Quantcast
Channel: Windows PowerShell forum
Viewing all 21975 articles
Browse latest View live

Getting Strange Error when running connect-msolservice powershell command on Windows 2016 Servers

February 20, 2019, 2:37 pm
$
0
0

I think I had this in the wrong forum...

Pre-requisites already in place:

  • configured TLS 1.2
  • disabled many of the RC4 and other default ciphers as well as disabled SSL 2.0,
    3.0, and TLS 1.0/1.1
  • set up the Registry Key for Strong Cryptography as well (SchUseStrongCrypto)
  • On all of our 2016 servers

When I try to run any thing, from powershell that requires connect-msolservice... I
get pop-up window for authentication except the pop-up window gives me this weird
script error when I execute the powershell command connect-msolservice

What do I need to configure to fix this?

I have tried some of the steps here:

https://social.technet.microsoft.com/Forums/ie/en-US/8a21fa0c-6f3a-4d57-beac-38e51fce730e/unable-to-open-httpsloginmicrosoftonlinecom?forum=ieitprocurrentver

HEre are some of the errors

SCRIPT5022:[Retry 0] Failed to load external resource ['https://aadcdn.msauth.net/ests/2.1.8600.7/content/cdnbundles/convergedloginpaginatedstrings-en.min_ojdp3evnemcetlncdp3r4w2.js'],
reloading from fallback CDN endpoint

SCRIPT5022: [Retry0] Failed to load external resource ['https://aadcdn.msauth.net/ests/2.1.8600.7/content/cdnbundles/converged.v2.login.min_xu7km3oxm4bwp2b-mqyozg2.css'],
reloading from fallback CDN endpoint

authorize (34,5052)

SCRIPT5022: [Retry1/2] Failed to load external resource ['https://aadcdn.msauth.net/ests/2.1.8600.7/content/cdnbundles/oldconvergedlogin_pcore.min_sc5qlbv9sqfvm1lnbodgkw2.js'],
reloading from fallback CDN endpoint

authorize (34,5052)

I have also tried resetting the IE explorer settings and making sure TL1.0 and 1.1 is disabled in the IE explorer settings...

And have met no success...

Is this an issue with ModernAUTH or an issue with our CDN Endpoints for our tenant?

One more piece of the puzzle... 

connect-msolservice works fine on our 2012 R2 Servers if I evoke it with connect-msolservice -Credential $(get-credential) on the 2016 servers it works...<cite style="margin:0in;color:#595959;font-family:Calibri;font-size:9pt;"></cite>

<cite style="margin:0in;color:#595959;font-family:Calibri;font-size:9pt;"></cite>

Any ideas?<cite style="margin:0in;color:#595959;font-family:Calibri;font-size:9pt;"></cite>

Search

Replacing all addresses in proxyaddresses with array

November 6, 2014, 11:20 am
$
0
0

we have local AD that synchronizes to O365

we are adding a new email address with new domain to all users in two phases.

1) add new email address and let settle.

2) make new email address the primary email address (smtp: -> SMTP:)

I have a script I found where everything seems to work until the last command:

Set-ADUser -identity $UserName -Replace @{ProxyAddresses=$NewProxyAddresses}

The error I get with this command is:

Invalid type 'System.Management.Automation.PSObject'.
Parameter name: ProxyAddresses
    + CategoryInfo          : InvalidArgument: (user:ADUser) [Set-ADUser], ArgumentException
    + FullyQualifiedErrorId : Invalid type 'System.Management.Automation.PSObject'.
Parameter name: ProxyAddresses,Microsoft.ActiveDirectory.Management.Commands.SetADUser

The output of $NewProxyAddresses is:

smtp:user@olddomain.com
smtp:user@domain.com
X400:C=us;A= ;P=Company;O=Exchange;S=surname;G=givenname;
SMTP:firstlast@newdomain.com

The output of the $newProxyAdderesses is correct, but I am unable to run the set-aduser command


Powershell command Start-MPWDoscan doesnt work in Windows 2016 Server for Offline Defender Scan

February 19, 2019, 7:37 am
$
0
0

Is this supposed to work in Server 2016?  

I get an error that says: errors were encountered when attempted to run WDO scan on your PC.

at Line:1  Char:1
Start-wpmwdoscan

+categoryinfo:  not specified: (MSFT_MpWDOCScan:root\Microsoft\...\msft_mpwdoscan)

Any suggestions/

Roles Based Access and PowerShell

February 20, 2019, 5:07 pm
$
0
0

I would like to compile a spreadsheet with the following data sources. 

Account Tab - User Logon Name

Organization Tab - Title

Member Of Tab - <All Group Memberships>

How would I use PowerShell to pull the member of information of a position title if I were to provide a user logon name?  I would also want this to export to a spreadsheet.

The only other method I'm using currently in-place of this is to run a vbscript to pull the member of data after providing the script a user logon name.  This then creates a txt document to which I manually pull the information and insert to spreadsheet.

Thanks for the support all!


How to suppress exit code 0?

February 20, 2019, 8:03 pm
$
0
0

I have two powershell scripts.

script1 is a script that is supposed to be a wrapper and passes parameters to script2. script2 generates data based on those passed parameters.

script1 has currently a for loop the iterates a command like this:

foreach(){
    cmd /c "openPS.bat script2.ps1 $($someParam[-1])"}

everytime that command runs successfully, it outputs exit 0

exit0

as you can see, in one of the runs, there was an error in script2 in which i specified to output exit 1 + $error[0] whenever there is an error/exception. but nowhere in script2 did i specify exit 0. there is only for exit 1 (error).

i read suggestions to use | out-null after the command, but the problem is the error from script2 no longer gets outputted/reported.

can i say something like cmd /c "openPS.bat script2.ps1 $($someParam[-1]) | out-null only exit 0?

Need to block user remotely

February 4, 2019, 1:40 am
$
0
0
Hello,

I have a query which is explained below:

Suppose a event number 123 is generating on ADFS server and in that event user email address exist which states that account is locked. Now I need, when that particular event will generate, I need that email address "badPwdCount" attribute will reset to 0 value on domain controller.

I need to know whether it is possible or not. If it is possible, then how.

Kindly suggest.

Regards,
Shashank

shashank saxena

allow standard user to run .ps1 elevated?

February 4, 2019, 8:28 am
$
0
0

most of our users are standard users (no local admin rights)  we have UAC enabled and GPO's locking down parts of the desktop, and one thing that is prevented is writing to HKLM part of the registry.

Is there any way for a standard user to run a .ps1 script where the .ps1 script writes to and updates the HKLM part of the registry?

I've tried Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File etc...etc... but it does not work.   

Thank you.  

mqh7

Unable to create New-CimInstance

February 4, 2019, 11:11 am
$
0
0

Hello,

I'm trying to stop and start windows service remotely; however, my script below is only working if it is running locally without -Computer parameter. If I add -Computer parameter, it is throwing an exception below. Please advise.

New-CimInstance : Unable to resolve the parameter set name.
At D:\DevOps\Scripts\StartStopvNextService.ps1:6 char:16
+ ... yInstance = New-CimInstance -Namespace root/cimv2 -ClassName Win32_En ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [New-CimInstance], PSArgumentException
    + FullyQualifiedErrorId : Argument,Microsoft.Management.Infrastructure.CimCmdlets.NewCimInstanceCommand

Param(
[string]$Name,
[string]$Computer
)
import-module CimCmdlets
$keyInstance = New-CimInstance -Namespace root/cimv2 -ClassName Win32_Service -Key @('Name') -Property @{Name=$Name;} -ComputerName $Computer -ClientOnly

Invoke-CimMethod $keyInstance -MethodName StartService

Best Regards,

Andy Pham

Best Regards, Andy Pham

Search

Cluster Aware Updating -Test-CauSetup -Hostname Failing -FQDN Working

February 4, 2019, 2:46 pm
$
0
0

I have been searching blog after blog and trying everything I have seen but I cannot seem to get "Cluster Aware Updating" past the below error. I tried posting in the Hyper-V forum but I was told I should try the PS forum.

When I run: Test-CauSetup -ClusterName hvcluster    (tried with -authentication as well)

Rule ID 3, "Windows Powershell remoting should be enabled on each failover cluster node". 

WARNING: Connecting to remote server HV1 failed with the following error message : WinRM cannot process the request. The following error occurred while using Kerberos authentication: Cannot find the
computer HV1. Verify that the computer exists on the network and that the name provided is spelled correctly. For more information, see the about_Remote_Troubleshooting Help topic.

When I try connecting with WBEMTest it connects fine with the host name and FQDN.

Enter-PSSession -Computername HV1   fails

Enter-PSSession -Computername HV.domain   (FQDN) connects

I can use computer manager and server manager remotely from a Windows 2K16 without any issues. I have gone through each machine and ran Enable-Psremoting -force. I have also tried putting in the remote server in the trusted host list via IP, host name and * even though they are on the same domain. I added the hostnames into the proxy, same error. Nothing seems to work.

Is there a way to have the CAU use the FQDN or am I missing something else? 

Through my testing it seems to be something to do with Kerberos.

Thank you

Invoke-command Get-Childitem \\share UnauthorizedAccessException

February 5, 2019, 2:19 am
$
0
0

Hello,

I've trouble with accessing a remote share from an invoke-command like this :

Invoke-Command  -ComputerName $srv -ScriptBlock {

Get-Childitem \\share -recurse -filter "*"

}

where as  :

Invoke-Command  -ComputerName $srv -ScriptBlock {

Get-Childitem C:\\ -recurse -filter "*"

}

works and in local ($srv) I can access the \\share with my same credentials ..

Any clue is welcome

How to make a text box as transparent using powershell

February 5, 2019, 8:46 am
$
0
0

How to make a text box as transparent using <g class="gr_ gr_4 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="4" id="4">powershell</g>


$outputBox = New-Object System.Windows.Forms.RichTextBox
$outputBox.Location = New-Object System.Drawing.Size(1090,100) 
$outputBox.Size = New-Object System.Drawing.Size(480,545)
#$outputBox.Font = New-Object System.Drawing.Font("Consolas", 8 ,[System.Drawing.FontStyle]::Regular)
$outputBox.MultiLine = $True
$outputBox.ScrollBars = "Vertical"
$outputBox.AppendText("`n")
$outputBox.ReadOnly = $True
$outputBox.BackColor = "Color.Transparent"
$Form.Controls.Add($outputBox)

Exception setting "BackColor": "Control does not support transparent background colors."
At line:49 char:1
+ $outputBox.BackColor = "Transparent"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], SetValueInvocationException
    + FullyQualifiedErrorId : ExceptionWhenSetting

LastAccessTime - Querying Folder Properties Resets TimeStamp

February 5, 2019, 1:54 pm
$
0
0

I have enabled the LastAccessTime attribute on a handful of old servers in hopes to start detecting folders/file that are not being used. This works as it should.

I am trying to select the LastAccessTime on folders (and subfolders). I am able to do so. However a couple of items to note.

First, the process of actually pulling back the property for LastAccessTime winds up changing the timestamp to the time of the query. This isn't good. I get it, but this isn't good. Of course as it grabs the subfolders, you are actually accessing the parent folder.

Second, I am not getting consistent results. I queried a folder with five subfolders. The time doesn't stay consistent. However it will eventually report on the query time.

I have tried various iterations of the command such as using -Directory or in the example below, specifying that it is a container. With this example, you can see that the timestamp doesn't stay consistent. The command was run three times with no more than 60 seconds between execution.

My Question would be... Is there a way to pull back the LastAccessTime property from directories and sub-directories without causing the LastAccessTime property to be changed?(My guess is no.)

 PS C:\Users\me> get-childitem \\SomeServer\i$\RmtPrint-Backup -recurse  | ? {$_.PSIsContainer -eq "True"} | Select FullName,LastAccessTime,LastWriteTime


FullName                                   LastAccessTime      LastWriteTime       
--------                                   --------------      -------------       
\\SomeServer\i$\RmtPrint-Backup\Week-1 2/5/2019 2:50:07 PM 8/6/2018 4:28:00 AM 
\\SomeServer\i$\RmtPrint-Backup\Week-2 2/5/2019 2:50:07 PM 8/13/2018 4:29:01 AM
\\SomeServer\i$\RmtPrint-Backup\Week-3 2/5/2019 2:50:07 PM 8/20/2018 3:28:46 AM
\\SomeServer\i$\RmtPrint-Backup\Week-4 2/5/2019 2:50:07 PM 8/27/2018 3:39:20 AM
\\SomeServer\i$\RmtPrint-Backup\Week-5 2/5/2019 2:50:07 PM 7/30/2018 2:04:42 AM



PS C:\Users\me> get-childitem \\SomeServer\i$\RmtPrint-Backup -recurse  | ? {$_.PSIsContainer -eq "True"} | Select FullName,LastAccessTime,LastWriteTime


FullName                                   LastAccessTime      LastWriteTime       
--------                                   --------------      -------------       
\\SomeServer\i$\RmtPrint-Backup\Week-1 2/5/2019 2:34:31 PM 8/6/2018 4:28:00 AM 
\\SomeServer\i$\RmtPrint-Backup\Week-2 2/5/2019 2:34:31 PM 8/13/2018 4:29:01 AM
\\SomeServer\i$\RmtPrint-Backup\Week-3 2/5/2019 2:34:31 PM 8/20/2018 3:28:46 AM
\\SomeServer\i$\RmtPrint-Backup\Week-4 2/5/2019 2:34:31 PM 8/27/2018 3:39:20 AM
\\SomeServer\i$\RmtPrint-Backup\Week-5 2/5/2019 2:34:31 PM 7/30/2018 2:04:42 AM



PS C:\Users\me> get-childitem \\SomeServer\i$\RmtPrint-Backup -recurse  | ? {$_.PSIsContainer -eq "True"} | Select FullName,LastAccessTime,LastWriteTime


FullName                                   LastAccessTime      LastWriteTime       
--------                                   --------------      -------------       
\\SomeServer\i$\RmtPrint-Backup\Week-1 2/5/2019 2:54:38 PM 8/6/2018 4:28:00 AM 
\\SomeServer\i$\RmtPrint-Backup\Week-2 2/5/2019 2:54:38 PM 8/13/2018 4:29:01 AM
\\SomeServer\i$\RmtPrint-Backup\Week-3 2/5/2019 2:54:38 PM 8/20/2018 3:28:46 AM
\\SomeServer\i$\RmtPrint-Backup\Week-4 2/5/2019 2:54:38 PM 8/27/2018 3:39:20 AM
\\SomeServer\i$\RmtPrint-Backup\Week-5 2/5/2019 2:54:38 PM 7/30/2018 2:04:42 AM



PS C:\Users\me>

Extracting Username and Machine Name data from AD thru PowerShell

February 5, 2019, 4:30 pm
$
0
0

I am sure a relatively simple script can extract both username and computer machine name data from AD for my company.

To date, I've written two simple PS scripts each of which retrieves these two attributes separately pipes them to a CSV file and places it on my machine in the default location of my user profile.

Now for the hard part, if it is hard.

How can I put these two attributes together in one script and output as one CSV file?


And of course, any script code can be posted to this forum. 



Active Directory Nested Group Report

February 6, 2019, 6:38 am
$
0
0

I have this powershell script that I created for reporting on SamAccountName and all the groups and nested groups each user belongs to. Now I need to get more information about each user account. (DisplayName, Department , EmployeeID,                LastLogonDate, Created) every time I add a different filter I get back zero data. I am not sure what I am missing

function Get-ADNestedGroupMembership
{
	Param(
		[Parameter(Mandatory=$true)]
		[String]$strADObject,
		[String[]]$parents = @()
	)
	foreach ($group in Get-ADPrincipalGroupMembership -Identity:$strADObject)
	{
		if ($parents -inotcontains $group.DistinguishedName)
		{
			Write-Output $group.Name
			Get-ADNestedGroupMembership -strADObject:$group.DistinguishedName -parents:($parents + $group.DistinguishedName)
		}
	}
}

cls
Get-ADUser -LDAPFilter:'(!(useraccountcontrol:1.2.840.113556.1.4.803:=2))'   | ForEach-Object {
	$samAccountName = $_.SamAccountName
    $EmployeeID =$_.EmployeeID
	$parents = Get-ADPrincipalGroupMembership -Identity:$_.DistinguishedName 
	$parentNames = $parents | Select-Object -ExpandProperty 'name'
	foreach ($parent in $parents)
	{
		$parentNames += Get-ADNestedGroupMembership -strADObject:($parent.DistinguishedName) -parents:($parents | Select-Object -ExpandProperty 'DistinguishedName')
	}
	$parentNames | Select-Object -Unique | % { '{0};{1};{2}' -f $samAccountName,$EmployeeID,$_ } 
}
export-Csv -Path "c:\adchildgroups.csv" -Encoding UTF8

Command line with a pipe symbol

February 6, 2019, 6:50 am
$
0
0

I'm trying to run the following command in Powershell

cmd /c net use | find "K:"

It's failing with FIND: Parameter format not correc

I've tried everything like invoke-expression but it doesn't work!

I've also tried where{$_ -match "K"}) but this fails presumably because its coming out of the commandline and is not a string.

What's the best practive for this?

Alter De Ruine

Search

Where maximum not in

February 6, 2019, 8:16 am
$
0
0

I have a Powershell script where I take the maximum value from the column of an Excel sheet and assign it to a variable.

 $dt_str =  ($dt|Measure-Object -Property "Part_No" -max).Maximum

It works but I want to modify it to choose where the maximum number is not in the results of a selectstatement returned from a table. For example if the maximum number found in the sheet is 66912 and 66912 is already in the values returned from the select statement I want the maximum to be thenext highest from the column of the sheet. 

I haven't figured out how to select from a table in Powershell and store the values in an array so I would just be happy to get it to do the above where the "not in" value is a hard-coded array.I don't know the syntax for this would appreciate any help.

Thank you.

Edit:

I think I need to change where I select from the sheet and put a "where not in" clause in that:

$qry = "select [Part_No] from [{0}]" -f $Table;



Selecting columns in powershell using column names from taken from a different file

February 6, 2019, 11:27 am
$
0
0

Hi,

I have a tsv file with many columns (300 columns and 4GB file) from where I want to extract some columns and create a new tsv file. I need to export fields  1,3,4,5 and last 4 fields.

It would be really helpful if someone can help me here with your knowledge and experience.

I used the below one , but it is picking the column headers correctly, but for data I am getting H1,H2,H3,H4,H5,H6,H7,H8.

Import-Csv -Delimiter "`t"  -Encoding UTF8 -Header H1,H3,H4,H5,H297,H298,H299,H300  -literalPath test.tsv | Export-Csv -Path test_output.tsv  -Delimiter "`t" –NoTypeInformation

Thanks in advance,

SR

Create home drive sub-folder and apply permissions

February 7, 2019, 1:16 am
$
0
0
Need to create a sub-folder in each users home drive on server. I think straightforward to create folder with new-item but how can I apply the permissions correctly?. Folder names are logon name so Fed Bloggs would have folder Bloggsf so I would want to give modify right to that user (which is not inherited user only has list access to their root and modify to the precreated sub-folders)

Ian Burnell, London (UK)

Server Monitoring

February 7, 2019, 4:00 am
$
0
0

Hi all

I am looking for some Powershell Scripts that I can run to build a picture of our server's performance and health. 

I am looking for an alternative to Performance Monitor, and I would like to ask if anyone has any Powershell options that I can run as part of my daily and weekly reporting functions.

Realtime performance metrics are not of real use to me (in this case), I am looking to build a general performance picture, as well as isolate spikes and other important events. 

If Powershell is not the right environment, perhaps someone can suggest another option? We already use Check_MK but the interface and navigation is really not very user friendly.

Many thanks

WinRM PSsession -ConnectionUri questions

February 7, 2019, 4:17 am
$
0
0

Hello, i try to do powershell script for automation to my lync server - the URL of admin console is: https://lync15.mydomane.com

server is: lync15.mydomane.com

Local machine: machine1.mydomane.com

I'l try to connect from machine1 to https://lync15.mydomane.com (my admin console of Lync on my server lync15.mydomane.com)  from powershell

New-PSSession -ConnectionUri "https://lync15.mydomane.com" -Credential domane\Admin

and have arror 

New-PSSession : [lync15.mydomane.com] Connecting to remote server lync15.mydomane.com failed with the following error message : The WinRM client sent a
request to an HTTP server and got a response saying the requested HTTP URL was not available. This is usually returned by a HTTP server that does not support the
WS-Management protocol. For more information, see the about_Remote_Troubleshooting Help topic.

On my server i check ports 5985 (http), its opened, i opened 5986 (default https port) try telnet from machine1 to server lync15 and its working (both ports). I add to trust computers my lync15.mydomane.com on machine1

Try to desable ipv6 (as one of solutions)

Try to change policy in 

Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Remote Management\WinRM Service\Allow remote server management through WinRM

I also have Listeners on my lync15.mydomane.com (winrm e winrm/config/listener)

Listener
    Address = *
    Transport = HTTP
    Port = 5985
    Hostname
    Enabled = true
    URLPrefix = wsman
    CertificateThumbprint
    ListeningOn = IPV4, 127.0.0.1, ::1, IPV6
Listener
    Address = *
    Transport = HTTPS
    Port = 5986
    Hostname = lync15.mydomane.com
    Enabled = true
    URLPrefix = wsman
    CertificateThumbprint = e4 ................................................... aa
    ListeningOn = IPV4, 127.0.0.1, ::1, IPV6

I also can connect to my server by this:

Enter-PSsession -ComputerName lync15.mydomane.com -Credential mydomane\Admin

What am I doing wrong?

Viewing all 21975 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>