Posts Tagged ‘PowerShell’

Jun 25

I had the need to automate moving about 50 ISO files from one datastore to another during a storage array migration a short while ago, so I wanted to share this script with you all in case you ever find the need for this or similar.

It’s rather simple, and you just need to edit this with the names of your datastores and folder structure (top folder only):

#Set's Old Datastore
$oldds = get-datastore "Old Datastore Name"

#Set's New Datastore
$newds = get-datastore "New Datastore Name"

#Set's ISO Folder Location
$ISOloc = "Subfolder_Name\"

#Map Drives
new-psdrive -Location $oldds -Name olddrive -PSProvider VimDatastore -Root "\"
new-psdrive -Location $newds -Name newdrive -PSProvider VimDatastore -Root "\"
#Copies Files from Old to New
copy-datastoreitem -recurse -item olddrive:\$ISOloc* newdrive:\$ISOloc

Line 1: Change the script to have the name of the datastore you are moving the files FROM.
Line 5: Change the script to have the name of the datastore you are moving the files TO.
Line 8: Change the script to have the name of your ISO subdirectory. Do not remove the “\” unless you have no subfolder.
Lines 11 & 12: Maps PowerShell drives to those datastores.
Line 14: Copies the files.



I’ve had a need to reset password’s for accounts on an automated basis more so recently than before, so not knowing where to start, I took a look around the internet and found some pieces of code here and there that would start to fulfill my needs.

Basically, I was setting up an 802.11x authenticated wireless network, and had a requirement to automate the password change of a RADIUS authenticated Guest account that was sat in a locked down OU in the domain. This then needed to be random, secure and e-mailed to a public folder so that the employees could give their guests access to the guest network. The script just needs to be added to a scheduled task to run monthly. So I eventually ended up with this:

import-module activedirectory

[int] $len = 12
[string] $chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
$bytes = new-object "System.Byte[]" $len
$rng = new-object System.Security.Cryptography.RNGCryptoServiceProvider
$rng.GetBytes($bytes)
$result = ""
for( $i=0; $i -lt $len; $i++ )
{
$result += $chars[ $bytes[$i] % $chars.Length ] 
}
$result

$securestring = ConvertTo-securestring $result -asplaintext -force

get-aduser "GuestUserName" | set-adaccountpassword -newpassword $securestring

$month= get-date -format MMMM

###Sets the mail values
$FromAddress = "Wireless_Guest@some-domain.com"
$ToAddress = "public-folder@some-domain.com"
$MessageSubject = "New Wireless Guest Details for $month"
$MessageBody = "Username: GuestUserName          Password: $result"
$SendingServer = "my.mail-relay.com"

###Create the mail message and add the statistics text file as an attachment
$SMTPMessage = New-Object System.Net.Mail.MailMessage $FromAddress, $ToAddress, $MessageSubject, $MessageBody

###Send the message
$SMTPClient = New-Object System.Net.Mail.SMTPClient $SendingServer
$SMTPClient.Send($SMTPMessage)

In short:

Line 3: Specifies the number of characters in the generated password.
Line 4: The characters that can be used to generate the password.
Line 17: Reset’s the password on the AD account.
Line 19: Generates the month in long format to add to the e-mail Subject.
Line 22-26: Variables used for sending the e-mail.
Line 29: Generates the e-mail.
Lines 32 & 33: Sends the e-mail.



At last!!! VMware Labs have released a package to add VDS functions into PowerCLI!

It is a Fling though that was only released yesterday, so it’s not going to have any official support from VMware, and currently only supports Windows XP, 2003 and 2008 (no mention of 2008 R2 here). You also need to be running PowerCLI 4.1.1 or later.

You can import the snap-ins like this:

Add-PSSnapin VMware.VimAutomation.VdsComponent

And list the cmdlets like this:

Get-Command –Module VMware.VimAutomation.VdsComponent

You can download them from here:

Vmware Labs PowerCLI VDS Download

And you can get some more information from Virtu-Al.net here:

Virtual-Al.net



Having some sites recently migrating from older SBS platforms to the latest 2011 release I found a need for a script to alter the login script settings for all users.

Whilst these days I’m primarily setting login scripts via Group Policy Objects there’s still a need to clean-up and remove the login script path from the user objects in Active Directory.

All of the below scripts need you to run this either on your Domain Controller, or via a machine with the Remote Server Admin Tools (RSAT) installed.

This little 2 liner will remove the currently configured script path for all users:

import-module activedirectory
get-aduser -filter * | set-aduser -scriptpath $null

This one will remove it dependant on user name (which you’ll input within PowerShell):

$username = read-host
import-module activedirectory
get-aduser $username | set-aduser -scriptpath $null

Finally, if you want to change the login script path, you’ll need to replace $null on the last line as per this example:

$username = read-host
import-module activedirectory
get-aduser $username | set-aduser -scriptpath '\\ServerName\Netlogon\script.vbs'


OK, this is something I’ve been using for a while and wanted to share with you, as I’ve been asked for it a couple of times now.

I’ve got a pair of Cisco ASA’s at the perimeter of our network, and I needed a way some time ago to edit it’s configuration in a scripted manner, so, I started looking at PowerShell and SSH connections, and this didn’t get me anywhere, so I started to look at PLINK.exe. PLINK is almost a spin-off from PuTTY, a free remote connection tool that supports SSH. PLINK is scriptable, in that you can pass it a text file, and it’ll run each line of that file as seperate commands. Simply enough, the powershell script below will echo out to a file any commands you need, then start PLINK and run the code. If it’s a system that you’ve not connected to before, and don’t have the key saved in your registry, you’ll be prompted to accept it.

$ASApw = "MyPassword"
$ASAIP = "MyASAIPAddress"
$ASAUser = "MySSHUserName"
$ASAEnablepw = $ASApw

#Modifies the ASA firewall
#Starts by writing a "commands" file#
echo en >>unicode.txt
echo $ASAEnablepw >>unicode.txt
echo "conf t" >>unicode.txt
echo "show run access-group"
echo exit >>unicode.txt
echo exit >>unicode.txt

#Converts the file to ASCII format (separate file)#
$lines = gc "unicode.txt"
$lines | out-file -encoding Ascii -filepath commands.txt

#Using the command file and plink.exe connects and runs the commands #
./plink.exe -ssh -l $ASAUser -pw $ASApw $ASAIP -m commands.txt

#removes the files it created earlier#
del unicode.txt
del commands.txt

In the above example, the ASA will be asked to show it’s running config’s access-group configuration. You’ll need to modify the echo lines to get this to perform other actions (I use this script to modify static mapping entries and access-lists for example). You’ll also need to modify “$ASAIP”,”$ASAUSer” and “$ASApw” with your IP address, SSH Username and SSH password. The script assumes that the enable password matches this, but if not, edit the “$ASAEnablepw”, and add your enable password there. If you don’t like storing password this way (I don’t particularly) then you can always change these to “read-host” to request the entry from the Powershell command line.


%d bloggers like this: