Premkumar Yogeswaran's Blog

Active Directory | PowerShell | DNS | DHCP | Exchange Server | VM Ware

Archive for July, 2012

PowerShell Ramp Up Guide

Posted by Premkumar Yogeswaran on July 28, 2012

I want to go through the following:

  • Understanding PowerShell
  • Understanding of Basic Concepts
  • PowerShell in Practice
  • Technology-specific PowerShell
  • Breaking News
  • Resources

Understand PowerShell

As I suspect is the case for most of you reading this, I started off using PowerShell as an IT Admin before I was employed by MS. I was driven by a need to accomplish a task, but once I’d started learning the language, the possibilities showed themselves all over the place. So the first piece of advice I’d give is to find a problem to solve, and solve it. This may be as simple as translating an existing script from another language into PowerShell, or it may involve writing something that will manage your entire estate for you while you put your feet up – note, if it’s the latter, I will require a copy sending through…

The first key point is to understand what PowerShell is, and what it’s not:

  • PowerShell is more than just a scripting language; it’s a full object-oriented programming language. This does mean that any prior programming experience will be beneficial, but it’s simple in its implementation, and uses common concepts.
  • It is consistent, and chock full of descriptions, syntax guides and examples.
  • It is designed to help admins and others wishing to script tasks, and the built-in help is designed in this way, to assist admins who aren’t familiar with programming techniques to get the most out of it.
  • It is not going anywhere – it is applied across most current MS products, and will be in new ones for the foreseeable future, which means that once a technique is acquired, this can be rinsed and repeated across Windows Server, AD, Exchange, SQL and many other technologies, and any investment of time or money spent learning it will reap rewards for a long time to come.
  • Most importantly of all, it is not scary, and it’s not difficult to quickly start writing your first scripts.

Understanding of Basic Concepts

With the above said, the next step is to begin to understand PowerShell and its basic concepts:

Something a little more hands on:

And a structured course including demos and labs:

PowerShell in Practice

Once you’ve achieved a level of comfort with PowerShell itself, you’ll want to start putting it in to practice. Each major Server Technology ships with its own PowerShell module or snap-in, so there is one for AD, Exchange, Sharepoint etc. These are outside of the scope of this article, but there will be some links at the bottom to help you to find resources to learn about these.

In order to start using PowerShell usefully, here are some server management specific resources:

You’ve probably also got scripts written in VB that you would like to convert to PowerShell. Well, we can help with that too:

Finally, there’s a follow-up course to the one above that builds and introduces more advanced concepts:

Technology-specific PowerShell

Once the fundamentals of PowerShell are understood, applying them to any given technology is simply a case of learning the cmdlets for that technology and then implementing the techniques. Here are a few links to cmdlets for some common technologies:

Alternatively, using get-command –module <modulename> will list all the commands contained in that module, e.g. get-command –module ActiveDirectory will show all the commands loaded by the ActiveDirectory PS module

Breaking News!

Just as I was finishing up writing this post, CTP1 was released for the Management Framework 3. There’s a post on the PowerShell blog, which also links to the download, and I’d be very surprised if there weren’t some really cool features coming. Bear in mind that this is the version that will ship in Win8, so get comfortable with it now to give yourself a headstart when Win8’s released. But do yourself a favour, don’t put it on your primary machine, because it’s only pre-release code at the moment!


The MS Events site

The MS Events site is a one-stop shop for all sorts of webcasts, podcasts and virtual labs. The link is to a search for PowerShell specific posts, but there are a lot of other resources for other technologies too.


Code Repositories

  • The Scripting Games is an event held by the Scripting Guy to provide problems to enable you to learn PowerShell. So if you’re stuck finding a problem to solve, check it out and try to solve them. Answers are available too, so you can check how you’re doing.
  • The Code Repository contains scripts submitted by both MS employees and PS enthusiasts.
  • The PowerShell Guy’s Blog is another site containing code samples and discussion.
  • PowerShell Code Repository has more for you to enjoy.

Posted in Active Directory, PowerShell | 1 Comment »

Windows 2008 R2 Failover Clustering Ramp Up Guide

Posted by Premkumar Yogeswaran on July 28, 2012

It is always a good idea to read the white papers for a technology as they give you a good overview of the product/feature. You can always deeper when you have a good grounding.

Understand the basics

A good foundation into the technology will help you develop further as you dive deeper into specific areas. Although not essential it is nice to know what was released and with what version.

Step-by-step guides

These particular guides are very well written as they walk you through various scenarios end to end. They start off with the basics and then focus on specific tasks.

Microsoft iSCSI Initiator

This tool is extremely useful in a test environment/lab. The guides here show you how to install and configure the tool so you can build your own test cluster which you can then use to ramp up further.

Specific task based information

This lists contain deep dive information into specific parts of Failover Clustering. They focus on one given aspect of the technology and provide detailed information.

PowerShell for Failover Clustering

Whist I knew a little bit about PowerShell at the operating system level I did not know that there were so many cmdlets specific for clustering. These links helped me understand the cmdlets as well as helped me transition my Cluster.exe knowledge to PowerShell. As Cluster.exe will be deprecated in later versions of Failover Clustering is the right time to get your hands dirty and try out the cmdlets.

Multi-Site Failover Cluster

A vast improvement in Windows 2008 R2 Failover Clustering is the support for multi-site clustering. This technology will definitely be used many companies and it is definitely worth knowing well.

Additional Resources

Blogs and webcasts a very useful way of learning specific information. If like me you are a visual learner you will enjoy the webcasts as they provide some in depth knowledge in the specific areas.

Blogs & Blog sites

Webcasts & Podcasts

Other useful links

Premier WorkshopPLUS

Posted in Active Directory | Leave a Comment »

Active Directory Domain Services Ramp Up Guide

Posted by Premkumar Yogeswaran on July 28, 2012

Product Overview




Installing and Configuring Active Directory Domain Services



Managing Active Directory Domain Services


Active Directory Replication

Monitoring and Reliability

TechNet Virtual Labs

Further Learning


Microsoft Exams


Premier Offerings:

Posted in Active Directory | Leave a Comment »

Active Directory Designing – MS (Server 2008)

Posted by Premkumar Yogeswaran on July 28, 2012

Found a good document in PDF for the AD designing in MS site.

Posted in Active Directory | Leave a Comment »

Active Directory Command Lines

Posted by Premkumar Yogeswaran on July 7, 2012

FSMO Roles
ntdsutilroles Connections "Connect to server %logonserver%" Quit "selectOperation Target" "List roles for conn server" Quit Quit Quit
[JDH: This is really a series of steps, not a single command
Domain Controllers
Nltest /dclist:%userdnsdomain%
Domain Controller IP Configuration
for /f %i in (‘dsquery server -domain %userdnsdomain% -o rdn’) do psexec \\%i ipconfig /all
Stale computer accounts
dsquery computer domainroot -stalepwd 180 -limit 0
Stale user accounts
dsquery user domainroot -stalepwd 180 -limit 0
Disabled user accounts
dsquery user domainroot -disabled -limit 0
AD Database disk usage
for /f %i in (‘dsquery server -domain %userdnsdomain% -o rdn’) do dir \\%i\admin$\ntds
Global Catalog Servers from DNS
dnscmd %logonserver% /enumrecords %userdnsdomain% _tcp | find /i "3268"
Global Catalog Servers from AD
dsquery * "CN=Configuration,DC=forestRootDomain" -filter "(&(objectCategory=nTDSDSA)(options:1.2.840.113556.1.4.803:=1))"
Users with no logon script
dsquery * domainroot -filter"(&(objectCategory=Person)(objectClass=User)(!scriptPath=*))"-limit 0 -attr sAMAccountName sn givenName pwdLastSet distinguishedName
User accounts with no pwd required
dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(userAccountControl:1.2.840.113556.1.4.803:=32))"
User accounts with no pwd expiry
dsquery * domainroot -filter"(&(objectCategory=Person)(objectClass=User)(userAccountControl:1.2.840.113556.1.4.803:=65536))"
User accounts that are disabled
dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(userAccountControl:1.2.840.113556.1.4.803:=2))"

DNS Information
for /f %i in (‘dsquery server -domain %userdnsdomain% -o rdn’) do dnscmd %i /info
DNS Zone Detailed information
dnscmd /zoneinfo %userdnsdomain%
Garbage Collection and tombstone
dsquery * "cn=Directory Service,cn=WindowsNT,cn=Services,cn=Configuration,DC=forestRootDomain" -attrgarbageCollPeriod tombstoneLifetime
Netsh authorised DHCP Servers
netsh dhcp show server
DSQuery authorised DHCP Servers
Dsquery * "cn=NetServices,cn=Services,cn=Configuration, DC=forestRootDomain" -attr dhcpServers
DHCP server information
netsh dhcp server \\DHCP_SERVER show all
DHCP server dump
netsh dhcp server \\DHCP_SERVER dump
WINS serer information
Netsh wins server \\WINS_SERVER dump
Group Policy Verification Tool
gpotool.exe /checkacl /verbose
AD OU membership
dsquery computer -limit 0
AD OU membership
dsquery user -limit 0
List Service Principal Names
for /f %i in (‘dsquery server -domain %userdnsdomain% -o rdn’) do setspn -L %i
Compare DC Replica Object Count
dsastat ?s:DC1;DC2;… ?b:Domain ?gcattrs:objectclass ?p:999
Check AD ACLs
acldiag dc=domainTree
NTFRS Replica Sets
for /f %i in (‘dsquery server -domain %userdnsdomain% -o rdn’) do ntfrsutl sets %i
for /f %i in (‘dsquery server -domain %userdnsdomain% -o rdn’) do ntfrsutl ds %i
Domain Controllers per site
Dsquery * "CN=Sites,CN=Configuration,DC=forestRootDomain" -filter (objectCategory=Server)
DNS Zones in AD
for /f %i in (‘dsquery server -o rdn’) do Dsquery * -s %i domainroot -filter (objectCategory=dnsZone)
Enumerate DNS Server Zones
for /f %i in (‘dsquery server -o rdn’) do dnscmd %i /enumzones
Subnet information
Dsquery subnet ?limit 0
List Organisational Units
Dsquery OU
ACL on all OUs
For /f "delims=|" %i in (‘dsquery OU’) do acldiag %i
Domain Trusts
nltest /domain_trusts /v
Print DNS Zones
dnscmd DNSServer /zoneprint DNSZone
Active DHCP leases
For /f %i in (DHCPServers.txt) do for /f "delims=- " %j in (‘"netshdhcp server \\%i show scope | find /i "active""’) do netsh dhcp server\\%i scope %j show clientsv5
DHCP Server Active Scope Info
For /f %i in (DHCPServers.txt) do netsh dhcp server \\%i show scope | find /i "active"
Resolve DHCP clients hostnames
for /f "tokens=1,2,3 delims=," %i in (Output from ‘Find Subnets fromDHCP clients’) do @for /f "tokens=2 delims=: " %m in (‘"nslookup %j |find /i "Name:""’) do echo %m,%j,%k,%i
Find two online PCs per subnet
Echo. > TwoClientsPerSubnet.txt & for /f "tokens=1,2,3,4delims=, " %i in (‘"find /i "pc" ‘Output from Resolve DHCP clientshostnames’"’) do for /f "tokens=3 skip=1 delims=: " %m in (‘"Find /i /c"%l" TwoClientsPerSubnet.txt"’) do If %m LEQ 1 for /f %p in (‘"ping -n1 %i | find /i /c "(0% loss""’) do If %p==1 Echo %i,%j,%k,%l
AD Subnet and Site Information
dsquery * "CN=Subnets,CN=Sites,CN=Configuration,DC=forestRootDomain" -attr cn siteObject description location
AD Site Information
dsquery * "CN=Sites,CN=Configuration,DC=forestRootDomain" -attr cn description location -filter (objectClass=site)
Printer Queue Objects in AD
dsquery * domainroot -filter "(objectCategory=printQueue)" -limit 0
Group Membership with user details
dsget group "groupDN" -members | dsget user -samid -fn -mi -ln -display -empid -desc -office -tel -email -title -dept -mgr
Total DHCP Scopes
find /i "subnet" "Output from DHCP server information" | find /i "subnet"
Site Links and Cost
dsquery * "CN=Sites,CN=Configuration,DC=forestRootDomain" -attr cn costdescription replInterval siteList -filter (objectClass=siteLink)
Time gpresult
timethis gpresult /v
Check time against Domain
w32tm /monitor /computers:ForestRootPDC
Domain Controller Diagnostics
dcdiag /s:%logonserver% /v /e /c
Domain Replication Bridgeheads
repadmin /bridgeheads
Replication Failures from KCC
repadmin /failcache
Inter-site Topology servers per site
Repadmin /istg * /verbose
Replication latency
repadmin /latency /verbose
Queued replication requests
repadmin /queue *
Show connections for a DC
repadmin /showconn *
Replication summary
Repadmin /replsummary
Show replication partners
repadmin /showrepl * /all
All DCs in the forest
repadmin /viewlist *
ISTG from AD attributes
dsquery * "CN=NTDS Site Settings,CN=siteName,CN=Sites,CN=Configuration,DC=forestRootDomain" -attr interSiteTopologyGenerator
Return the object if KCC Intra/Inter site is disabled for each site
Dsquery site | dsquery * -attr * -filter "(|(Options:1.2.840.113556.1.4.803:=1)(Options:1.2.840.113556.1.4.803:=16))"
Find all connection objects
dsquery * forestRoot -filter (objectCategory=nTDSConnection) ?attr distinguishedName fromServer whenCreated displayName
Find all connection schedules
adfind -b "cn=Configuration,dc=qraps,dc=com,dc=au" -f "objectcategory=ntdsConnection" cn Schedule -csv
Software Information for each server
for /f %i in (Output from ‘Domain Controllers’) do psinfo \\%i &filever \\%i\admin$\explorer.exe \\%i\admin$\system32\vbscript.dll\\%i\admin$\system32\kernel32.dll \\%i\admin$\system32\wbem\winmgmt.exe\\%i\admin$\system32\oleaut32.dll
Check Terminal Services Delete Temp on Exit flag
For /f %i in (Output from ‘Domain Controllers’) do Reg query"\\%i\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TerminalServer" /v DeleteTempDirsOnExit
For each XP workstation, query the current site and what Group Policy info
@dsquery * domainroot -filter"(&(objectCategory=Computer)(operatingSystem=Windows XPProfessional))" -limit 0 -attr cn > Workstations.txt & @For /f%i in (Workstations.txt) do @ping %i -n 1 >NUL & @if ErrorLevel0 If NOT ErrorLevel 1 @Echo %i & for /f "tokens=3" %k in (‘"regquery "\\%i\hklm\software\microsoft\windows\currentversion\grouppolicy\history" /v DCName | Find /i "DCName""’) do @for /f %m in(‘"nltest /server:%i /dsgetsite | find /i /v "completedsuccessfully""’) do @echo %i,%k,%m
Information on existing GPOs
dsquery * "CN=Policies,CN=System,domainRoot" -filter"(objectCategory=groupPolicyContainer)" -attr displayName cnwhenCreated gPCFileSysPath
Copy all Group Policy .pol files
for /f "tokens=1-8 delims=\" %i in (‘dir /b /s\\%userdnsdomain%\sysvol\%userdnsdomain%\policies\*.pol’) do @echo copy\\%i\%j\%k\%l\%m\%n\%o %m_%n.pol
Domain Controller Netlogon entries
for /f %i in (‘dsquery server /o rdn’) do echo %i & reg query\\%i\hklm\system\currentcontrolset\services\netlogon\parameters
WINS Statistics
for /f "tokens=1,2 delims=," %i in (WINSServers.txt) do netsh wins server \\%i show statistics
WINS Record counts per server
for /f "tokens=1,2 delims=," %i in (WINSServers.txt) do netsh wins server \\%i show reccount %i
WINS Server Information
for /f "tokens=2 delims=," %i in (WINSServers.txt) do netsh wins server \\%i show info
WINS Server Dump
for /f "tokens=2 delims=," %i in (WINSServers.txt) do netsh wins server \\%i dump
WINS Static Records per Server
netsh wins server \\LocalWINSServer show database servers={} rectype=1
Find policy display name given the GUID
dsquery * "CN=Policies,CN=System,DC=domainRoot" -filter (objectCategory=groupPolicyContainer) -attr Name displayName
Find empty groups
dsquery * -filter "&(objectCategory=group)(!member=*)" -limit 0-attr whenCreated whenChanged groupType sAMAccountNamedistinguishedName memberOf
Find remote NIC bandwidth
wmic /node:%server% path Win32_PerfRawData_Tcpip_NetworkInterface GET Name,CurrentBandwidth
Find remote free physical memory
wmic /node:%Computer% path Win32_OperatingSystem GET FreePhysicalMemory
Find remote system information
SystemInfo /s %Computer%
Disk statistics, including the number of files on the filesystem
chkdsk /i /c
Query IIS web sites
iisweb /s %Server% /query "Default Web Site"
Check port state and connectivity
portqry -n %server% -e %endpoint% -v
Forest/Domain Functional Levels
ldifde -d cn=partitions,cn=configuration,dc=%domain% -r"(|(systemFlags=3)(systemFlags=-2147483648))" -lmsds-behavior-version,dnsroot,ntmixeddomain,NetBIOSName -p subtree -fcon
Forest/Domain Functional Levels
dsquery * cn=partitions,cn=configuration,dc=%domain% -filter"(|(systemFlags=3)(systemFlags=-2147483648))" -attrmsDS-Behavior-Version Name dnsroot ntmixeddomain NetBIOSName
Find the parent of a process
wmic path Win32_Process WHERE Name=’notepad.exe’ GET Name,ParentProcessId
Lookup SRV records from DNS
nslookup -type=srv _ldap._tcp.dc._msdcs.{domainRoot}
Find when the AD was installed
dsquery * cn=configuration,DC=forestRootDomain -attr whencreated -scope base
Enumerate the trusts from the specified domain
dsquery * "CN=System,DC=domainRoot" -filter "(objectClass=trustedDomain)" -attr trustPartner flatName
Find a DC for each trusted domain
for /f "skip=1" %i in (‘"dsquery * CN=System,DC=domainRoot -filter(objectClass=trustedDomain) -attr trustPartner"’) do nltest /dsgetdc:%i
Check the notification packages installed on all DCs
for /f %i in (‘dsquery server /o rdn’) do @for /f "tokens=4" %m in(‘"reg query\\%i\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v"Notification Packages" | find /i "Notification""’) do @echo %i,%m
List ACLs in SDDL format
setacl -on %filepath% -ot file -actn list -lst f:sddl
Find out if a user account is currently enabled or disabled
dsquery user DC=%userdnsdomain:.=,DC=% -name %username% | dsget user -disabled -dn
Find servers in the domain
dsquery * domainroot -filter "(&(objectCategory=Computer)(objectClass=Computer)(operatingSystem=*Server*))" -limit 0
Open DS query window
rundll32 dsquery,OpenQueryWindow


Posted in Active Directory | Leave a Comment »

OSI Reference model

Posted by Premkumar Yogeswaran on July 7, 2012

Posted in Active Directory | Leave a Comment »