I'm running a PowerShell script across thousands of computers globally and due to our machines having many different languages (Spanish, French, German, etc.) some of the commands aren't working and having to write code multiple times to suite each locale is a sin when I could have just written the code once. As just one example, I'm trying to check who the group members are of the local administrators group on workstations.
Example Command in English
$localGroupAdmins = (Get-LocalGroupMember -SID "S-1-5-32-544" | Where-Object {$_.ObjectClass -eq "Group"}).Name
Need to specify the SID of the local administrators group since that word is also in another language (no problem for now). Issue really is that the object class is "grupo" for Spanish machines, "Gruppe" for German machines and so on so doing the Where-Object {$_.ObjectClass... is not consistent and of course fails.
Therefore, how can I get this over to English for just the PowerShell session without impacting the user and changing their UI? Last thing I want is to have calls to the Help Desk stating their computer is now in English.
I've tried links below but nothing works. Also, script runs in system context if that matters.
Temporarily change powershell language to English?
Forcing PowerShell errors output in English on localized systems
https://community.spiceworks.com/topic/560456-how-to-change-powershell-script-errors-to-english
Related
I'm using Out-GridView for PowerShell. Everything seems to work out fine, with the notable exception that Quick Filter searches do not allow for spaces to be typed in between multiple words. Unfortunately this is exactly what is advertised on its docs.microsoft utility website:
Search for multiple words. To search for multiple words in the table,
type the words separated by spaces. Out-GridView displays rows that
include all the words (logical AND).
I've tried loading Out-GridView with a few variations (such as the standard Get-Process) but nothing seems to work. Does anyone have any ideas on how to fix it?
Edited: I actually discovered that it was due to the differences between running Gridview through PowerShell and PowerShell ISE; the problem only manifested when I was running it through ISE. Face-plant worthy.
First post!
This is an issue ive come across recently when an LDAP aware application that shall remain nameless is reporting an error in a DN in one of the 19 Domains in the forest but the vendor cant give me any further detail around what the object with the error is other than "We are pretty tight on RFC compliance so it could be anything and we see error 34"
Helpful right.
My other LDAP aware apps are perfectly fine so this is more of a "prove you wrong" type of exercise.
I have a list of DNs exported from every object that has changed in the last 10 days from every domain.
9 days ago is when the thing broke so would capture everything that they are trying to say it would be.
What im hoping to find out is if there is a way for me to run a PS script to check for RFC complaince in the DN string?
I have no ides whats involved with RFC, cant even find a clear explanation of what is and is not accepted.
Anyone have any pointers?
This is just a guess, but it's something that's burned me before: Do you have any accounts with forward slashes in their name? Even Microsoft's own code has problems with that.
The DN would look something like:
CN=test/user,OU=Users,DC=domain,DC=com
That's perfectly valid (at least AD allows it). But if you try to bind to that directly via LDAP, and you just drop it into an LDAP path, you get this:
LDAP://CN=test/user,OU=Users,DC=domain,DC=com
However, in an LDAP path, forward slashes are special characters, so it sees the path as just LDAP://CN=test, which of course won't work. The slash must be escaped (just replace / with \/):
LDAP://CN=test\/user,OU=Users,DC=domain,DC=com
To find out if you have any accounts with slashes in their name, you can do a query like this:
(&(objectClass=user)(cn=*/*))
In PowerShell, you could do that like this:
Get-ADUser -LDAPFilter "(cn=*/*)"
This could also happen if you have any OU's with slashes in their name.
As part of our company policy, all employees who have left the company keep their active directory accounts, which are disabled and moved to a specific OU. There are several parts to this process which need to be automated, but a significant part is unchecking the "Unix Enabled" property from the ADUC MMC and clearing all Unix attributes. These actions are not always performed, so I am tasked with cleaning it up. I am fairly new to Powershell, but have a reasonable enough understanding of it to work out a solution. I believe the scipt below should do it (formatted for better visibility):
Get-ADUser -SearchBase "OU=Disabled Accounts,OU=AnotherOU,DC=mycompany,DC=com"
-Filter {(Enabled -eq $false)} -Properties SamAccountName | ForEach-Object {
Clear-QasUnixUser $_.SamAccountName
Disable-QasUnixUser $_.SamAccountName
}
It may not be the most elegantly written script, but it seems to work as intended. Of course, it will be run in a test environment prior to production.
My dilemma:
I need to return all of the attributes that will be cleared by these commands before I run them (for the purposes of backing out) and I don't believe Get-QasUnixUser alone does this. Can anyone give me an idea of how to approach returning all of this information, and perhaps some professional insight as to how to sort it based on user? I know that links are not considered appropriate answers, but I also understand the scope of the question I am asking, so any assistance would be greatly appreciated.
Looking at the docs for QAS, it looks like they use the out of the box schema for their purposes. Newer versions appear to use the altSecurityIdentities attribute while older versions appear to consume the various SFU attributes that come with Windows. You might try using ldifde to take a snapshot of a user, enable them for QAS, take another LDIF snapshot, and diff the files as one approach to seeing what all QAS changes.
You can use the Properties parameter of Get-ADUser to provide a list of attributes you want back. It will be natively sorted by user, but, the Sort-Object cmdlet gives you the ability to tweak that order.
I know there has to be an easy solution to this but I have been searching for two days now with no luck.
Basic goal:
I want to query (and set) the state of Scheduled Defrag using PowerShell
Limitations: Must be able to work when run with the system set to any language, Must not require installing any additional software, packs, etc (ie clean system), Must be able to run on any system Windows 7+ (ideally even earlier)
Issues:
I can get the state using 'schtasks /query /TN
'\Microsoft\Windows\Defrag\ScheduledDefrag'' but this is (a)
directory language dependent, and more importantly (b) returns
everything as a string of some sort, meaning state is something
like 'Disabled'.. in English. But every language returns its own
word for 'Disabled', in its own character code, meaning hard-coding
over a hundred languages x the number of options
Windows 7 does not recognize Get-ScheduledTask (seems to be
Win8+), even if it did not sure how to query 'Disabled' as a state
without using the actual word
I have to be missing something very basic but all I am finding are suggestions to install Powershell packs, and responses dealing specifically with English. Any suggestions?
What's the best way to ensure your PowerShell function name is unique? The standard since version 1 is to put in a short unique id after the verb dash and before the noun. For example, with my initials I could create function Get-DWServer; this is fine until someone creates a function in a different module for getting an object reference to a datawarehouse and uses the same function name. Two or three letters just isn't sufficient but more than that gets ugly to read.
I'd prefer to have a unique prefix* similar to .NET namespaces. It's better for organization, easier on the eye and works with tab completion. And it expands gracefully so you could name it DW.Get-Server or DW.Network.Get-Server.
The downside of doing this is it runs afoul of PowerShell's proper verb check during module import/Export-ModuleMember. You can get around this by specifying DisableNameChecking during import but I'm wondering if doing this is sloppy and might be bad if PowerShell 3 comes out with a better solution. I know PS verb purists (are there any?) will complain that this probably 'hinders discovery' but I can't think of a better option.
What do you do?
(*You can refer to an exported function using module_name\function_name notation but this won't work with tab completion and still doesn't get around the problem of the function name being unique).
I have heard Jeffrey Snover (the inventor of PowerShell) talk about this a few times and he described it as a dilemma, not a problem. A dilemma has to be managed but can't be solved completely. A problem can be solved. As a PS verb "purist" I would say the best way to manage this is to have a 2 or 3 letter prefix to your nouns. This has been sufficient so far for many widely distributed sets of cmdlets. IE, Quest AD Cmdlets vs Microsoft's AD Cmdlets. Get-ADUser and get-qaduser.
If you are consuming a module and want to use your own prefix, you can specify one with
import-module mymodule -Prefix myPrefix
I know this isn't the one single silver bullet answer, but I would say it works for 95% of the situations.