule.net, 69.69.42.69,21" "$csvObject = $testData | import-csv" doesn't work 
Roargasm fucked around with this message at 18:38 on May 12, 2016 |
|
#
?
May 12, 2016 18:34
|
|
|
Roargasm posted:Edit: Solved the below. I was looking for Convertfrom-CSV, e.g. "$CSV = $testData | Convertfrom-CSV" You beat me to it, but I did it a little differently. I put the $testdata into a here-string. code:
|
|
#
?
May 13, 2016 16:39
|
|
|
So good news is I've gotten my script to pull the testing OU into a CSV file, and I can edit it and push it back out to AD. The bad news is, no matter what I change my $searchbase to, it only pulls from the Testing OU. Any ideas? I've bounced this off of different domain controllers, and ran the script off of a VM that's parked in our DC thinking maybe there was some VPN lag issues with running it from my laptop. I'm sort of at a loss here. ex. code:
|
|
#
?
May 23, 2016 05:55
|
|
|
slightpirate posted:So good news is I've gotten my script to pull the testing OU into a CSV file, and I can edit it and push it back out to AD. That code is just assigning some variables. Are you actually passing that to your Get-ADUser command as well?
|
|
#
?
May 23, 2016 08:13
|
|
|
Nielsm - Thank you! Admittedly, I was trying to put this together at 4am and totally missed that I had set up my variables for the search, but didn't actually have any instruction in my Get-aduser string to use said variable. It's working great now! I can change the Searchbase variable and it publishes it to a .csv file promptly.code:
|
|
#
?
May 23, 2016 15:24
|
|
|
Is there a preferred way of enabling remote powershell administration for a bunch of windows 7 computers? I was thinking about setting a login script with enable-pssremoting -force -confirm
|
|
#
?
May 25, 2016 23:30
|
|
|
Group policy for the powershell remote service works. The single setting sets the service to automatic on startup, opens the listening port, and assigns an acl for allowed IPs initiating the connection. I set it up and was running pssessions without any issues the next day.
|
|
#
?
May 26, 2016 02:04
|
|
|
So my next little pet project is figuring out how to load a few things and I need some help squaring up the logic on this. The idea here is to take a list of users from a .csv file, see if they are in AD and make some changes to them. If they are present check to see if they are a member of a certain group. If they are, remove them from the group, disable the account, and move the user object to the disabled accounts OU. If they are present in AD, but aren't a member of that group, disable the account and move them to the disabled OU. If the user isn't present at all in AD, write-host that they aren't present in AD and keep processing users. How do I hand off the first check to the rest of the stack? Here's a rough outline code:
|
|
#
?
May 26, 2016 17:00
|
|
|
slightpirate posted:So my next little pet project is figuring out how to load a few things and I need some help squaring up the logic on this. The idea here is to take a list of users from a .csv file, see if they are in AD and make some changes to them. If they are present check to see if they are a member of a certain group. If they are, remove them from the group, disable the account, and move the user object to the disabled accounts OU. If they are present in AD, but aren't a member of that group, disable the account and move them to the disabled OU. If the user isn't present at all in AD, write-host that they aren't present in AD and keep processing users. (disclaimer: I'm no pro) code:
|
|
#
?
May 26, 2016 18:17
|
|
|
e: ^^ That'd work too.slightpirate posted:So my next little pet project is figuring out how to load a few things and I need some help squaring up the logic on this. The idea here is to take a list of users from a .csv file, see if they are in AD and make some changes to them. If they are present check to see if they are a member of a certain group. If they are, remove them from the group, disable the account, and move the user object to the disabled accounts OU. If they are present in AD, but aren't a member of that group, disable the account and move them to the disabled OU. If the user isn't present at all in AD, write-host that they aren't present in AD and keep processing users. Assuming you're working with a csv file similar to the import-csv help dialog, like so: code:code:Mo_Steel fucked around with this message at 18:33 on May 26, 2016 |
|
#
?
May 26, 2016 18:25
|
|
|
To check for group membership, you can use something along these lines. It checks if the group is a part of the ADuser.memberof property, rather than looking if the user is a part of the group. Roughly equivalent, but you'll be loading up the user object anyway and it'll usually be slightly quicker to iterate through groups rather than members, though it's fractions of a millisecond.code:
|
|
#
?
May 26, 2016 20:23
|
|
|
If you want to remove users from particular groups when disabling them, I'd do something like what sloshmonger suggests, but maybe turn it around a bit.code:There's really lots of ways to handle it.
|
|
#
?
May 26, 2016 21:23
|
|
|
I've just upgraded my Win7 laptop to Win10. I'm missing the package management cmdlets. Find-module, find-package etc. What gives? There they are, I had to run as admin. Go me! Swink fucked around with this message at 12:21 on May 27, 2016 |
|
#
?
May 27, 2016 12:17
|
|
|
Mo_Steel posted:e: ^^ That'd work too. I'm not well versed in how this output can be carried into other commands. So lets say John.Smith is an active user account and is part of the ProjectUsers AD group, and is the Users OU. Jane.Williams is an active user account who is not in the ProjectUsers AD group, but is in the Users OU. The goal is to get both of them into the Disabled Users OU, without group memberships (aside from Domain Users) and to have their accounts disabled. I know that's a little redundant, but its cleaner on our side. Our auditors are weird. Normally I'd do this on a onesy-twosy basis, but our Auditor sent us a list of about 360 users that need to be stripped, disabled, and shoved into a different OU. This is all really good information guys, and I really appreciate the help.
|
|
#
?
May 31, 2016 16:09
|
|
|
Today I wrote a script to poll a bunch of IP addresses (I was trying to find a specific host among an otherwise empty subnet. Document your networks plz) It was super quick and dirty and I used this little trick which I thought was worth sharing "1..100" builds a nice array of numbers. code:
|
|
#
?
Jun 2, 2016 10:54
|
|
|
Here's what I have so far, and it seems to work pretty well. The only complaints I have is that when it can't find a username in AD, it outputs a big block of text. I'd prefer it to just make a single line of "$user.samaccountname was not found!" The second issue is that it asks for a confirmation for every remove-adgroupmember, any ideas on how to set a blanket confirmation? Any good way to set a log file output of what its doing? Other than that, it seems to pass along everything else fine. Users that are part of of the group or not, so long as they are on the list get stripped of the specified AD group, disabled, and filed away in a disabled users OU! code:
|
|
#
?
Jun 3, 2016 02:04
|
|
|
slightpirate posted:Here's what I have so far, and it seems to work pretty well. The only complaints I have is that when it can't find a username in AD, it outputs a big block of text. I'd prefer it to just make a single line of "$user.samaccountname was not found!" If it's getting angry red text when you call an invalid user you can try something like this when calling Get-ADUser (I haven't tried it in a for loop, check to make sure one errorvariable doesn't carry over or something silly to the next name and fill your screen with messages): code:slightpirate posted:The second issue is that it asks for a confirmation for every remove-adgroupmember, any ideas on how to set a blanket confirmation? By default it asks for confirmation, but if you're really sure, use the -Confirm switch: code:slightpirate posted:Any good way to set a log file output of what its doing? Once you have it in a saved script, you could call it like so: code:Mo_Steel fucked around with this message at 06:41 on Jun 3, 2016 |
|
#
?
Jun 3, 2016 06:39
|
|
|
Get-ADUser is actually rather annoying re. error handling. When you use the form with -Identity (the default) it will throw an exception and not raise an error, when no object is found. Passing -ErrorAction does nothing about that. You have two options: 1. Catch the exception with try..catch 2. Search with -Filter instead code:code:
|
|
#
?
Jun 3, 2016 13:08
|
|
|
So... a job I am applying for asked me to do create a script as part of the interview process. Kinda strange because what I'm doing doesn't require too much scripting but anyways I got most of it done but I'm just hoping someone can point me in the right direction for a couple things last things. Not looking for an exact answer as I am going to get questioned on the script code I write anyways but perhaps which cmdlets help files I should be looking at or pointing me in the right direction. - Script invokes user enter 1 to 10 names separated by commas - I put assign those names into a variable array using .split(".") How would I check the array to make sure there is between 1-10 entries and not blank? I assume use an if statement with <=1 -And >=10 but I'm not sure how to write the syntax for it to check the actual variable? Another thing is to test a folder path where prior to running export-csv to it, the path will be inputted by a user and.. lastly is there anyway to export to csv in a nice table like what appears in format-table since that doesn't work with export-csv ?
|
|
#
?
Jun 7, 2016 00:42
|
|
|
CSV is always going to look the same, it's a standard. Format-Table always needs to be near the end of your manipulation because it adds a bunch of junk to make things pretty. Leave everything as objects as long as possible.
|
|
#
?
Jun 7, 2016 00:53
|
|
|
|
| # ? May 13, 2024 22:10 |
|
|
Another thing, to help you help yourself. Create a string $UserInput = "a,b,c,d" Now type this: $UserInput | Get-Member It will give you a list of "Methods" One of those methods will turn your string into something very useful. For syntax, you'll type something like: $UserInput.ToUpper() The parentheses sometimes need stuff inside them, you can tell because the Definition for the method will have the word Params inside. So if you use the TrimEnd method, you need to specify how many characters to trim. Edit: For eliminating empty elements, I don't want to give away too much, you should be able to Google this, but you might find a very good answer that looks almost as impenetrable as that goofy linux fork bomb ){:|:&};:There are a few aliases and special characters in Powershell you should know. ? = Where-Object % = ForEach-Object | = Pipe, commandlets are like little factories and the pipe makes the object from the last command shoot into the next one. $_ = The input I got from the pipe Dr. Arbitrary fucked around with this message at 01:15 on Jun 7, 2016 |
|
#
?
Jun 7, 2016 01:00
|
|