I need to get SCCM collection info form a list of 150 servers to figure out what deployment collections each device belongs to. I can easily list all devices from a collection but not the other way. The below gets everything else but what collections they are members of.
Get-Content "C:\Temp\ServerList.txt" | foreach {Get-CMDevice} | Export-Csv -Force -NoTypeInformation "c:\temp\sccmcollectioninfo.csv"
I think this can not be done with the commandlets alone, but you can just use WMI instead:
$DeviceName = "your device"
$SiteServer = "site server"
$SiteCode ="site name"
(Get-WmiObject -ComputerName $SiteServer -Namespace root/SMS/site_"$SiteCode" -Query "SELECT SMS_Collection.* FROM SMS_FullCollectionMembership, SMS_Collection where name = '$DeviceName' and SMS_FullCollectionMembership.CollectionID = SMS_Collection.CollectionID")
From there you can input the name (or better resourceid) into the commandlets for deployments again. If you have enough access rights it would be even faster to query the db in SQL instead (v_FullCollectionMembership and v_Collection are the corresponding views).
Related
There has to be a better way
$server = (Get-ADComputer -Filter * -Properties *).name
foreach ($s in $server)
{
Get-WmiObject Win32_Service -filter 'STARTNAME LIKE "%serviceaccount%"' -computername $s
}
I want to search all servers on the domain for a service account. The above kind of does what I'm looking for but it doesnt return what server the services account was found on. Thanks in advance.
here's what i meant about using Get-Member to find the object properties that would give you the info you want. [grin]
this could be sped up considerably by giving the G-WO call a list of systems. i wasn't ready to code that just now. lazy ... [blush]
what it does ...
sets the account to look for
i only have the LocalSystem and NetworkService accounts listed on my services. [grin]
sets the computer list to search
you will likely use Get-ADComputer. make sure to either use the property name in the loop OR to make your query return only the actual name value.
i only have one system, so my list is 3 different ways to get to the same computer.
loops thru the systems
call G-WO to get the service[s] that use the target account
builds a [PSCustomObect] with the wanted properties
sends that to the $Result collection
shows that on screen
the code ...
$TargetAccount = 'LocalSystem'
$ComputerList = #(
'LocalHost'
'127.0.0.1'
$env:COMPUTERNAME
)
$Result = foreach ($CL_Item in $ComputerList)
{
# i didn't want a gazillion services, so this uses array notation to grab the 1st item
# if you want all the items, remove the trailing "[0]"
$GWMI_Result = #(Get-WmiObject -Class Win32_Service -Filter "STARTNAME LIKE '%$TargetAccount%'" -ComputerName $CL_Item)[0]
[PSCustomObject]#{
ComputerName = $GWMI_Result.SystemName
AccountName = $GWMI_Result.StartName
ServiceName = $GWMI_Result.Name
}
}
$Result
output ...
ComputerName AccountName ServiceName
------------ ----------- -----------
MySysName LocalSystem AMD External Events Utility
MySysName LocalSystem AMD External Events Utility
MySysName LocalSystem AMD External Events Utility
I'm trying to create a WMI query for a device collection to find all computers that are currently outside our intranet. I can do this in Powershell by executing:
(Get-WmiObject -namespace root\ccm -query "select InInternet from ClientInfo").InInternet
But I cannot find the appropriate query in SCCM.
In configuration manager on the client you are able to see the "Connection Type" and whether or not it's currently Intranet or Internet.
Does anyone know if this is possible in an SCCM query?
AFAIK SCCM doesn't collect Connection type, probably because it changes too often (or at least can do). The only server-side query I can think of is to check if the last MP was one of the internet-enabled MPs. Ex:
SELECT * FROM SMS_R_System WHERE ResourceID IN ( SELECT ResourceID FROM SMS_G_System_CH_ClientSummary WHERE LastMPServerName IN ('InternetEnabledMP.DMZ.contoso.local','MySecondInternetEnabledMP.DMZ.contoso.local'))"
if (Get-WmiObject -namespace root\ccm -query "select InInternet from ClientInfo").InInternet can return the correct data, you should still be able to get all result from clients one by one by running command on a remote machine using -computername property:
Import-Module 'C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager.psd1'
cd cts:
$devices = (Get-CMDevice -CollectionName "All Desktop and Server Clients").name
Foreach ($device in $devices)
{
if(Test-Connection -ComputerName $device -Count 1 -Quiet)
{
$InInternet = (Get-WmiObject -ComputerName $device -Namespace root\ccm -Query 'select InInternet from ClientInfo').InInternet
$properties = #{'name' = $device; 'IsInternet' = $InInternet}
$Object = New-Object -TypeName PSObject -Property $properties
Write-Output $Object
}else{
Write-Warning "Try connection to $device failed!"
}
}
The script is not a complete script because it did not catch exceptions when trying to connect to target machine to get property. But it should be able to tell what I mean here and should be able to work. You may need to run script under admin permission
I'm trying out a script to go grab installed software on servers remotely. Problem is I want it to output certain attribs including the computer name but I can't seem to figure out how to get the name inserted.
Here is what I have so far...
$servers = Get-QADComputer -SearchRoot "OU=servers,OU=mydomain:-),DC=COM" | Select Name
...which works fine of course. Then...
$servers | % {Get-WMIObject -Class Win32Reg_AddREmovePrograms} | select Displayname,Version,InstallDate,PSComputerName
... which provides the full list of software installed on all servers in that OU but the PSComputerName becomes MY COMPUTER (the computer I run the query from - not the computername of the system being queried). The goal is to have the servername the software is installed on on each line item of software. I've asked professor Google and don't seem to see anything helpful (or anything that I understand anyway).
Hope this makes sense. semi-amateur PS script writer so hopefully this is easy for you guys. Thanks in advance for your help
Your command:
Get-WMIObject -Class Win32Reg_AddREmovePrograms
Does not specify computer to query, so it just query computer command being executed on. Thus PSComputerName display MY COMPUTER, as MY COMPUTER is computer being queried. You have to specify -ComputerName parameter to Get-WMIObject cmdlet to query specific computer. And -ComputerName parameter accept array of computer names, so you can put array of computer names to it instead of using ForEach-Object cmdlet and query one computer at time.
Since the object returned from the WMI call doesn't contain the computer you made the request on, you need to include it yourself from include your ForEach-Object (%) block. You could use Add-Member to add it yourself, then do your Select-Object outside like you're doing now:
$servers | % {
Get-WMIObject -Class Win32Reg_AddREmovePrograms -ComputerName $_ |
Add-Member -MemberType NoteProperty -Name ComputerName -Value $_ -PassThru
} | select Displayname,Version,InstallDate,ComputerName
Another way is to move the Select-Object to inside the block and do it within there, by creating a new property on the fly with a hashtable:
$servers | % {
Get-WMIObject -Class Win32Reg_AddREmovePrograms -computername $_ |
Select-Object Displayname,Version,InstallDate,#{Name='ComputerName';Expression={$_}}
}
I'm trying to get a list of registered users on current system.
I tried gwmi win32_userprofile but confused on which line it is on.
You won't be able to get usernames with the Win32_UserProfile WMI class. You can get their LocalPath though:
$LocalPaths = Get-WmiObject -Class Win32_UserProfile | Select-Object -Property LocalPath
If you want all the User Account names, you'll have to user Win32_UserAccount. If you ARE hooked up to Active Directory and you just want the local accounts specific the machine, you can use this query:
$LocalAccount = Get-WmiObject -Query "Select Name, LocalAccount FROM WIN32_UserAccount WHERE LocalAccount=true"
If you want all accounts plus ones that have potential access, you can use this:
$PotentialAccess = Get-WmiObject -Query "Select Name FROM WIN32_UserAccount"
If you ARE on a domain, this one will take quite a while if it's an especially large domain as it retrieves every single user account that has access to the system.
I use this to get a list of local machine users:
$adsi = [ADSI]"WinNT://$env:COMPUTERNAME"
$adsi.Children | where {$_.SchemaClassName -eq 'user'} | select -expand name
I have the following code pulling from my exchange server 2003.
connect-qadservice -service 'localhost'
foreach ($server in $exchangeservers)
{
$AllUsers += get-wmiobject -class Exchange_Mailbox -namespace Root\MicrosoftExchangeV2 -computername $server| select servername,storagegroupname, storename,mailboxdisplayname,totalitems,size, DeletedMessageSizeExtended, legacyDN, datediscoveredabsentInDS
}
$exchngver = "2003"
foreach ($user in $AllUsers)
{
$obj = new-object psObject
$office = get-qaduser -Identity $user.legacyDN | select office, description
}
disconnect-qadservice
and it doesn't grab all the mailbox stores on the server. Any idea why or what might be causing this?
thanks in advance
NOTE: IT seems to grab all the mailbox stores except for 1 in the 2nd storage group. I have no idea why this is... The funny thing is my vbscript grabs all the mailbox stores using the same namespace and class just fine.
So to start simple, does it come back correct before you unroll & start using the quest stuff?
Do you get the right number from:
(get-wmiobject -class Exchange_Mailbox -namespace Root\MicrosoftExchangeV2 -computername srv02).count
Have you checked permissions on the Stores/SGs?
Couple of things (not sure they are the cause (#1)):
you are looping over $exchangeservers but don't use $server in -computerName (there's a fixed "srv02" server name).
I would move the connect-qadservice -service 'localhost' out of the foreach servers loop (You call it for each server in exchangeservers).
You are calling get-qaduser twice ($tmp and $office) to get the user office and description, you can do it in one call ($tmo is redundant):