Learn Python

My new project

Hi,

I start to learn Python and I want to share with you what I found helpful. First, I want to learn Python because I want to play eventually play with a Raspberry Pi but for the moment I start with the beginning. For the record, I'm NOT a developer.

Tools to learn

I'm a fan of the Microsoft Virtual Academy and I found the course : Introduction to programming with Python and it's really a good course to start.

But a part of my life is to wait after my wife. So I found a tool on my phone to learn everywhere.

It's an app by SoloLearn and its call : Learn Python.

If you check the catalog of SoloLearn you can learn not just Python, but also C++, Java, SQL, etc.

Another tool I installed is QPython3 on my phone so I can practice coding on the go. It's not easy to code with a smartphone keyboard but's that's work.

Conclusion

So this my experience to start coding and I hope this trick I found can help you. And don't forget, knowledge is power... :)

xenApp 7.6 and vCenter Appliance - SSL error

Hi,

Today I will not talk about PowerShell, but about Citrix xenApp 7.6 and vCenter Appliance.

The problem

I tried to configure the connexion between my server xenApp 7.6 and my vCenter appliance. But I have SSL error and I cannot find how to solve the problem.

I tried this :

http://carlwebster.com/experience-ctx138640-vcenter-5-1-xendesktop-7-1-dreaded-connect-vcenter-server-due-certificate-error/

http://9to5it.com/citrix-xenapp-7-6-install-guide-part-5-configure-vmware-vcenter-integration/

and others, but the problem remain.

The solution

The solution is really easy when you find it. You need to do this :

1. Log in your vCenter appliance
2. Go to the Admin tab
3. Select Yes for the Certificate regeneration enabled
4. Click Submit
5. Reboot the appliance
6. Install the certificate on your server in Trusted People
7. Create you connection in your xenApp Studio

The problem comes because the certificate was created before you change the name of your appliance.

I hope this will save you time.

Have a great day.

Contact me if you have questions. @memi2k

RSAT for Windows 10

Hi,

If you are an early adopter like me, you probaly wait the RSAT for Windows 10. Without RSAT, it's hard to use PowerShell to manage Active Directory.

So good news ! Microsoft released it.

You can download it here : https://www.microsoft.com/en-us/download/details.aspx?id=45520
English only for the moment.

Have a good day !

PSWA : Port redirection

I really love PSWA. It's really cool to do management with PowerShell commands, scripts or function on a phone or a tablet simply by a Web site.

The problem

For security reasons, I specified a port on my firewall to NAT to my PSWA server. 

Why ? Because, this adds a security layer. To come knock on my PSWA door, you need to know the port I used for it.

By default, your address is like : https://mydomain/pswa but with the port redirection is like : https://mydomain:1234/pswa.

But after I configured my DNAT rules in my firewall, I received an error message from PSWA.

The solution

I just need to add the port I chose for redirection and put it in the binding of the PSWA site. You just need to have access to your IIS Manager and add your port in the binding. Don't forget, select the good SSL certificate.

IIS Manager - Site Bindings

After that, you can start to enjoy the PowerShell power on your smart phone or tablet.

Have a good day.

J.

Add-on

If you installed your server in core mode and you want to have access to the IIS Manager (GUI). I found this post you explain how doing it : https://kelvinchiggs.wordpress.com/2014/05/02/enable-remote-management-of-iis-on-windows-server-2012-r2/

Security measure in PowerShell Script

Security in my Day-to-Day script

I don't know about you, but, me as a Network Admin, my PowerShell is always open. By PowerShell, I mean ISE because I create a DayToDay.ps1 script.

All commands I used every day are there and I have some sensitives. 

But no one is perfect, so the risk to hit the F5 to run all the script is there. So I show you a little trick to prevent this type of error that can cost you your job.

Think before, not after.

The Trick

Put this little word at the beginning of your script :

 break  

This little work stops your script is your run it by accident. After that, to use your script, you just have to select what you want and hit F8.

This little trick can save you a lot of trouble.

Have a good day.

J.

Move AD computer with PowerShell Script

The Need

Be able to easily and rapidly move a computer from an OU to another.

The Problem

If you saw other examples on the web, you saw 2 reccurant things.

1. You need to know the Distinguished Name of your destination OU. And it's like : OU=Laptop,OU=GothamOffice,DC=wayneindus,DC=local. And my example is not so long.
2. Or you can create a CSV with the OU you want.

For me each solution are not good. So I figured to do it otherwise.

The Solution

I created a script to list all OU with certain names, the container object Computers and put it in an array with an index. So you can visually chose witch OU you want.

2 concerns :

1. Your computer OU name needs to have a nomenclature.
2. I think more the 100 OU, you do not like my script.

 <#  
   Move AD computer in an OU.   
   Easily move computer between OU without to know the exact path or have a CSV.  
   To use the function you need to have the ActiveDirectory Module load in your PowerShell.  
   Version 1.1  
   Script by Jeremie Lauzier - Network Administrator, 2015-06-11    
 #>  
     $computer = Read-Host "Enter the name of the computer to move"  
     # Grab all computer OU bases of the name of it and the default container Computers.  
     $listou = Get-ADObject -Filter `  
           '(ObjectClass -eq "organizationalUnit" -and Name -like "Desk*") -or (ObjectClass -eq "organizationalUnit" -and Name -like "Lap*") -or (ObjectClass -eq "container" -and Name -like "Computers")' `  
           |Select DistinguishedName -ExpandProperty DistinguishedName | Sort-Object DistinguishedName  
     # Create an array and an index of it.  
     $arrayou = for($i=0;$i-le $listou.length-1;$i++){"`[{0}] = {1}" -f $i,$listou[$i]}  
     # Current information for the computer.  
     $computerou = Get-ADComputer $computer | Select DistinguishedName -ExpandProperty DistinguishedName  
     Write-Output "Computer $computer is member of this OU : $computerou."  
     Write-Output ""  
     # Show the list of the OU.  
     Write-Output "This is the list with index of your OU"  
     $arrayou  
     $numb = (Read-Host "Please choose the number of the destination OU") -as [int]  
     if (($numb -eq $null) -or ($numb -gt $arrayou.LongLength))  
     {  
       $earry1 = $arrayou.Length -1  
       Write-Error "YOU ENTER A UNVALID NUMBER. ENTER A NUMBER BEWTWEEN 0 and $earry1"  
     }  
     else  
     {  
       # Move the computer.  
       Get-ADComputer $computer | Move-ADObject -TargetPath $listou[$numb]    
     }  
     # Show result  
     Write-Output "Result :"  
     Get-ADComputer $computer  
     pause  

You can easily transform the script in a Function.

Exemple :

Result of the execution of the script

I hope this help you. Be free to comment.

Thanks !

Function to enable or disable email forward

The Need

A function to manage the fowarding address for an Exchange 2010. The function needs to be easily used in PowerShell Web Access (PSWA).

Need to do what's EMC can do here :

EMC - MailFlow Settings - Delivry Options

The Function

I build this function :

 .Synopsis  
   Connect a remote session to the Exchange 2010 server.  
   Enable or disable the Forwarding address to. Enable or not the option Deliver to both  
   forwarding address and mailbox.  
 .DESCRIPTION  
   This cmdlet need to have access to the cmdlet of Exchange.  
   Its script to be used with Exchange 2010.  
   Version 1.0  
   Script by Jeremie Lauzier - Network Administrator, 2015-06-03  
 .EXAMPLE  
  Forward all email from Bruce Wayne to Clark Kent. No copies sent to Bruce Wayne.  
  Set-XXXEmailTransfert -accountmodify wayneb -forwardTo kentc -copyboth False  
 .EXAMPLE  
  Forward all email from Bruce Wayne to Clark Kent. Copies sent to both.  
  Set-XXXEmailTransfert -accountmodify wayneb -forwardTo kentc -copyboth True  
 .EXAMPLE  
  Disable the forward from Bruce Wayne to Clark Kent.  
  Set-XXXEmailTransfert -accountmodify wayneb -forwardTo $null -copyboth False  
 #>  
 function Set-XXXEmailTransfert  
 {  
   [CmdletBinding()]  
   [OutputType([int])]  
   Param  
   (  
     # Define the account to modify  
     [Parameter(Mandatory=$true,  
           ValueFromPipelineByPropertyName=$true,  
           Position=0,  
                       HelpMessage="Enter the account to modify.")]  
     $accountmodify,  
     # Define the account who will receive emails  
     [Parameter(Mandatory=$true,  
                       HelpMessage="Enter account will received emails.")]  
     [AllowNull()]  
     $forwardTo,  
     # Send copy to both  
     [Parameter(Mandatory=$true,  
           HelpMessage="Enable or not if emails delevry to both.")]  
     [ValidateSet("True", "False")]  
     $copyboth  
   )  
   Begin  
   {  
   $exchsession=New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://yourserver/powershell  
   Import-PSSession $exchsession -AllowClobber  
   }  
   Process  
   {if ($copyboth -eq "True")  
    {  
     Set-Mailbox $accountmodify -ForwardingAddress $forwardTo -DeliverToMailboxAndForward $true   
    }  
       else  
    {  
        Set-Mailbox $accountmodify -ForwardingAddress $forwardTo -DeliverToMailboxAndForward $false  
    }  
    Get-Mailbox $accountmodify | Format-Table Name, ForwardingAddress, DeliverToMailboxAndForward -Wrap  
   }  
   End  
   {  
   Remove-PSSession $exchsession  
   }  
 }  

Feel free to comment.
J.

One script to unlock AD User

Need to fill

Give to the IT technician a shortcut to unlock user, change is password and can force the user to change it at the next logon. One shot operation to do all this fastest and easiest as possible.

The Solution

Part 1 - The Script (Reset-User.ps1)

 <#  
   Script to unlock an account, reset the password and force to change it at logon.  
   You can unlock an account, decide if you want or not to reset his password   
   and if you want or not he changes his password at the next logon.  
   To use the function you need to have the ActiveDirectory Module load in your PowerShell.  
   Version 1.1  
   Script by Jeremie Lauzier - Network Administrator, 2015-06-12  
 #>  
 $username = Read-Host "Username to unlock"  
 $setnewpassw = Read-Host "Set a new password (Y/N)"  
 $changenextlogon = Read-Host "Change password at next logon (Y/N)"  
 Unlock-ADAccount -Identity $username  
 if ($setnewpassw -eq "Y")  
  {  
   $newPassword = (Read-Host -Prompt "Provide a new password" -AsSecureString)  
   Set-ADAccountPassword -Identity $username -NewPassword $newPassword -Reset  
  }  
  if ($changenextlogon -eq "Y")  
  {  
   Set-ADUser $username -ChangePasswordAtLogon $true  
  }  
  else  
  {  
   Set-ADUser $username -ChangePasswordAtLogon $false  
   }  
 #Give 1 seconds to the AD to refresh and be able to output the good information.  
 Start-Sleep -s 1  
 #Get the result  
 Get-ADUser $username -Properties * | Format-Table Name, LockedOut, @{n='pwdLastSet';e={[DateTime]::FromFileTime($_.pwdLastSet)}}, PasswordExpired  
 pause  

Part 2 - The Shortcut

Create a shortcut in an accesible place for your technician, like the Desktop, and create this :

 %SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe -File C:\Users\USERNAME\Documents\WindowsPowerShell\Scripts\Reset-User.ps1  

The Result

The result of the script Rest-User.ps1 in a shortcut.

Don't forget

1. You need to be logged with a user who have the good rights.
2. You need to have set the good right for your Execution Policy.

If you have any comments, please feel free to leave it and thank's for reading.

J.

Disable user with a description

My Problem

I need to disable an Active Directory user, but in the same time I seed to add a Description. I found it practical to add in the description the cause of the deactivation.
The cmdlet Disable-ADAccount is there, but you cannot pass a description with it.

The Solution

Use Set-ADUser and you can pass what you want.

Exemple

 Set-ADUser -Identity username -Description "Your description" -Enabled $false  

Extra

You can find all of your disable users in one line. It's possible to use the Search-ADAccount like that : Search-ADAccount -AccountDisabled -UsersOnly. But you don't have the Description.

So I prefer to use this :

 Get-ADUser -Filter * -Properties * | where {$_.Enabled -ne "True"}|Select Name, Description  

Please feel free to comment.

Have a nice day!
J.

PowerShell script | Keep version | TFS 2013

Hi,

I made some scripts in the past 2 weeks and I realised this week, I have a problem of keeping version of it. So I do some search and I found this article : Protect Your PowerShell Scripts with Version Control

This saves my life... :)

Now I can keep version of my script. But here some tricks and infos I found when I configure it :

1. Yes, that's worked with the free version of Visual Studio. I used VS Community 2013.
2. If you used VS 2013, you need to install Team Explorer for Visual Studio 2013.
3. Don't forget to create your Visual Studio Online Account
4. For VS 2013, you need to install : Microsoft Visual Studio Team Foundation Server 2013 Power Tools
5. In the article, they use PowerShell commands to manage the version and the files. If you're beginner with that, like me, I preferred the visual interface to manage my files and do my check in.

   

   Visual Studio 2013 - Team Explorer

6. Don't forget to add comments for each check in. That's helped a lot when you want to retrace a version.
7. Have fun to explore all options you can do with the TFS and Visual Studio.
8. You can install PowerShell Tools for Visual Studio. That's allow you to script PowerShell directly in Visual Studio. (I tried it, but I still emotionally attached to my ISE.)

I hope this can help you to start keeping versions of your scripts.

Please, feel free to leave comments.

J.