So I try to link the networkname of a cluster resource to the AD object by the objectGUID in powershell.
If I execute following command Get-ClusterResource -Cluster CLxxx -Name NameOfResource the NetworkName object is returned.
I can ask for the clusterparameters and the parameter ObjectGUID (Get-ClusterResource -Cluster CLxxx -Name NameOfResource | Get-ClusterParameter -Name objectguid).Value
It will return something like 5efa2b5674c75d43bcdad1c2c183d5ca
So far so good.
If I try to get the ADobject from Active Directory (Get-ADComputer -Filter {Name -Like "$Name"}).ObjectGUID.guid
It will return something like 562bfa5e-c774-435d-bcda-d1c2c183d5ca
It is almost the same but not quite.
Al the characters are there but not in the correct order.
ClusterParameter: 5efa2b5674c75d43bcdad1c2c183d5ca
Active Directory: 562bfa5e-c774-435d-bcda-d1c2c183d5ca
If you look at the string AD returned you can split the string in 5 sequences on the -.
The last 2 are in the correct order but the first three have to switch front to back (2 characters at a time).
ClusterParameter: 5efa2b56-74c7-5d43-bcda-d1c2c183d5ca
Active Directory: 562bfa5e-c774-435d-bcda-d1c2c183d5ca
It is the same on 2008,2012 and 2016.
Does someone have an explanation for this?
Related
This question already has an answer here:
Pull NT user ID from powershell
(1 answer)
Closed 3 years ago.
I'm new to PowerShell and it would be much appreciated if I could get some expertise assistance with a script that I'm trying to write in PowerShell.
Objective:
Run a script to remotely check the name of the current user who is logged on to that machine.
Current script:
This line with the variable of $EnterComputerName prompts us to input in what computer name we want to search.
$EnterComputerName = Read-Host -Prompt "Enter Computer name"
This line searches the details from that specified computer and pipe it so that it will only show the Username property.
$Name = Get-CimInstance -ClassName Win32_ComputerSystem -ComputerName $EnterComputerName | Select-Object Username
Problem:
The result of the above line only outputs the user ID instead of their actual name, example: domain\N12345
I want to use the following line to convert userID into name:
Get-ADUser $Name | Select-Object GivenName, Surname
However, Get-ADUser only recognizes 'N23705' instead of 'domain\N23705'. Is there a way I can shorten this to 'N23705' and pass that value to the $Name variable?
One simple way to accomplish this is to use replace to remove the unwanted domain prefix.
$Name = (Get-CimInstance -ClassName Win32_ComputerSystem -ComputerName $EnterComputerName).UserName -replace ".*\\", ""
Edit: removed Parenthesis in replace syntax
I've tried a variety of iterations of this and gotten a range of errors. I'm trying to get a a list of installed drivers off from a list of computers. None of the ways I've tried in PowerShell have piped the information into a csv. Here's the current iteration of the script.
#Load Active Directory
Import-Module activedirectory
#Load list of computers
$results = #()
$Computer = Get-Content -path 'C:\ScriptResources\computers.txt'
#Check each computer in the list
foreach($ComputerName in $Computer)
{
$results += Get-ADComputer -Filter " Name -Like '*$ComputerName*' " | Get-PrinterDriver; Start-Sleep -milliseconds 500
}
#Export to CSV file
$results | export-csv 'C:\ScriptResults\InstalledPrinters.csv'
I've also used it with just the Get-Printer command and got the following error.
Get-Printer : No MSFT_Printer objects found with property 'Name' equal to 'Redacted'. Verify the value of the
property and retry.
Depending what I've fed the $Computer file I'll get different errors. I've also gotten the RPC server is unavailable and Error Spooler Service Not Running. I have domain wide privileges and I checked the print spooler service and it is running.
The reason I think this is odd is that I have .bat tool that I use that gets printer info from a singular host and I don't run into any issues. The reason I'm trying to put this in PowerShell is because 1) I want to do the whole domain and 2) PowerShell formats its outputs in a more useable fashion.
wmic /node:%ComputerIP% path win32_printer get deviceid, drivername, portname
Additionally, I've also tried the following in the $results function of the script
$results += Get-WmiObject -class Win32_printer -ComputerName name, systemName, shareName
This didn't give errors. What it did instead is that for each computer in the list of computers it checked the computer I was running the script from for its printers and output on each line which printers were installed on my computer.
I'm at a loss and any help would be appreciated. Thanks!
Just so this is closed out. Vivek's answer ended up working.
$results += Get-WmiObject -class Win32_printer -ComputerName $Computer | Select name, systemName, shareName
The RPC issue I was getting was that the list of computers were all turned off for some reason (remote site + different time zone + doing the testing during second shift). Normally, everything remains on though. So that was just an anomaly.
Thanks for the help!
I have a following piped command that should print a GPO name and the group that is associated with it, repeating this untill all GPOs and groups have been printed. The output isn't right though. The name comes out correctly but the group says Microsoft.GroupPolicy.GPTrustee instead of the groups name.
How should I access it to get the value?
Here is my piped command:
Get-GPO -All | ForEach-Object {$gpo = $_.DisplayName; Write-Output $_;} | Get-GPPermission -All |
Where-Object {$_.Permission -eq "GpoApply"} |
Select-Object #{Name="GpoName"; Expression={$gpo}},#{Name="Group"; Expression={$_.trustee}}
EDIT: The problem was solved, but I'll still copy the output of "Microsoft.GroupPolicy" -object here to clarify why I thought I'd be able to access it with $_.trustee variable.
It looked like this so $_.trustee.name didn't even cross my mind.
Trustee : Domain Computers
TrusteeType : Group
Permission : GpoApply
Inherited : False
Maybe someone who has more experience with Active Directory can help me.
I need to get info such as OS, name, FQDN from a computer in a different domain.
I will explain what I mean.
I have root domain: example.com, with 2 subdomains: xxx.example.com and yyy.xxx.example.com
Each domain contain 1 computer. Both of them in one group, for example groupfoo, they also in different OU
I can get info about members in group, I try PowerShell and dsquery. Both of them return right list of computers in group. But I can get info only from computer in the same domain where I run PowerShell script and dsquery.
to be clear I have one more computer not in groupfoo, and this computer used for administrating Active Directory.
As I understand in Active Directory we have thing such as "referral chasing".
I read a lot and as I know Power Shell don't have an options such as "enable referral chasing". For dsquery I found option -r for recursive request.
What I have already tried:
PS> dsquery group -name goupfoo | dsget group -members
"CN=member01,OU=Domain Controllers,DC=xxx,DC=example,DC=com"
"CN=member02,OU=XXX,OU=Domain Controllers,DC=yyy,DC=xxx,DC=example,DC=com"
My computer in DC=yyy,DC=xxx,DC=example,DC=com I can get info from CN=member02,OU=XXX,OU=Domain Controllers,DC=yyy,DC=xxx,DC=example,DC=com
PS > dsquery * -filter "(&(objectClass=Computer)(objectCategory=Computer)(sAMAccountName=member02$))" -attr sAMAccountName operatingSystem
sAMAccountName operatingSystem
member02$ Windows Server 2008 R2 Standard
running the same command for member01 yielded no results :
PS > dsquery * -filter "(&(objectClass=Computer)(objectCategory=Computer)(sAMAccountName=member01$))" -attr sAMAccountName operatingSystem
PS >
I tried different variation of dsquery, I try -r key for recursive, but it's dosen't work.
Maybe important thing, in the settings of "DC=yyy,DC=xxx,DC=example,DC=com" I saw what "DC=xxx,DC=example,DC=com" it's a trusted parent for "DC=yyy,DC=xxx,DC=example,DC=com" maybe I can get info doing the same from parent domain?
The same I can get with Power Shell Get-ADGroup, Get-ADMember etc, I tried use all options, credentials, server etc. it's always return info only from one computer in the same domain as I am.
Try using a DirectorySearcher object:
$filter = "(&(objectCategory=Computer)(sAMAccountName=$computername))"
$properties = 'distinguishedName', 'sAMAccountName', ...
$search = New-Object DirectoryServices.DirectorySearcher
$search.SearchRoot = New-Object DirectoryServices.DirectoryEntry
$search.Filter = $filter
$search.SearchScope = 'Subtree'
$search.ReferralChasing = [DirectoryServices.ReferralChasingOption]::All
$properties | % { $search.PropertiesToLoad.Add($_) } | Out-Null
$search.FindAll()
I don't know if ActiveDirectory module cmdlets actually support referral chasing.
I know that I can use PowerShell to check service status on multiple services. For example with something like this:
Get-Service -ComputerName server-a, server-b, server-c -Name MyService |
Select Name, MachineName, Status
Can somebody advice how I can modify this so that:
- Enumerate large number of servers like an array or somehow else so that make it more readable than if I put large number of servers in one line.
- Use a wildcard in service name parameter, e.g. "MYSERVICE*"
You can put your servers in a text file such as SERVERS.TXT :
Server-a
Server-b
Server-c
...
And use :
$servers = get-content SERVERS.TXT
Get-Service -ComputerName $servers -Name MyService | Select Name, MachineName, Status
You can do the same for services.
To answer your second question first, the -Name parameter of the Get-Service cmdlet supports wildcards, so you can simply do this to check several services with similar names:
Get-Service -Computer 'server-a', 'server-b', 'server-c' -Name MyService* |
select Name, MachineName, Status
The -Computer parameter accepts an array of strings, so you can read the server list from a file (containing one hostname per line), as JPBlanc suggested:
$computers = Get-Content 'C:\path\to\serverlist.txt'
Get-Service -Computer $computers -Name MyService* | ...
This is probably the best choice, as it separates data from code.
However, there are situations where it's more practical to keep data and code in the same file (e.g. when you move the script around a lot). In a situation like that you can define an array spanning multiple lines like this:
$computers = 'server-a',
'server-b',
'server-c',
...
Get-Service -Computer $computers -Name MyService* | ...