I'm trying to write a Powershell function to create an OrganizationalUnit. I'm a PS newbie but I've pieced together:
function makeOU ($cn, $path)
{
$sb = [scriptblock]::Create(
"New-ADOrganizationalUnit $cn -path `"$path`"
-ProtectedFromAccidentalDeletion 0"
)
Invoke-Command -ComputerName $server -Credential $Credential `
-ScriptBlock $sb
}
But when I invoke this later in the script, I get a message that -ProtectedFromAccidentalDeletion is an unknown cmdlet. If I make the command one line
"New-ADOrganizationalUnit $cn -path `"$path`" -ProtectedFromAccidentalDeletion 0"
it works.
As I see it, at the end of
"New-ADOrganizationalUnit $cn -path `"$path`"
there is an open parenthesis and an open quote so PS should be looking for more input. Ending that line with a back tick didn't help. Nor did converting the argument to Create() to the form #" ... "#. (This is different from Why I am getting PowerShell Parsing Error? in that I don't have any back ticks, certainly none with spaces after them.)
If I'm making an newbie error here and there's a better way to pass the function parameters to Invoke-Command, I'm open to rewriting but failing that, how can break the string passed to Create() onto multiple lines?
Chris Nelson: Your "if you really want to" makes it sound like I'm doing something
grossly anti-idomatic to PS. I'm perfectly willing to believe that so
I wonder how you'd write it.
Thing is, backticks are frowned upon in Posh community:
READ-02 Avoid backticks
In general, the community feels you should avoid using those backticks
as "line continuation characters" when possible. They're hard to read,
easy to miss, and easy to mistype. Also, if you add an extra
whitespace after the backtick in the above example, then the command
won't work. The resulting error is hard to correlate to the actual
problem, making debugging the issue harder.
Maximum Line Length
The preferred way to avoid long lines is to use splatting (see
About_Splatting) and PowerShell's implied line continuation inside
parentheses, brackets, and braces -- these should always be used in
preference to the backtick for line continuation when applicable, even
for strings
Since you've asked, how I'd write it, here is some examples:
"Structured"
function makeOU ($cn, $path)
{
$Template = 'New-ADOrganizationalUnit {0} -Path "{1}" -ProtectedFromAccidentalDeletion 0'
$ScriptBlock = [scriptblock]::Create(($Template -f $cn, $path))
Invoke-Command -ComputerName $server -Credential $Credential -ScriptBlock $ScriptBlock
}
"Splatted"
function makeOU ($cn, $path)
{
$Template = 'New-ADOrganizationalUnit {0} -Path "{1}" -ProtectedFromAccidentalDeletion 0'
$ScriptBlock = $Template -f $cn, $path
$Splat = #{
ComputerName = $server
Credential = $Credential
ScriptBlock = [scriptblock]::Create($ScriptBlock)
}
Invoke-Command #Splat
}
"Oneliner"
function makeOU ($cn, $path)
{
Invoke-Command -ComputerName $server -Credential $Credential -ScriptBlock (
[scriptblock]::Create(
('New-ADOrganizationalUnit {0} -Path "{1}" -ProtectedFromAccidentalDeletion 0' -f $cn, $path)
)
)
}
# Or, using parentheses:
function makeOU ($cn, $path)
{
Invoke-Command -ComputerName (
$server
) -Credential (
$Credential
) -ScriptBlock (
[scriptblock]::Create(
('New-ADOrganizationalUnit {0} -Path "{1}" -ProtectedFromAccidentalDeletion 0' -f $cn, $path)
)
)
}
Well, if you really want to format it that way, try this:
function makeOU ($cn, $path)
{
$sb = [scriptblock]::Create(
"New-ADOrganizationalUnit $cn -path (
`"$path`"
) -ProtectedFromAccidentalDeletion 0"
)
Invoke-Command -ComputerName $server -Credential $Credential `
-ScriptBlock $sb
}
If you know how-to escape inner " double quotes, and you know how-to spread a command on multiple lines using a Grave Accent as an escape character:
Invoke-Command -ComputerName $server -Credential $Credential `
-ScriptBlock $sb
then you know how-to do the last in a script block as well: just double the Grave Accent character:
$sb = [scriptblock]::Create(
"New-ADOrganizationalUnit $cn -path `"$path`" ``
-ProtectedFromAccidentalDeletion 0"
)
Related
I am attempting to create a generic script that will process registry files on a list of remote servers. The script will take the input of the path/filename to process and a list of servers to process it on. Copies the .reg file to the remote server and then attempts to process the .reg file on the remote server. In order to make it generic for use with any .reg file I want to pass the path\filename to process in a variable in the script block. I have seen examples of passing named variables and positional parameters but that doesn't seem to meet my requirements. I tried creating the script block contents as a Scriptblock type and calling it but it does not work. Most of the errors I have been getting are related to invalid parsing, ambiguous parameter, etc. I have seen a couple of working examples in which the .reg file path/filename is hard-coded but that defeats the purpose of what I am attempting to accomplish. I have tried the Invoke-Command with a session and with the -ComputerName variable in order to try the :using:" command with no success. Is there any way to pass a variable that is basically the command line values (switch params & filepath/name) for an executable within the scriptblock or am I going about this in the wrong manner? In code below I am crossing domains so having to open session for those servers in order to create directory if it doesn't exist.
while ($true)
{
$regFile = Read-Host -Prompt "Enter the path & name of registry file to be processed"
If(Test-Path -Path $regFile) { break }
Write-Host "You must enter valid path & filename of a registry file to process."
}
$servers = Get-Content D:\MLB\Scripts\servers.txt
$fileNm = [System.IO.Path]::GetFileName($regFile)
$pass = ConvertTo-SecureString "blahblah" -AsPlainText -Force
$Creds = new-object -typename System.Management.Automation.PSCredential( "domain\username", $pass)
foreach ($server in $servers)
{
$dirPath = ''
$newfile = '\\' + $server + '\d$\MLB\RegFiles\' + $fileNm
if($server.ToLower().Contains("web"))
{
$Session = New-PSSession -ComputerName $server -Credential $Creds
Invoke-Command -Session $Session -ScriptBlock { New-Item -ErrorAction SilentlyContinue -ItemType directory -Path D:\MLB\RegFiles }
$newfile = "d:\MLB\RegFiles\" + $fileNm
Copy-Item $regFile -Destination $newfile -ToSession $Session -Force
Remove-PSSession -Session $Session
}
else
{
$dirPath = "\\$server\d`$\MLB\RegFiles"
New-Item -ErrorAction SilentlyContinue -ItemType directory -Path $dirPath
$newfile = "\\$server\d`$\MLB\RegFiles\$fileNm"
Copy-Item $regFile -Destination $newfile -Force
}
Invoke-Command -ComputerName $server -Credential $Creds -ScriptBlock {
$args = "s/ $newfile"
Start-Process -filepath "C:\Windows\regedit.exe" -Argumentlist $args
}
I'm attempting to develop a script with PowerShell to remotely install/update flash player for multiple machines. No matter what I do, I can't get the install to work properly at all. I'm very limited with my tools so I have to use PowerShell, and the MSI install of Flashplayer. I'll post my script below, any help at all would be greatly appreciated.
$Computers = Get-Content C:\Users\name\Desktop\flash.txt
(tried these 3 methods to install none work)
$install = #("/a","/i", "\\$Computer\c$\temp\flash\install_flash_player_32_plugin.msi", "/qn","/norestart")
Invoke-Command -ComputerName $Computer -ScriptBlock {Start-Process "Msiexec" -arg "$using:install" -Wait -PassThru} -Filepath msiexec.exe
#This returns with "invoke-command: parameter set cannot be resolved using the specified named parameters"
Invoke-Command -ComputerName $computer -ScriptBlock {Start-Process -Filepath msiexec.exe "$using:install" -Wait -PassThru} -Filepath msiexec.exe
#this returns the same error.
Invoke-Command -ComputerName $Computer -ScriptBlock {start-process msiexec -argumentlist #('/a','/i','"\\$Computer\c$\temp\flash\install_flash_player_32_plugin.msi"','/qn')}
#this seemingly skips the install entirely.
I've used similar scripts for other programs and had no problems installing them, but none of the methods I use or have researched are working properly.
This should do the trick, I'll explain why it wasn't working bellow:
$Computers = Get-Content C:\Users\name\Desktop\flash.txt
$params = '/i <path to AcroPro.msi> LANG_LIST=en_US TRANSFORMS="1033.mst" /qb'
$Computers | % {
Invoke-Command -ScriptBlock {
Param(
[Parameter(Mandatory=$true,Position=0)]
[String]$arguments
)
return Start-Process msiexec.exe -ArgumentList $arguments -Wait -PassThru
} -ComputerName $_ -ArgumentList $params
}
So, it wasn't working because the ScriptBlock on Invoke-Command cant see variables that you've declared on your powershell session, think of it like you are walking to that remote computer and inputting that code by hand, you wont have the value (metaphor).
I did a few more changes:
I moved all params into 1 single string, no need to have them in array.
Added $Computers | to iterate through computer names.
Removed FilePath as this is meant to be used differently, documentation(Example #1).
Set $MinutesToWait to whatever amount of minutes you want.
No need to try to pass msiexec, as it comes with windows the default path is "C:\WINDOWS\system32\msiexec.exe"
Added a return even though its never necessary, but to make it more readable and to show you intent to return the output of the msiexec process.
Replaced \\$Computer\c$ with C:\ as there's no need to use a network connection if you are pointing to the host you are running the command in/
Hope it helps, good luck.
EDIT:
So, as you mentioned the pipeline execution gets stuck, I had this issue in the past when creating the computer preparation script for my department, what I did was use jobs to create parallel executions of the installation so if there's a computer that for some reason is slower or is just flat out stuck and never ends you can identify it, try the following as is to see how it works and then do the replaces:
#region ######## SetUp #######
$bannerInProgress = #"
#######################
#Jobs are still running
#######################
"#
$bannerDone = #"
##################################################
#DONE see results of finished installations bellow
##################################################
"#
#VARS TO SET
$MinutesToWait = 1
$computers = 1..10 | % {"qwerty"*$_} #REPLACE THIS WITH YOUR COMPUTER VALUES (Get-Content C:\Users\name\Desktop\flash.txt)
#endregion
#region ######## Main #######
#Start Jobs (REPLACE SCRIPTBLOCK OF JOB WITH YOUR INVOKE-COMMAND)
$jobs = [System.Collections.ArrayList]::new()
foreach($computer in $computers){
$jobs.Add(
(Start-Job -Name $computer -ScriptBlock {
Param(
[Parameter(Mandatory=$true, Position=0)]
[String]$computer
)
Sleep -s (Get-Random -Minimum 5 -Maximum 200)
$computer
} -ArgumentList $computer)
) | Out-Null
}
$timer = [System.Diagnostics.Stopwatch]::new()
$timer.Start()
$acceptedWait = $MinutesToWait * 60 * 1000 # mins -> sec -> millis
$running = $true
do {
cls
$jobsRunning = $jobs | Where-Object State -EQ 'Running'
if ($jobsRunning) {
Write-Host $bannerInProgress
foreach ($job in $jobsRunning) {
Write-Host "The job `"$($job.Name)`" is still running. It started at $($job.PSBeginTime)"
}
Sleep -s 3
} else {
$running = $false
}
if($timer.ElapsedMilliseconds -ge $acceptedWait){
$timer.Stop()
Write-Host "Accepted time was reached, stopping all jobs still pending." -BackgroundColor Red
$failed = #()
foreach($job in $jobsRunning){
$output = $job | Receive-Job
$failed += [PsCustomObject]#{
"ComputerName" = $job.Name;
"Output" = $output;
}
$job | Remove-Job -Force
$jobs.Remove($job)
}
$failed | Export-Csv .\pendingInstallations.csv -NoTypeInformation -Force
$running = $false
}
}while($running)
Write-host $bannerDone
$results = #()
foreach($job in $jobs){
$output = $job | Receive-Job
$results += [PsCustomObject]#{
"ComputerName" = $job.Name;
"Output" = $output;
}
}
$results | Export-Csv .\install.csv -NoTypeInformation -Force
#endregion
This script will trigger 10 jobs that only wait and return its names, then the jobs that got completed in the time that you set are consider correct and the ones that didn't are consider as pending, both groups get exported to a CSVfor review. You will need to replace the following to work as you intended:
Add $params = '/i <path to AcroPro.msi> LANG_LIST=en_US TRANSFORMS="1033.mst" /qb' in the SetUp region
Replace the declaration of $computers with $computers = Get-Content C:\Users\name\Desktop\flash.txt
Replace the body of Start-Job scriptblock with Invoke-command from thew first snippet of code in this answer.
you should end-up with something like:
.
.code
.
$params = '/i <path to AcroPro.msi> LANG_LIST=en_US TRANSFORMS="1033.mst" /qb'
#VARS TO SET
$MinutesToWait = 1
$computers = Get-Content C:\Users\name\Desktop\flash.txt
#endregion
#region ######## Main #######
#Start Jobs
$jobs = [System.Collections.ArrayList]::new()
foreach($computer in $computers){
$jobs.Add(
(Start-Job -Name $computer -ScriptBlock {
Param(
[Parameter(Mandatory=$true, Position=0)]
[String]$computer
)
Invoke-Command -ScriptBlock {
Param(
[Parameter(Mandatory=$true,Position=0)]
[String]$arguments
)
return Start-Process msiexec.exe -ArgumentList $arguments -Wait -PassThru
} -ComputerName $computer -ArgumentList $params
} -ArgumentList $computer)
) | Out-Null
}
.
. code
.
I know it looks like a complete mess, but it works.
Hope it helps.
I am trying to run a script that searches/downloads/installs windows updates on remote computers using WinRM. I am running this script as a domain user with Admin access. However, I get an ACCESS Denied error.
Now, I have the script copied over to the remote servers but I am unable to view output to see whether the script is running or not.
OUTPUT I want to see:
# Continue running on other servers on error
$ErrorActionPreference = "Continue"
# Server list
$servers = Get-Content "C:\Users\admin\Desktop\vm-nonprod.txt"
# Logs
$log = "C:\Users\admin\Desktop\log-nonprod.txt"
# Path to script on server list
$scriptpath = "C:\Patch.ps1"
$results = #()
foreach ($server in $servers) {
try {
$Credential = Import-CliXml -Path "C:\Users\admin\Desktop\admin.Cred"
#New-PSSession -ComputerName $server -Credential $Credential
Invoke-Command -ComputerName $server -Credential $Credential -ScriptBlock {$scriptpath} -ArgumentList "Y" | Out-File -FilePath C:\Users\admin\Desktop\WinPatch.txt
#Invoke-Command -ComputerName $server -Credential hhq\admin -FilePath "C:\Users\admin\Documents\Patch.ps1"
#Copy-Item -Path C:\Users\admin\Documents\Patch.ps1 -Destination 'C:\' -ToSession (New-PSSession –ComputerName $server -Credential $Credential)
}
catch {
Write-Output ("Error running script on remote host: " + $server)
}
}
$results | Export-Csv -NoTypeInformation $log
There's a few issues here.
Does the script exist on the server?
Sounds like yes, you have Patch.ps1 in C:\ on each $server
The scriptblock does not run the script - just prints the variable.
To run it, change {$scriptpath} to {. $scriptpath} or {& $scriptpath}
The variable $scriptpath is not in the scriptblock scope - you will have to pass it in the -ArgumentList
Change: {$scriptpath} -ArgumentList "Y"
____To: {param($p); . $p} -ArgumentList $scriptpath
The argument "Y" is being passed to the scriptbock, not the script. The scriptblock is not looking for it, so this value is being lost.
Assume you want it to be passed to the script - this needs to be done in the scriptblock:
{$scriptpath "Y"}
I would recommend getting rid of Out-File until you are happy with the output in the console.
Putting it all together:
-ScriptBlock {$scriptpath} -ArgumentList "Y" | Out-File -FilePath C:\Users\admin\Desktop\WinPatch.txt
-ScriptBlock {param($p); . $p "Y"} -ArgumentList $scriptpath
I believe you have the wrong Invoke-Command commented out. The one that is running only has the user name hhq\admin in the credential parameter. It might be failing due to that because it would be prompting for the password during run-time.
In the below code I was using $scripts variable to iterate through a foreach loop inside the Invoke-Command statement. But $script values are not replacing properly and outcome seems to be single string as "count.sql size.sql". The foreach loop is executing properly if defined outside the Invoke-Command loop.
Is there any particular way to define foreach loop inside Invoke-Command?
$scripts = #("count.sql", "size.sql")
$user = ""
$Password = ""
$SecurePassword = $Password | ConvertTo-SecureString -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential -ArgumentList $User, $SecurePassword
foreach ($server in $servers) {
Invoke-Command -ComputerName $Server -Credential $cred -ScriptBlock {
Param($server, $InputFile, $scripts, $url)
foreach ($script in $scripts) {
echo "$script"
} -ArgumentList "$server,"$scripts","$url"
}
I'm going to assume that the syntax errors in your code are just typos in your question and are not present in your actual code.
The problem you describe has nothing to do with the nested foreach loop. It's caused by the double quotes you put around the arguments you pass to the invoked scriptblock. Putting an array in double quotes mangles the array into a string with the string representations of the values from the array separated by the output field separator defined in the automatic variable $OFS (by default a space). To avoid this behavior don't put variables in double quotes when there is no need to do so.
Change the Invoke-Command statement to something like this:
Invoke-Command -ComputerName $Server -Credential $cred -ScriptBlock {
Param($server, $scripts, $url)
...
} -ArgumentList $server, $scripts, $url
and the problem will disappear.
Alternatively you could use the variables from outside the scriptblock via the using scope modifier:
Invoke-Command -ComputerName $Server -Credential $cred -ScriptBlock {
foreach ($script in $using:scripts) {
echo "$script"
}
}
I've got a working Powershell script and I'd like to have the scriptblock pulled in from an external file.
Working:
$scriptblock = { ... }
invoke-command -ComputerName $server -ScriptBlock $Scriptblock -ArgumentList $server,$team -Credential $credential -asjob -JobName Dashboard_$server -SessionOption (New-PSSessionOption -NoMachineProfile)
Output of "get-job -id | receive-job" is fine
Not working:
# Generate scriptblock from file
$file = Get-Content E:\Dashboard\Windows\winrm_scriptblock.txt
$Scriptblock = $executioncontext.invokecommand.NewScriptBlock($file)
invoke-command -ComputerName $server -ScriptBlock $Scriptblock -ArgumentList $server,$team -Credential $credential -asjob -JobName Dashboard_$server -SessionOption (New-PSSessionOption -NoMachineProfile)
Output of "get-job -id | receive-job" is empty
The contents of winrm_scriptblock.txt is exactly what is included between the braces in the scriptblock variable defined in the working version.
Any assistance is appreciated.
I know you already have answers, but another way to get a scriptblock from a script file is to use the get-command cmdlet:
$sb=get-command C:\temp\add-numbers.ps1 | select -ExpandProperty ScriptBlock
$sb is now the scriptblock for the script.
Very related to the answer from How do I pass a scriptblock as one of the parameters in start-job
If you stored the string "Get-ChildItem C:\temp" in the file "E:\Dashboard\Windows\winrm_scriptblock.txt" then this code should output the contents of the folder "C:\temp" on your local machine.
Invoke-Command -ScriptBlock ([scriptblock]::Create((Get-Content "E:\Dashboard\Windows\winrm_scriptblock.txt")))
Parameters
As far as passing parameters goes Pass arguments to a scriptblock in powershell covers that answer as well. As Keith Hill states: a scriptblock is just an anonymous function
Consider the following file contents
param(
$number
)
$number..2 | ForEach-Object{
Write-Host "$_ lines of code in the file."
}
And the command
Invoke-Command -ScriptBlock ([scriptblock]::Create((Get-Content "E:\Dashboard\Windows\winrm_scriptblock.txt"))) -ArgumentList "99"
Would give you the annoying output of
99 lines of code in the file.
98 lines of code in the file.
97 lines of code in the file.
....
Any reason not to just use the -FilePath parameter of Invoke-Command?
you must extract {} from E:\Dashboard\Windows\winrm_scriptblock.txt