Tuesday, September 19, 2017

Getting To Know Powershell

First off Windows Domain Admins need to get really familiar with the Powershell Administration. 
Let's start off with a couple examples. By the way you can install the Windows PowerShell ISE in add and remove Windows options. 

Knowing what FSMO Roles about you AD environment.
Here is the script.

Retrieving Active Directory FSMO roles with PowerShell
$dom = [System.DirectoryServices.ActiveDirectory.Domain]::getcurrentdomain()
$dom | Format-List *
Transferring Active Directory FSMO roles with PowerShell
$dom = [System.DirectoryServices.ActiveDirectory.Domain]::getcurrentdomain()
$dc = $dom.FindDomainController()
$dc.TransferRoleOwnership(’PdcRole’)
$dc.TransferRoleOwnership(’InfrastructureRole’)
Raising Active Directory Domain and Forest functionality to Windows 2003 with PowerShell
$dom = [System.DirectoryServices.ActiveDirectory.Domain]::getcurrentdomain()
$dom.RaiseDomainFunctionality(’Windows2000NativeDomain’)
$dom.RaiseDomainFunctionality(’Windows2003Domain’)
Enabling and disabling a Global Catalog server with PowerShell
$for = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
$gc = $for.FindGlobalCatalog()
$gc.DisableGlobalCatalog()
$gc.EnableGlobalCatalog()


Also if you are like me, I am always looking to clean up unneeded data on your WSUS server. 

#Region VARIABLES
 # WSUS Connection Parameters:
[String]$updateServer = "wsusserver.nrgnetworks.local"
[Boolean]$useSecureConnection = $False
[Int32]$portNumber = 80

# Cleanup Parameters:
# Decline updates that have not been approved for 30 days or more, are not currently needed by any clients, and are superseded by an aproved update.
[Boolean]$supersededUpdates = $True
# Decline updates that aren't approved and have been expired my Microsoft.
[Boolean]$expiredUpdates = $True
# Delete updates that are expired and have not been approved for 30 days or more.
[Boolean]$obsoleteUpdates = $True
# Delete older update revisions that have not been approved for 30 days or more.
[Boolean]$compressUpdates = $True
# Delete computers that have not contacted the server in 30 days or more.
[Boolean]$obsoleteComputers = $True
# Delete update files that aren't needed by updates or downstream servers.
[Boolean]$unneededContentFiles = $True

#EndRegion VARIABLES

#Region SCRIPT

# Load .NET assembly
[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")

# Connect to WSUS Server
$Wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($updateServer,$useSecureConnection,$portNumber)

# Perform Cleanup
$CleanupManager = $Wsus.GetCleanupManager()
$CleanupScope = New-Object Microsoft.UpdateServices.Administration.CleanupScope($supersededUpdates,$expiredUpdates,$obsoleteUpdates,$compressUpdates,$obsoleteComputers,$unneededContentFiles)
$CleanupManager.PerformCleanup($CleanupScope)

#EndRegion SCRIPT


No comments:

Post a Comment

Comments are Welcome.