Powershell Tuesday Quick Tip #5

Here’s another one from the easy but annoying to rethink stack.
People, as someone once said, are ‘squishy and move around a lot’. Not only do they move but they change and sometimes the change involves their names.
For example, the customer service person gets married or the sales manager gets divorced.(Hopefully not for the same reason – but that’s a different blog)

So you can either fire up the Active Directory tool of your choice (ADAC or ADUC) OR switch over to your PowerShell console that you have open already.
… you DO have it open already right?

Set-AdUser -Identity Leia -Surname 'Solo' -DisplayName "Leia Solo"
Set-Mailbox -Identity Leia -PrimarySmtpAddress 'LeiaSolo@NewRepublic.gov' -EmailAddressPolicyEnabled:$False -DisplayName 'Leia Solo' -EmailAddresses @{add ='LeiaOrgana@NewRepublic.gov'}

The first line “Set-ADUser” changes Leia’s surname to Solo and corrects her display name. The second line, “Set-Mailbox” changes her primary email address to “LeiaSolo@NewRepublic.gov” along with her display name while adding her original email address back in as an alternate. This is so Leia will continue to get email from some people that haven’t gotten the happy news yet.

These two lines require that you have the Active Directory module and a remote session to either Office365 or your Exchange server.

Next week I’ll be blogging from the PowerShell + DevOps Global Summit in beautiful Bellevue WA!


Powershell Tuesday Quick Tip #4

I know, I know- stop using RDP to manage devices. The fact is some tech support issues are solved faster and easier if you just remote into the user’s PC. This is particularly true in a small business where perhaps GoToAssist and other such tools are not in the budget.

But what if the pc doesn’t have RDP enabled? Today’s tip fixes that on domain joined machines.
First let’s check…

$PC = "mycomputer.domain.com"
#Determine if Remote Desktop is enabled - 1= enabled 0= Disabled
Get-WmiObject -Namespace 'root\cimv2\TerminalServices' -Class Win32_TerminalServiceSetting -ComputerName $PC -Property allowtsconnections|
Format-List AllowTsConnections

Ok so it came back with a 0, let’s correct that.

$PC = "mycomputer.domain.com"
(Get-WmiObject -Namespace 'root\cimv2\TerminalServices' -Class Win32_TerminalServiceSetting -ComputerName $PC).setallowtsconnections(1)

And done!

Once you’ve finished, if you want, reverse the process with a value of (0) for setallowedtsconnections

Of course – if you CAN, it’s even faster an easier to fix things with Powershell remoting. Sadly, not every application is PSAware 🙁

See you next week!

Powershell Tuesday Quick Tip #3

Printer Tricks

This week is a 2-for-Tuesday! Two basic printer tricks.
These come in really handy when troubleshooting the “I can’t print” help desk tickets. Like a lot of these types of one-liners, you have to be in the same domain as the target pc.

First, we can get the printer queue for a pc.

$pc ='Mycomputer.mydomain.com'
Get-WMIObject Win32_PerfFormattedData_Spooler_PrintQueue -ComputerName $pc|
Select-Object Name, @{Expression={$_.jobs};Label='CurrentJobs'}, TotalJobsPrinted, JobErrors

Secondly, there is this one to clear the printer queue

$PC = "mycomputer.mydomain.com"
get-wmiobject win32_printer -filter “Name='MyPrinterName'” -ComputerName $pc|
foreach {Write-verbose “Cancelling all jobs on $($_.Name)” $_.CancelAllJobs()}

*Note: For the “Clear Print Jobs” snip to work, you need to know what the printer is called on the target pc.

That one is handy for those times when someone has tried to print a poorly formatted file that puts the printer’s PCL logic into a tailspin. You can reboot everything but until you cancel that job, the printer will keep getting bogged down. It’s especially fun when you have 10+ people sharing a printer. This way you can wrap a “foreach” loop around the code and “Bob’s your uncle!”

Until next time!

Powershell Tuesday Quick Tip #2

This week is an easy one. Cleaning up Active Directory of old computers. Sometimes a machine gets retired or just completely craters and in the haste to get the user back up and going…. some clean up is forgotten. Easy to fix. this little snippet returns the time since PC has logged into the domain in DDD.HH:MM:SS format

$timespan = '90.00:00:00'
Search-ADAccount -AccountInactive -ComputersOnly -TimeSpan $timespan|
Foreach-Object {Write-output $_.name} 

Of course it’s easy to add

 |Export-csv -Path C:\OLDPC.csv 

to the pipeline which gives you a CSV file to review and feed into a “Delete-OldComputer” oneliner!

See ya next week!

Powershell Tuesday Quick Tip #1

Let’s see how many Tuesdays I can do this!  The goal: a quick oneliner or at most 2-3 lines of code to do something timesaving and useful. For the Powershell gurus some may be simplistic but I can vouch that these all WORK as of spring of 2018. Which is more than you can say for some of the stuff that comes up for a Bing/Google (Bing-gle) search.

So today’s is something that came up today. I needed to change the mailbox/calendar settings on Rooms for meeting reservations in Outlook.

PROBLEM: By default, a Room mailbox only publishes meetings as “Busy” for any but the organizer.  So when other people really need that room, they don’t even know who to contact about maybe changing times around.


Get-Mailbox -Filter {(RecipientTypeDetails -eq "RoomMailbox")}|
ForEach-Object {Set-CalendarProcessing "$_" -AddOrganizerToSubject $True -DeleteComments $False -DeleteSubject $False}

Of course you have to be connected to Office 365 in your Powershell session first. Instructions on that are detailed here: Microsoft Docs 

See ya next week!

2018 – Ready, Set, GO!

We all know the usual platitudes around the new year. We’ve heard them, we’ve said them, and it’s the same every year. “New Year, New Me”, “This is my year!” or the ever-increasing spate of diet and fitness articles books and well-meaning resolutions. It’s our traditional or perhaps even natural tendency to look forward optimistically, to prepare to succeed in the New Year. Sometimes, that’s where we stop.

Our seemingly bottomless pit of procrastination seems to be dug with a shovel labelled “Preparation”. We have phrases like “Proper Preparation Prevents Piss Poor Performance”, and “He who fails to prepare, prepares to fail”. These truisms exist because they are true.  But coupled with an overactive ‘inner critic,’ preparation quickly spirals into the abyss of procrastination.

Most people have experienced this. We plan to do things. We make lists, we study, we prepare. But then things slip to the side a bit. We feel uncertain or hesitate for whatever reason. So, we review the lists and plans. This of course leads to revising the lists and plans and the cycle starts again. Notice what is missing? The ‘doing of the thing’.

Stop preparing to prepare!  –Matthew Parks, Sr  (paraphrased)

We’ve all been guilty of it to some degree, but it seems to be far worse when venturing into unfamiliar territory. We want to be certain that we’re not making a mistake, or that we won’t look foolish. In short, we fear failure.

How do we break the cycle? Honestly, I’m not sure the ‘best way’. Trying to find the best method/cure/path to righteousness/whatever is how we get stuck in that cycle to start with! So I propose to simply pick a path, perhaps not the “best path”, just “a path”.  Take a few steps and see if it hurts. See if there are any obvious pitfalls ahead. You can usually change course if it looks too bad. Meanwhile each step takes you further from the Pit of Procrastination.

I’m not saying to go against all the truisms and advice and just jump into things without preparation or caution. That would be foolishI’m saying let’s try to not get stuck in the prep and never do the thing.  How will it turn out? We’ll just have to see, won’t we?

Meanwhile I’ve written an entire blog post on procrastination, based on my thoughts about how to stop procrastinating on writing a blog post. <shakes head>

“Dilly Dilly!”

Have a great year!

How a cloud service pays for itself in one emergency

Imagine this scenario: It’s Friday evening and a storm that was going to hit a nearby town veers off toward your corporate HQ. Suddenly you are looking at torrential rains and flooding of biblical proportions at your corporate HQ. Oh, and to top it off it’s your major stocking location for your national distribution business.

We weren’t imagining this when Hurricane Harvey dropped trillions of gallons of rain on the Houston area. Of all the Disaster Recovery and Business Continuity plans the one that was so very very simple was email and communication. We had already transitioned all of that to Office 365. What was our DR/BC plan for email and other written communication? We didn’t need to worry about the service.  We simply made sure that key people had laptops and good to go!

Of course, all wasn’t peaches and roses.

We have a couple of areas in the business that were still using on-premises file servers. The users trying to access those servers had to use a VPN (an uncommon occurrence for many of them). That was awkward and strained our licensed capacity for VPN connections, but it wasn’t a major ordeal. Guess who is going to be pushed toward SharePoint Online Document Sites? You betcha!

The other pain point was our legacy IBM PowerSystem. None of our locations lost power/connectivity during the storm, but we watched it like a hawk to determine if we should failover to the DR site. If that system was in a cloud bank in Arizona, there is less chance of hurricane issues.

True enough, cloud-based systems have their own set of problems. However, if you go with a geo-diverse plan, the likelihood of a big storm/blizzard/earthquake halting your business are greatly reduced. This is in addition to all the typically touted benefits of OPEX vs CAPEX, hardware maintenance and all that.

The moral of the story: If you work in a hurricane zone – pay attention to the cloud.



TechMentor Redmond 2017 – the short(ish) version

What is TechMentor? The answers range from the serious business case to the snarky, depending whom you ask and when. The short answer: it’s a tech conference focused on education for IT Professionals. The long answer can be found here on their site.  For me, it’s a recharging of my mental batteries and a chance to learn a lot and see some fellow IT folk I only see at these things.

I’m not going to do a day by day because this is 5 full days of learning, both from the speakers and the fellow attendees. I promised a short post so here it goes!

1. We are not doing enough for security (duh) and we’re not alone in that. While our situation isn’t as dire as some, it’s not as good as it can be. After this week I have the tools needed to address some of this.  

2. I could be wringing a lot more use out of Azure Active Directory for not alot more money. Things like Dynamic Groups based on user’s AD attributes and assigning Office 365 features based on group membership.

3. We all need to move from “Classic IT” to “Modern IT”. That is, from spending time redeploying software and images on OEM pc’s to simply updating what came on them to what the business user needs to function. *Hint* The Windows Configuration Designer is key here for SMB’s. This feeds into the concept of Windows as a Service.

4. If you’re going to make good training videos, the gear and the environment is as important as the software to record. A LOT of dollars can be spent to generate professional grade educational videos, but it also appears that if you aren’t TOO picky, you can get moderate grade gear for a couple of hundred bucks.

5. Building custom Desired State Configuration Resources isn’t as hard as I thought. It’s not EASY, but if you can build a function and know a few tricks of formatting it’s do-able. That’s my first blush after a good intro to the subject this week. We’ll see if I feel the same after I get knee-deep into making one. Good thing I met an expert or two on this.

6. REST and SOAP calls in PowerShell aren’t nearly as complicated when you have a good teacher walk you through it. What can be complicated is the what you do  with the info you get back. This has some really interesting ideas churning in my head.

7. Regular Expressions aren’t as hard when you understand what the engine is doing behind the scenes. It’s also good to have a tool test your expressions before you turn it loose in the world.

That’s seven key takeaways in broad strokes. Now to use a “bonus thing” I learned and deconstruct those broad items into projects and tasks.

Not bad for 5 days…..

Windows 2016 and DSC – Like Peanut Butter and Chocolate

We’ve all heard about DSC, right? Sure you have. Maybe you’ve been playing around a bit in labs or using for test environments. Why haven’t we all taken the plunge to Infrastructure as Code ( or more accurately Infrastructure from Code)? Because it’s hard, and we’re busy?

Likely, it’s because we don’t have the opportunity to go all ‘greenfield‘ in our daily jobs. Most of us live in the depressingly named ‘brownfields.’ We have servers already, we have workloads on them that are of different importance to our companies. We can’t just rip everything out and replace it! Oh but wait! Most of those machines are running older versions of Window Server or have old hardware. We’re going to need to do an upgrade/replacement plan anyway.

I know a lot of us have those old servers that run some important job. Maybe we virtualized when the hardware broke, but otherwise, they are still on 2008 or god forbid 2003. We can’t manage them with the latest tools because they have an old version of PowerShell ( if at all). We want to get rid of them, but what a daunting task!

Why not combine these two tasks? Two birds one stone and all that. Build out a pull server, and rebuild your infrastructure the “Modern” way. Don’t upgrade those VM,s construct new ones and shift the workload over. That ensures the cleanest installation and configuration. Since you’re configuring them from scratch, why not do it with DSC?

Here’s what I’m in the middle of right now: I have several physical servers at or near the end of life. I have a few 2008 servers still lingering. I want to get all my servers on 2016 to take advantage of several newer technologies. To make our Hyper-V hosts more efficient, I want to move as much as possible to Server Core.  I had used DSC for several small servers but not in a truly ” production ” manner. Time to upgrade!

Here’s my plan in broad terms:

  1. Build out a pair of new load balanced secure Pull Servers – using DSC Push Mode.
  2. From there, make a BASE configuration shared by all servers and inject that MOF into the image I’m using to build new VMs. This base config contains things like domain join, setting up the LCM with where to look for the pull server, network set up, etc.
  3. Create configurations for the server Archetypes – File Server – Web Server – App Server – Backup Server – Domain Controller – etc.
  4. Write some basic Pester tests to verify that the configurations are doing what I expect.
  5. Start standing up servers, pushing configs and testing. Once tests pass…..
  6. Move to production mode!

At some point, I plan to move the whole shooting match from Github to Visual Studios Team Services for source control and test beds. It would be nice to be able to apply a MOF file to a VM in Azure, run pester tests, and upon a full pass, have it deploy that new MOF to the on-site pull servers. But that’s a learning curve for another day!