blog.powershell.no

On Windows PowerShell and other admin-related topics

Introducing the PowerShell Network Adapter Configuration module

For a Windows administrator, working with network adapters is a common task. A common approach many companies use is configuring servers with static IP addresses (IPv4) and clients using DHCP. The IP address is just one of many properties of a network adapter, as we also have properties like subnet mask, default gateway, DNS server search order and so on. Configuring these properties is usually performed during the initial setup of a computer, either manually or by a deployment mechanism.

The configuration of a network adapter is mostly static, however, from time to time some properties might need to be changed. In example the subnet on a network is expanded to meet new requirements, and thus the subnet mask property must be updated on computers not using DHCP. Another scenario is the setup of new DNS servers, with a decision not to keep the existing DNS servers` IP addresses. I recently faced the last scenario, where several hundred servers configured with static IP addresses needed to have their DNS configuration updated. Using Windows PowerShell the task can be automated, even if we need to perform the task on 10, 100 or 1000 servers. However, the more computers a script is run against, the more important it is to implement proper error handling and logging to keep track of which computers is updated.

The above task is just one of many potential tasks for configuring a network adapter. Since I was unable to find any existing PowerShell module/library for working with network adapters on Windows systems, I decided to create a project on Codeplex:

 

The PowerShell Network Adapter Configuration module

The PowerShell Network Adapter Configuration (PSNetAdapterConfig) module is a PowerShell module for working with network adapters on Windows-based computers. The module is using Windows Management Instrumentation (WMI) to retrieve and configure properties of network adapters.

The current release of the module makes use of the following WMI-classes:

The module currently contains 4 functions:

  • Get-DNSServerSearchOrder – get the DNS client settings for a network adapter (the property name is DNSServerSearchOrder)
  • Get-NetConnectionId – get the name of a network adapter (the property name is NetConnectionId)
  • Set-DNSServerSearchOrder – change the configured DNSServerSearchOrder. This function contains two parameter sets, one for replacing the current DNSServerSearchOrder property value, the other for adding/removing IP addresses from the current value
  • Set-NetConnectionId – change the name of a network adapter. In example, change the name from “Local Area Connection” to “Server VLAN 42”

I will add functions to the module when I find time, but I also hope that people in the community will contribute by either improving the existing functions, providing suggestions or creating new functions.

When downloading a PowerShell module from the internet (typically a zip-file), beginners often get into problems because they don`t know that the file first needs to be unblocked (Right-click the zip-file->Properties->Unblock). To overcome this challenge I created a Windows installer (MSI) file which is easy to install and does not need to be unblocked:

image

The default install path is %userprofile%\Documents\WindowsPowerShell\Modules, and the user have the option to override the module path.

The installer was created using Windows XML Installer (Wix), based on Chad Miller`s blog-post Building A PowerShell Module Installer.

When the module is installed, we can use Import-Module to import the module, and Get-Command to list the available commands:

image

As we can see there is also an alias for each of the commands (functions).

By using Get-Help we can see available parameters along with their descriptions, as well as several examples:

image

The functions supports both ValueFromPipeline and ValueFromPipelineByPropertyName, which means we can leverage the PowerShell pipeline. Have a look at example 3 on the above image to see how computers can be retrieved from Active Directory using Get-ADComputer, and then piped directly into the Set-DNSServerSearchOrder function.

The functions outputs PowerShell objects, which mean we can use regular PowerShell techniques to work with the data, in example converting the objects to HTML or CSV. I typically use Export-Csv to output the data to CSV-files which in turn can be converted to Excel spreadsheets:

image

 

The functions is using a try/catch construct, using the following logic:

  1. Ping the computer, if unsuccessful the property “Connectivity” on the output object is set to “Failed (ping”)
  2. Connect to the computer using WMI, if unsuccessful the property “Connectivity” on the output object is set to “Failed (ping”)
  3. The property “Connectivity” on the output object is set to “Successful” if step 1 and 2 succeeds
  4. Retrieve or change the applicable properties using WMI

When working with a large number of computers we can use Sort-Object in PowerShell to filter the output objects based on the Connectivity property, or the sorting functionality in Microsoft Excel if the output objects is piped to a CSV-file.

 

The final example I will show is using the Set-NetConnectionId function. On a test-computer we have a network adapter named “Local Area Connection 5”:

image

Using Set-ConnectionId we can specify the subnet for which network adapter to perform the change on (the above network adapter has an IP address of 192.168.56.10) and specify the new name of the network connection:

image

When the command has run we can see that the connection name for the adapter has changed:

image

One additional feature that might be included to this function is the ability to provide a hash-table with a mapping of subnets and NetConnectionIds, which will make it easy to create a consistent naming convention for network adapters.

As a final note, all functions has a Logfile parameter, allowing us to log error message to the specified file.

 

Requirements

  • Windows PowerShell 2.0
  • ICMP (ping) and WMI firewall openings from the computer running the module to the target computers
  • Administrator permissions on the target computers

To avoid the firewall requirements, a workaround is running the functions from a PowerShell script locally on target computers using a software distribution product like System Center Configuration Manager.
Another option is to run the functions over PowerShell remoting.

 

Download and feedback

The module is available for download on the Codeplex project site http://psnetadapterconfig.codeplex.com. Please use the Discussions and Issue Tracker sites on the project site to report bugs and feature requests.

 

Resources

The functions is too long to walkthrough in a blog-post, so I will direct you to the following resources to get started working with advanced functions and modules in PowerShell:

An Introduction to PowerShell Modules by Jonathan Medd.

An Example ScriptModule and Advanced Function by Don Jones.

Ten tips for better PowerShell functions by James O`Neill.

Maximize the reuse of your PowerShell by James O`Neill.

Advertisements

November 22, 2011 Posted by | Remote Management, Scripting, Server management, Windows PowerShell | , , , , | 1 Comment

Lync Server 2010 Remote Administration

When Lync Server 2010 is deployed, there are two main administration tools:

  • Lync Server Control Panel
  • Lync Server Management Shell

Both are available from the Start-menu on a Lync Server:

image

 

Lync Server Control Panel

The Lync Server Control Panel are a web-based graphical administration tool built on Silverlight:

image

When deploying Lync, an administrative access URL needs to be specified, i.e. https://lync-admin.contoso.local. This makes it possible to administer the Lync Server 2010 environment from any web-based client that supports Silverlight.
In fact, every operation we`re performing in the Lync Server Control Panel is running PowerShell Lync cmdlets in the background.

 

Lync Server Management Shell

The Lync Server Management Shell is based on Windows PowerShell 2.0:

image

Like Exchange Server 2010, Lync Server 2010 provides an IIS (Internet Information Services) PowerShell provider.

This makes it possible to administer the Lync Server 2010 environment using PowerShell remoting. An example:

001
002
$session = New-PSSession -ConnectionUri https://lync-admin.contoso.local/OcsPowershell -Credential (Get-Credential)
Import-PSSession -Session $session

 

When running the above example, you are prompted for credentials. Specify a domain user account that has been delegated permissions to administer the Lync Server 2010 environent, i.e. one of the default security groups CSAdministrator or RTCUniversalServerAdmins. When the session are successfully established all cmdlets in the remote session are imported to your local PowerShell-session. This is what`s called PowerShell implicit remoting.

 

Additional resources

Lync Server TechCenter

Microsoft TechNet: Lync Server Management Shell

Lync Server PowerShell Blog

NextHop

December 5, 2010 Posted by | Lync Server 2010, Remote Management, SBS 2008, Windows PowerShell | | 3 Comments

Generate an installation-report for specific hotfixes using Windows PowerShell

Windows PowerShell 2.0 contains a cmdlet called Get-HotFix, which retrieves installed hotfixes from the local computer or specified remote computers.

This is quite useful when you need to check if a particular hotfix is installed prior to installing new software that requires a specific set of hotfixes, or when a critical security hotfix is released and you want to make sure the hotfix is installed.

The Get-HotFix cmdlet retrieves all hotfixes installed by Component-Based Servicing. If you would like to know more about CBS, I would recommend the article Understanding Component-Based Servicing on the Windows Server Performance Team`s blog.

When you need to check several computers, and maybe also check for several hotfixes, it might be a time consuming process to run Get-HotFix against each computer and also keep track of the status for each computer/hotfix. To ease this scenario, I`ve written a script named Get-HotFixReport.ps1.

 

Get-HotFixReport.ps1 overview

  • Retrieves the computers to run Get-HotFix against using the Get-ADComputer cmdlet, which is available in Microsoft`s PowerShell-module for Active Directory
  • Loops through each computer and creates a custom object for every hotfix, containing information about the installation of the current hotfix for the current computer. Any error that occurs is also stored in the custom object. Get-HotFix are only run if the current computer responds to a ping request.
  • Every custom object are added to an array, which at last are exported to a csv-file.

The following three variables must be customized before running the script:

   1: $Computers = Get-ADComputer -Filter * -Properties Name,Operatingsystem | Where-Object {$_.Operatingsystem -like "*server*"} | Select-Object Name

   2: $HotFix = "KB979744,KB979744,KB983440,KB979099,KB982867,KB977020"

   3: $CsvFilePath = "C:\temp\$hotfix.csv"

The example above retrieves all computer objects in Active Directory running a Windows Server operating system. You may specify only one computer, or a secific Organizational Unit, if required.

In the HotFix-variable you need to specify one or more hotfixes to check for. If more than one are specified, they must be separated with a comma. The hotfix-variable in the example above contains all hotfixes that are the prerequisites to install Exchange Server 2010 SP1 on Windows Server 2008 R2.

The csv-file may be opened in Microsoft Office Excel where it`s possible to apply filters to sort on e.g. “true” in the HotfixInstalled-column:

image

 

Note that the Get-HotFix cmdlet actually leverages the Win32_QuickFixEngineering WMI-class, and thus, it would be possible to run the script under Windows PowerShell 1.0 if you replace Get-HotFix with Get-WmiObject -Class Win32_QuickFixEngineering.

Of course you might also choose other ways to retrieve the computer-list, e.g. a csv-file, a txt-file or by using Quest`s PowerShell commands for Active Directory.

October 31, 2010 Posted by | Desktop management, Remote Management, Scripting, Server management, Windows PowerShell, Windows Update | , , | Leave a comment

Dynamic Remote Desktop Connection Manager connection list

Microsoft recently released a free tool for managing multiple remote desktop connections called “Remote Desktop Connection Manager”.

A sample screenshot:

image

There are several nice features, such as “Connect group” which lets you connect to all servers in a group at once:

image

On the “Group Properties” you may set common settings for all connections in the group, like logon credentials:

image

Further, there are group properties for RDS Gateway (formerly TS Gateway), display settings, local resources and so on.

There are several applications for remote desktop connections on the market, and some of them got these settings as a per server setting. It`s nice to be able to group servers and configure common settings.

Dynamically creating the connection list

When you work in larger environments with hundreds, maybe thousands of servers, setting up each connection manually isn`t an option.

Since Remote Desktop Connection Manager stores the config-files in xml-files, it`s rather easy to create dynamic config-files for a domain using Windows PowerShell. I`ve created a script to accomplish this, called New-RDCManFile.ps1, available from here. It uses Microsoft`s PowerShell-module for Active Directory, which is available in Windows Server 2008 R2 and RSAT for Windows 7.

The script does the following:
Creates a template xml-file
Inserts the logged on user`s domain name in the file properties
Inserts the logged on user`s domain name in the group properties
Inserts the logged on user`s username in the logoncredentials section
Inserts the logged on user`s domain name in the logoncredentials section
Retrieves all computer objects from Active Directory with the word “server” in the operatingsystem property
Adds each computer object as a server object
Saves the XML-file to %userprofile%\domain-name.rdg

When done you can open the rdg-file in Remote Desktop Connection Manager. I would recommend you to insert your password in the Group Properties to avoid being asked for credentials for each connection.

Feel free to customize the script to your needs, in example by editing the XML-template to edit the Group Properties. Another customization might be creating a group for each server OU for enhanced overview in larger environments.

If you would rather use Quest`s PowerShell Commands for Active Directory (which works on downlevel operatingsystems like Windows XP and Windows Server 2003), or any other way to retrieve the server names, you may customize this on line 110.

You might also want to schedule the script to run on a regular basis, saving the file to a central location. This way the IT personnel will always have access to the latest version with the most recent servers added.

If you got any further ideas or comments, please let me know in the comments section below.

June 2, 2010 Posted by | Active Directory management, Remote Desktop Services, Remote Management, RSAT, Scripting, Windows 7, Windows PowerShell, Windows Server 2008 R2 | 19 Comments