tag:blogger.com,1999:blog-76269992702342328422024-03-05T03:21:57.580-08:00PS >Blog-PowerShell | Where{$_.Blog -ge $Helpful}It ain't always pretty, but it gets the job done...Cameron Ovehttp://www.blogger.com/profile/07332062383899059988noreply@blogger.comBlogger13125tag:blogger.com,1999:blog-7626999270234232842.post-17774332595644525692014-06-30T14:15:00.000-07:002015-02-25T11:24:57.587-08:00Using PowerShell to Manage Box.com - Part 2: Using PowerShell to register your Box app on your workstationIf you've gotten here before reading <a href="http://blog-powershell.blogspot.com/2014/06/using-powershell-to-manage-boxcom-part.html">part 1 of this series</a> you want to read that first. I has some important information that will help make sense of what this post is about.<br />
<br />
Now that we've registered our application with developers.box.com, we need to grant our Box account access to use it. I created a function in PowerShell that will bring you to the Box app site (which allows you to grant permission) and then grabs the information returned by Box and write it to your workstation's registry.<br />
<br />
Just a little back ground (for a complete understanding read Box's official <a href="http://developers.box.com/oauth/">OAuth 2.0 document</a>).<br />
<br />
<b><u>Basic layman's terms</u></b><br />
In order to use the app you registered with Box, Box's OAuth2 implementation requires that you grant your Box account access to the application. The granting process is an interactive process within your browser. So you can't just write a script to carry out the granting process. Once you've granted permission to the app, Box will redirect your browser (remember the redirect_uri) to a site you configured in the app. The address bar contains the URI specified by the redirect_uri and appends a security token (which will be arbitrarily set during the registration process) and the initial authorization code.<br />
<br />
The initial authorization code has a very short life. It will expire within 30 seconds. So if you don't use it to to retrieve your access token in time, you will have to go through the granting process again.<br />
NOTE: You can go through the granting process as many times as you like. My PowerShell function actually makes it a rather painless process.<br />
<br />
Once you get your authorization code you will need to leverage Box's RESTful API (within 30 seconds) to obtain an access token. The API returns 5 attributes that my PowerShell function writes to your workstation's registry. <br />
<br />
<ul>
<li>access_token <span style="color: #38761d;">#This is the actual token needed to issue commands against Box's APIs</span></li>
<li>expires_in <span style="color: #38761d;">#This is the life of the token (always roughly 1 hour give or take a few minutes)</span></li>
<li>restricted_to <span style="color: #38761d;">#This always comes back blank for me and I haven't had a need for this attribute</span></li>
<li>refresh_token <span style="color: #38761d;">#After the one hour expiration of your access token you will need to use this token to get a new access token. All of my functions first check to see if the current access token is expired, if so it will refresh automatically.</span></li>
<li>token_type <span style="color: #38761d;">#I'm not sure of all the types, but we will be dealing with the 'bearer' type.</span></li>
</ul>
<div>
So let's take a look at the actual PowerShell function that does all of that:<br />
<br />
[edit]</div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: x-small;">NOTE: <strike>I make calls to Test-RegKey, Set-RegKey, Set-RegValue. These are not cmdlets that are built into PowerShell. Instead, they are part of a suite of registry function that I created during one of the Scripting Games I participated in a few years ago. I keep them in a separate module which you can download <a href="https://gist.github.com/cameronove/874adf1e5901310242d0#file-regeditsuite-psm1" target="_blank">here</a>.</strike></span><br />
<span style="font-family: Verdana, sans-serif; font-size: x-small;"><strike><br /></strike></span>
<span style="font-family: Verdana, sans-serif; font-size: x-small;">I re-wrote the function to use PowerShell's native ability to access the registry (new-item, set-itemproperty, get-itemproperty, test-path). You no longer need to import the <a href="https://gist.github.com/cameronove/874adf1e5901310242d0#file-regeditsuite-psm1">RegEditSuit.psm1</a> module.</span></div>
<div>
<br /></div>
<div>
Here is the function:</div>
<script src="https://gist.github.com/cameronove/55409541600b735a4406.js"></script>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div>
<br />
Let's break the function down:<br />
First the parameters:<br />
<br />
<ul>
<li>$AppName </li>
<ul>
<li>This is actually an arbitrary name you give for registration purposes. I used the same name I provided when I registered my application on Box.com. While it arbitrary, remember that a registry key will be created for this app and that the Box function I create reference the registry key that gets created. So you will want to remember the name you give it.</li>
</ul>
<li>$ClientID</li>
<ul>
<li>You recorded this string when you registered the application on Box.com. You will need to provide that string.</li>
</ul>
<li>$ClientSecret</li>
<ul>
<li>You recorded this string when you registered the application on Box.com. You will need to provide that string.</li>
</ul>
<li>$APIKey</li>
<ul>
<li>This is actually the $ClientID. I personally like to record it into my workstation registry as APIKey, but it is not required to use any of the Box functions I created.</li>
</ul>
<li>$SecurityKey</li>
<ul>
<li>This is an arbitrary string. The function has a default one. <span style="font-family: inherit;">The official </span><span style="background-color: #f9f9f9;"><span style="color: #222222; font-family: inherit;"><span style="line-height: 18px;">Box documentation recommends that you use an anti-forgery state token to prevent CSRF attacks to your users. But I believe that is for mobile apps you will publishing to their app store. I don't think that forgery is an issues for </span></span><span style="color: #222222;"><span style="line-height: 18px;">colleagues</span></span><span style="color: #222222; font-family: inherit;"><span style="line-height: 18px;"> that may be using your PowerShell scripts (imo).</span></span></span></li>
</ul>
</ul>
<span style="color: #222222;"><span style="line-height: 18px;">So the first thing the script does it to make sure that a registry key exists under HKLM\software\box.com\<appname>. If it doesn't exist then it creates it.</appname></span></span><br />
<span style="color: #222222;"><span style="line-height: 18px;"><appname><br /></appname></span></span>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7PZ72zeG901GBeuiLQmF3_AcpzIEMEFpqkX3omAyTMjCPc6FKp3vK5nWNPud8hPae-ZvxaI8p9gwk_1K02JL6hc1W_-TKoqAqTRa0XnZqv03CJxTiUoqdvbRsystFO-jfrJ-vDgJRCfUL/s1600/GrantAuthAppRegKeys.JPG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7PZ72zeG901GBeuiLQmF3_AcpzIEMEFpqkX3omAyTMjCPc6FKp3vK5nWNPud8hPae-ZvxaI8p9gwk_1K02JL6hc1W_-TKoqAqTRa0XnZqv03CJxTiUoqdvbRsystFO-jfrJ-vDgJRCfUL/s1600/GrantAuthAppRegKeys.JPG" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">You can register multiple apps.</td></tr>
</tbody></table>
<span style="color: #222222;"><span style="line-height: 18px;"><appname><br /></appname></span></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<span style="color: #222222;"><span style="line-height: 18px;"><br /></span></span>
<span style="color: #222222;"><span style="line-height: 18px;">It then records the Client_ID, Client_Secret, and the APIKey at the root of that registry key.</span></span><br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<span style="color: #222222;"><span style="line-height: 18px;">It next runs through the interactive granting authorization process to retrieve the authentication code. It starts by opening IE and navigating to a URI that includes the Client_ID and the arbitrary security key. Then pops up a msgbox with instructions to finish the interactive authorization in IE before clicking OK. </span></span><br />
<span style="color: #222222;"><span style="line-height: 18px;"><br /></span></span>
<span style="color: #222222;"><span style="line-height: 18px;">Let's take a look at what that process like in IE.</span></span><br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8glXmhjwxdOBqoJkuA4QUuZjRf7ssSIVVdhREvYiLoKG1naWdG20vk4Ni0vICevrrmRhyphenhyphenrQfXJRb4UUhdgcqjojKklfSsPnEPpSlX8HmGdbzPA_eH9JhnAJ6oJID_iO_eoEoJJ7hqi1Hp/s1600/GrantAuthLogin.JPG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8glXmhjwxdOBqoJkuA4QUuZjRf7ssSIVVdhREvYiLoKG1naWdG20vk4Ni0vICevrrmRhyphenhyphenrQfXJRb4UUhdgcqjojKklfSsPnEPpSlX8HmGdbzPA_eH9JhnAJ6oJID_iO_eoEoJJ7hqi1Hp/s1600/GrantAuthLogin.JPG" height="254" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">IE Opens to an Authentication Page</td></tr>
</tbody></table>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlI88vSsDP91icKRlZL9KmvuQHU1xjoXpXUgh8QEbJhd67qmmG4Ll6GvsTz45uDA-ewUpyYaWKHCUpoWEnV-ID8-XeSBpWZnPI07abC0oHF_XW5PFMMrmNyml73kjbbdffFce0DDDKcm-e/s1600/GrantAuthGrantAccess.JPG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlI88vSsDP91icKRlZL9KmvuQHU1xjoXpXUgh8QEbJhd67qmmG4Ll6GvsTz45uDA-ewUpyYaWKHCUpoWEnV-ID8-XeSBpWZnPI07abC0oHF_XW5PFMMrmNyml73kjbbdffFce0DDDKcm-e/s1600/GrantAuthGrantAccess.JPG" height="308" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Once Authorized Grant or Deny Access</td></tr>
</tbody></table>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhBUVnRisar-8H2e5RI9r8abVG2X0OK_PTc9ZG_N0Lp2IVmas4rYr7flXOBG2Mzu_-RPykr3m7ykND3XB63iFVwFVJJGQrwCzodqrZH33a7Xs4HFtWeQfE_8cFSufnaHgnP_xT3Qki9AcE4/s1600/GrantAuthRedirectURI.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhBUVnRisar-8H2e5RI9r8abVG2X0OK_PTc9ZG_N0Lp2IVmas4rYr7flXOBG2Mzu_-RPykr3m7ykND3XB63iFVwFVJJGQrwCzodqrZH33a7Xs4HFtWeQfE_8cFSufnaHgnP_xT3Qki9AcE4/s1600/GrantAuthRedirectURI.jpg" height="176" width="640" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">The site I land on I created additional instructions. The green box shows the arbitrary security key for validation and the red box shows the authorization code.</td></tr>
</tbody></table>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIRytgvqfJKRFCz6XPHdANRcqBsFzxTchpMsQ4Ly9BtaYKVk8afI-aNs2dg4abg5OJuCmuNYCqwFQkQaaTy9TDEHx_9iEb27lfo1tDmowWkN94Gx5suvPA06u3hj6yVsk8laFgAGkICdq3/s1600/GrantAuthPowerShellPopup.JPG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIRytgvqfJKRFCz6XPHdANRcqBsFzxTchpMsQ4Ly9BtaYKVk8afI-aNs2dg4abg5OJuCmuNYCqwFQkQaaTy9TDEHx_9iEb27lfo1tDmowWkN94Gx5suvPA06u3hj6yVsk8laFgAGkICdq3/s1600/GrantAuthPowerShellPopup.JPG" height="145" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Back in PowerShell click the OK button and PowerShell will grab the authorization code out of the LocationURL value.</td></tr>
</tbody></table>
<span style="color: #222222;"><span style="line-height: 18px;"><br /></span></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<b><u>Back to 'Register-BoxApp' function:</u></b></div>
<div>
Once you click OK the function next loads up a hashtable with the AuthCode, clientID, clientSecret, it sets the RESTful URI and then invokes the RestMethod.</div>
<div>
<br /></div>
<div>
Here is the outcome in PowerShell of waiting too long (more that 30 seconds) to click the OK button.<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
Here is the outcome in PowerShell if you successfully click the OK button with 30 seconds.<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTMLAOiLnEBsUWYMiVG0wjAgITCNQqcIpoo2tZ1cYzOWPDRMxAG8CHHuvs0BJkW3Uv2U_gCO_W3jHCW1rR15ngTrK_Oei81qu_gd2CKZjjBY1BR8gIrv5-V_uELpDmnS1XlalJEIT37Xno/s1600/GrantAuthPowerShellCmdTooLong.JPG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTMLAOiLnEBsUWYMiVG0wjAgITCNQqcIpoo2tZ1cYzOWPDRMxAG8CHHuvs0BJkW3Uv2U_gCO_W3jHCW1rR15ngTrK_Oei81qu_gd2CKZjjBY1BR8gIrv5-V_uELpDmnS1XlalJEIT37Xno/s1600/GrantAuthPowerShellCmdTooLong.JPG" height="72" width="640" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">If you wait too long to click OK this is the error you get. Code is good for 30 seconds.</td></tr>
</tbody></table>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgY-AY12lW6SWaGDxx2-a9YjYp4XhqZk7JTdUwvRhfMRQ3q1B0aAwsLkmTgd_6PXYqkmKzFUMSytsUZDi2mOelSjyYsY5MmWXsCZui-YniKXiSkJ4EBj-i5JKZ8BhwDKbpnorJH7MYB6mN4/s1600/GrantAuthPowerShellCmdSuccess.JPG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgY-AY12lW6SWaGDxx2-a9YjYp4XhqZk7JTdUwvRhfMRQ3q1B0aAwsLkmTgd_6PXYqkmKzFUMSytsUZDi2mOelSjyYsY5MmWXsCZui-YniKXiSkJ4EBj-i5JKZ8BhwDKbpnorJH7MYB6mN4/s1600/GrantAuthPowerShellCmdSuccess.JPG" height="83" width="640" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Results for successfully clicking OK within 30 seconds.</td></tr>
</tbody></table>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
You may notice that after the Invoke-RestMethod line in the Register-BoxApp function, if there is a Access Token, the script will run the 'Register-BoxAccessToken'. Here is what that function looks like:<br />
[Edit]<br />
Note: <span style="font-family: Verdana, sans-serif; font-size: x-small;">I re-wrote the function to use PowerShell's native ability to access the registry (new-item, set-itemproperty, get-itemproperty, test-path).</span></div>
<div>
<br /></div>
<script src="https://gist.github.com/cameronove/dd048afbc3b0aa1c5099.js"></script>
<br />
<div>
<br /></div>
<div>
Because the return data type of Invoke-RestMethod to Box is JSON, Invoke-RestMethod returns a PSCustomObject. That means I have to provide the property names of the object ($RegValueNames) - unlike a hashtable where I could request the keys and interate through the key names to accomplish the same thing the function does with the PSCustomObject.<br />
<br />
You will notice in the 'Register-BoxAccessToken' function as I'm iterating through the valuenames I check to see if the value name equals 'expires_in'. That is because the data returned from Box is the number of seconds the access code is good before it expires. So I create a datetime object and add the seconds to it and convert it to a string to store in the registry. In a later post you will see how a function called 'Get-BoxAccessToken' exploits that datetime object in order to determine if the token needs to be refreshed.<br />
<br /></div>
<div>
If all goes well then AccessTokenInfo is written to your workstation's registry.<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhL6aunCTrRazlc6MYuCy1bTr2V6V5aEi0Pmj-Xlr04aYvO7AYJBIsf6mHXsS_0r0njjVDa2x29AiYHP4uXg2rID7GO8CDINg-6_OYYEOxvYfvD45_gvWF01CL2wDXpPrOo4f9DOnze9vjH/s1600/GrantAuthAppAccessTokenRegValues.JPG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhL6aunCTrRazlc6MYuCy1bTr2V6V5aEi0Pmj-Xlr04aYvO7AYJBIsf6mHXsS_0r0njjVDa2x29AiYHP4uXg2rID7GO8CDINg-6_OYYEOxvYfvD45_gvWF01CL2wDXpPrOo4f9DOnze9vjH/s1600/GrantAuthAppAccessTokenRegValues.JPG" height="84" width="640" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">BoxAccessToken is a sub key and the access token, expires_in, and refresh token are registered here.</td></tr>
</tbody></table>
<br /></div>
<div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
In the next post, I will discuss the functions 'Get-BoxAccessToken' and 'Refresh-BoxAccessToken, which are incorporated in all the work functions you will create in the future.<br />
<br />
I've uploaded the entire OAuth2 PowerShell module for you to <a href="https://gist.github.com/cameronove/67901ff826d3592d9c4a" target="_blank">grab here</a>.</div>
Cameron Ovehttp://www.blogger.com/profile/07332062383899059988noreply@blogger.com2tag:blogger.com,1999:blog-7626999270234232842.post-78790837943836032252014-06-27T12:20:00.001-07:002014-07-01T14:57:12.337-07:00Using PowerShell to Manage Box.com - Part 1: Prepping for OAuth2 Protocol.Wow!!! It's been quite a long time since my last post. Life is so busy. <br>
<br>
Anyway, I struggled for some time with RESTful APIs and finally got my head around it when I had to create some functions for my logical access team to manage on-boarding new enterprise users into Box.com (Box). So I thought I'd share three modules I created around the process.<br>
<br>
Even if you don't use the modules, they do demonstrate how easy it is to use the 'Invoke-RestMethod'. It will also show you how to implement OAuth2 against Box's implementation of the protocol (which may be helpful).<br>
<br>
As the title indicates this series of posts will be specific to Box's APIs. It doesn't mean you can't use the same principles with other RESTful APIs or other OAuth2 sites, but my experience is specific to Box and so the information will be specific to Box. I will discuss:<br>
<br>
<ul>
<li>Registering an application with Box on their developer site.</li>
<li>Granting users access to your Box application.</li>
<li>Registering your Box app in your workstation registry.</li>
<li>Understanding and using the OAuth2 access token, refresh token, and token expiration.</li>
<li>How to exploit Box API and convert curl commands to PowerShell functions.</li>
<li>Create PowerShell functions using 'Invoke-RestMethod' for various tasks.</li>
</ul>
<div>
<i><span style="color: #38761d;">**Disclaimer**</span></i></div>
<div>
<i><span style="color: #38761d;">The 'Using PowerShell to Manage Box.com' series of posts are a compilation of information I successfully used in my environment. I am in no way claiming that this is the recommended method or the only way of using PowerShell to manage Box. This information is what I have actually successfully developed for my requirements.</span></i></div>
<div>
<i><span style="color: #38761d;">Also I am making three modules available to download. I use aliases; commenting and help are sparse or even non-existent in the modules; so if that bothers you, just don't use the modules instead of being critical about it.</span></i></div>
<div>
<i><span style="color: #38761d;">The documentation around using PowerShell to exploit RESTful APIs on the Internet is sparse at best, and using PowerShell to manage Box almost non-existent. So I'm providing this to hopefully help other PowerShellers if they need to implement automation, or functionality in a similar fashion around other RESTful APIs or even specifically around the Box APIs.</span></i></div>
<div>
<br></div>
<div>
So let's get to it.</div>
<div>
<br></div>
<div>
When you want to use PowerShell to manage Box you will need to register an application with <a href="http://developers.box.com/">http://developers.box.com</a>. Imagine you want to create a mobile app to exploit Box.com (they have SDKs for node, python, ruby, php, and haskell), in this case we are using PowerShell and will be accessing our application via a PowerShell console instead of a mobile device.</div>
<div>
<br></div>
<div>
Let's look at some screen shots of creating a Box application. I will be showing screen shots via my personal account (not my enterprise account). The enterprise interface with Box is only slightly different. If you are doing this via an enterprise account you should still be able to follow the process.</div>
<div>
<br></div>
<div>
On your first login or upon clicking the link 'Create a Box Application' the following page appears:<br>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="http://1.bp.blogspot.com/-uFXbbw9_6tI/U620LA63McI/AAAAAAAAFEs/6NBnXGV07M0/s1600/NewBoxApp.JPG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="http://1.bp.blogspot.com/-uFXbbw9_6tI/U620LA63McI/AAAAAAAAFEs/6NBnXGV07M0/s1600/NewBoxApp.JPG" height="218" width="320"></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><ul style="text-align: start;">
<li><span style="font-size: x-small;">If you are in an enterprise environment the 'Box Content' API will allow you to manage user accounts, create folders, manage permissions on folders, create 'Shared Links', etc... </span></li>
<li><span style="font-size: x-small;">The 'Box View' API, allows you to manage the actually data like file views, file conversions, etc... My functions were built for my logical access team so will exclusive be using the 'Content' API.</span></li>
</ul>
</td></tr>
</tbody></table>
You will want to give your application a name (I've called my 'PowerShell Demo') and choose the API you want the application to use and click 'Create Application'.<br>
<br>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-SZWAHXMmh9Y/U621apUI7PI/AAAAAAAAFE4/reoLJSp21vM/s1600/Success.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-SZWAHXMmh9Y/U621apUI7PI/AAAAAAAAFE4/reoLJSp21vM/s1600/Success.JPG" height="229" width="320"></a></div>
<br>
Now you will want to configure your application and record some important information that will be needed in order to allow other users (even yourself) to use your PowerShell application.<br>
<br>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-tgIm2r1qpF0/U622SWDqGqI/AAAAAAAAFFE/xWbNXXeoNWc/s1600/AppGeneralInfo.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-tgIm2r1qpF0/U622SWDqGqI/AAAAAAAAFFE/xWbNXXeoNWc/s1600/AppGeneralInfo.JPG" height="156" width="320"></a></div>
Fill in the General info as you wish, none of that section will actually have any affect on you PowerShell code.<br>
<br>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-m8_Yr0Cjljc/U626LFny93I/AAAAAAAAFFU/HxX9IM69yAw/s1600/OAuth2Params.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-m8_Yr0Cjljc/U626LFny93I/AAAAAAAAFFU/HxX9IM69yAw/s1600/OAuth2Params.JPG"></a></div>
<br>
<div class="separator" style="clear: both; text-align: center;">
</div>
The OAuth2 Parameters section is the most critical part of this step.<br>
<br>
You will want to <span style="background-color: yellow;">record your client_id and client_secret</span> for future reference (just paste it Notepad or something like that).<br>
<br>
<b><u>redirect_uri</u></b><br>
The redirect_uri was the most confusing portion to me (probably because I'm just stupid - cause it made total sense once I figured it out). Anyway, you'll want to set this to any web server that will handle SSL. In my case my team uses a utility server that had IIS installed on it already. I just grabbed a cert from my AD forest CA for the URL that I wanted to use and threw it on that server.<br>
<br>
The redirect_uri is a URI that will redirect your browser. <u>Box doesn't actually write to this URI</u>. Box actually appends the redirect_uri with your initial authorization code and an arbitrary token. <br>
<br>
This was probably the most confusing part of the OAuth2 process. I was under the impression that Box needed access to the site to be able to place a file or some data that would be interpreted in your browser when redirected. I searched for free public sites with this type of access in order to set my redirect_uri; and I read dozens and dozens of documents with no success of understanding this (I know, I know -- I'm stupid, right?). <br>
<br>
So just to reiterate: The redirect_uri is not a site that Box needs to write to. It is a landing site for your browser and Box appends the URI in your address bar in your browser with the needed authorization code and the arbitrary token you provided on making the request for the authorization code. <br>
<br>
The PowerShell script I'm going to show you next will automagically grab this authorization code and register your app in your workstation registry. I'll show you that shortly.<br>
<br>
<b><u>Back to the config page on developer.box.com</u></b><br>
If you scroll to the bottom of the configuration page you will see a section 'Backend Parameters'. You will notice that the 'API Key' is the same as the client_id. I make this distinction because if you want help from Box with your app they will want your API Key and that is it. My PowerShell function records the API Key in your workstation's registry even though none of my other functions will ever actually use it. <br>
<br>
When I first built the function I thought it might be import to distinguish between client_id and 'API Key'. It ended up being a mute issue and isn't really a necessary part of the registration process in the PowerShell script I'm about to show you. I'm keeping my function the way it is just in case I ever have a need for the distinction, but you can remove it from the register function if you so chose (don't worry you'll understand once we go over the function).<br>
<br>
Save your application.<br>
<br>
Okay, we've registered our application with Box.com. We are done prepping our Box application and can now use our OAuth2 protocol to get access tokens and use the API to automate Box functionality. <br>
<br>
<a href="http://blog-powershell.blogspot.com/2014/06/using-powershell-to-manage-boxcom-part_30.html">Part 2 of this series</a> will show how to register the important client_id and client_secret on your workstation; how to retrieve your initial authorization code, access token, refresh token, and token expiration and write that information to your workstation's registry. We will also see how to refresh your access token when it expires. We will dive into how Box implemented the OAuth2 protocol and how PowerShell can exploit their implementation.</div>
Cameron Ovehttp://www.blogger.com/profile/07332062383899059988noreply@blogger.com0tag:blogger.com,1999:blog-7626999270234232842.post-48543451123628956682010-02-25T09:47:00.000-08:002010-03-02T07:38:52.847-08:00The Power of -SplitI work with Active Directory everyday. Sometimes, when I'm exporting information, I want to be able to break down the distinguishedName property to just give me the actual name. For example, in our environment we create names in AD with LastName, FirstName. The distguishedName for a user name like that ends up looking like this:<br />
<br />
cn=Doe\, Jane,ou=users,ou=location,dc=example,dc=com<br />
<br />
If I want to get just the name without the escape character or all the extra path info that makes up a distinguished name without PowerShell I'm probably going to copy the whole name to an editor and manually remove everthing to leave just Doe, Jane (probably just easier to type Doe, Jane instead of all of that copying stuff). But what happens if I need to get just the LastName, FirstName of a thousand people. Now I've some problems. I will have to export the DN's from AD, copy them to Word or Excel and then do a bunch of replacements or string manipulation on them.<br />
<br />
Or I can write a PowerShell script to give them to me:<br />
<br />
<div id="codeSnippetWrapper" style="background-color: #f4f4f4; border: 1px solid silver; cursor: text; direction: ltr; font-family: 'Courier New',courier,monospace; font-size: 8pt; line-height: 10pt; margin: 20px 0px 10px; max-height: 200px; overflow: auto; padding: 4px; text-align: left; width: 97%;"><div id="codeSnippet" style="background-color: #f4f4f4; border-style: none; color: black; direction: ltr; font-family: 'Courier New',courier,monospace; font-size: 8pt; line-height: 10pt; overflow: visible; padding: 0px; text-align: left; width: 100%;"><br />
<pre class="PowerShellColorizedScript"><span style="color: darkblue;">function</span> <span style="color: blueviolet;">Get-NameFromDN</span><span style="color: black;">(</span><span style="color: teal;">[string]</span><span style="color: orangered;">$DN</span><span style="color: black;">)</span><span style="color: black;">{</span>
<span style="color: darkblue;">return</span> <span style="color: black;">(</span><span style="color: orangered;">$DN</span><span style="color: darkgrey;">.</span><span style="color: black;">replace</span><span style="color: black;">(</span><span style="color: darkred;">'\'</span><span style="color: darkgrey;">,</span><span style="color: darkred;">''</span><span style="color: black;">)</span> <span style="color: darkgrey;">-split</span> <span style="color: darkred;">",*..="</span><span style="color: black;">)</span><span style="color: darkgrey;">[</span><span style="color: purple;">1</span><span style="color: darkgrey;">]</span>
<span style="color: black;">}</span>
<span style="color: blue;">Get-QADObject</span> <span style="color: darkgrey;">|</span> <span style="color: blue;">%</span><span style="color: black;">{</span><span style="color: blue;">Get-NameFromDN</span> <span style="color: orangered;">$_</span><span style="color: darkgrey;">.</span><span style="color: black;">distinguishedName</span><span style="color: black;">}</span>
</pre><br />
</div></div><br />
Did you notice that I can split the string with a [regex] delimiter? That is really cool. Try the split yourself; paste the string below into a PowerShell prompt and hit enter:<br />
<br />
<div id="codeSnippetWrapper" style="background-color: #f4f4f4; border: 1px solid silver; cursor: text; direction: ltr; font-family: 'Courier New',courier,monospace; font-size: 8pt; line-height: 10pt; margin: 20px 0px 10px; max-height: 200px; overflow: auto; padding: 4px; text-align: left; width: 97%;"><div id="codeSnippet" style="background-color: #f4f4f4; border-style: none; color: black; direction: ltr; font-family: 'Courier New',courier,monospace; font-size: 8pt; line-height: 10pt; overflow: visible; padding: 0px; text-align: left; width: 100%;"><br />
<pre class="PowerShellColorizedScript"><span style="color: darkred;">"cn=mygroupobjectname,ou=security groups,ou=location,dc=example,dc=com"</span> <span style="color: darkgrey;">-split</span> <span style="color: darkred;">",*..="</span></pre><br />
</div></div><br />
That produces:<br />
<div id="codeSnippetWrapper" style="background-color: #f4f4f4; border: 1px solid silver; cursor: text; direction: ltr; font-family: 'Courier New',courier,monospace; font-size: 8pt; line-height: 10pt; margin: 20px 0px 10px; max-height: 200px; overflow: auto; padding: 4px; text-align: left; width: 97%;"><div id="codeSnippet" style="background-color: #f4f4f4; border-style: none; color: black; direction: ltr; font-family: 'Courier New',courier,monospace; font-size: 8pt; line-height: 10pt; overflow: visible; padding: 0px; text-align: left; width: 100%;"><br />
<pre class="PowerShellColorizedScript"><span style="color: black;">PS C:></span><span style="color: darkred;">"cn=mygroupobjectname,ou=security groups,ou=location,dc=example,dc=com"</span> <span style="color: darkgrey;">-split</span> <span style="color: darkred;">",*..="</span>
<span style="color: black;">mygroupobjectname</span>
<span style="color: black;">security groups</span>
<span style="color: black;">location</span>
<span style="color: black;">example</span>
<span style="color: black;">com</span>
</pre><br />
</div></div><br />
The [regex] expression ",*..=" says find a pattern that matches zero or more commas any two characters and an equal sign. That would match any of the following:<br />
cn=<br />
,ou=<br />
,dc=<br />
<br />
This pattern becomes my delimiter so that when the split function runs it will split the string where ever it finds the match. It puts the remaining elements in a zero based array. Because a DN starts with a pattern match the first element of the array [0] will be empty. That is why in my Get-NameFromDN function above I retrieve element [1].<br />
<br />
PowerShell has a nice help article that explains the full functionality of -split. I recommend that you read it to see just how powerful -split is. You can find the help article by issuing the command:<br />
<br />
<div style="font-family: "Courier New",Courier,monospace;"><span style="font-size: small;">Get-Help about_split</span></div><br />
I used this example to show the power of the split operation, but you might be wondering just how practical this is. Well as it turns out I have a scheduled tasks that runs every week that does a csvde export of ActiveDirectory. We keep the csv files around for several months just in case we delete a user and need to recreate it we have all the info we need for the recreation. <br />
<br />
When you delete a user account all of the group memberships are deleted. So even if you use tools like ADFind and ADMod or Hyena to restore the account in AD, you will still need to get a list of groups the account belonged to from somewhere. If you haven't backed up AD you need to query the user and they probably wont know and the whole process becomes time consuming. That is why I do a csvde export for every domain I manage. The csvde export creates a column in the csv file called memberof and in that column concatenates the distinguishedNames of all the non-principal groups the account belongs to with a semi-colon. You can't just copy and paste the groups from the export into ADUC to add the groups, because, as mentioned above, ADUC's add group dialog won't accept distinguished names. You could create a script to use the DN which would be fine. But what if, like me, you needed to just supply the groups to your Logical Access team and they don't have any scripting ability. Well you can run a script like this:<br />
<br />
<div id="codeSnippetWrapper" style="background-color: #f4f4f4; border: 1px solid silver; cursor: text; direction: ltr; font-family: 'Courier New',courier,monospace; font-size: 8pt; line-height: 10pt; margin: 20px 0px 10px; max-height: 400px; overflow: auto; padding: 4px; text-align: left; width: 97%;"><div id="codeSnippet" style="background-color: #f4f4f4; border-style: none; color: black; direction: ltr; font-family: 'Courier New',courier,monospace; font-size: 8pt; line-height: 10pt; overflow: visible; padding: 0px; text-align: left; width: 100%;"><br />
<pre class="PowerShellColorizedScript"><span style="color: darkblue;">function</span> <span style="color: blueviolet;">Get-NameFromDN</span><span style="color: black;">(</span><span style="color: teal;">[string]</span><span style="color: orangered;">$DN</span><span style="color: black;">)</span><span style="color: black;">{</span>
<span style="color: darkblue;">return</span> <span style="color: black;">(</span><span style="color: orangered;">$DN</span><span style="color: darkgrey;">.</span><span style="color: black;">replace</span><span style="color: black;">(</span><span style="color: darkred;">'\'</span><span style="color: darkgrey;">,</span><span style="color: darkred;">''</span><span style="color: black;">)</span> <span style="color: darkgrey;">-split</span> <span style="color: darkred;">",*..="</span><span style="color: black;">)</span><span style="color: darkgrey;">[</span><span style="color: purple;">1</span><span style="color: darkgrey;">]</span>
<span style="color: black;">}</span>
<span style="color: orangered;">$lastname</span> <span style="color: darkgrey;">=</span> <span style="color: darkred;">"<lastname of="" user="">"</lastname></span>
<span style="color: darkgreen;"><#The following produces a list of group DNs that are found in the csv for the users with the last name specified.
To narrow your search you could -match on something else like 'lastname\, firstname' or a whole different column altogether.
#></span>
<span style="color: blue;">Import-Csv</span> <span style="color: blueviolet;">.\adexport.csv</span> <span style="color: darkgrey;">|</span> <span style="color: blue;">?</span><span style="color: black;">{</span><span style="color: orangered;">$_</span><span style="color: darkgrey;">.</span><span style="color: black;">DN</span> <span style="color: darkgrey;">-match</span> <span style="color: darkred;">'lastname'</span> <span style="color: darkgrey;">-and</span> <span style="color: orangered;">$_</span><span style="color: darkgrey;">.</span><span style="color: black;">objectclass</span> <span style="color: darkgrey;">-eq</span> <span style="color: darkred;">'user'</span><span style="color: black;">}</span> <span style="color: darkgrey;">|</span> <span style="color: blue;">%</span><span style="color: black;">{</span><span style="color: orangered;">$_</span><span style="color: darkgrey;">.</span><span style="color: black;">memberof</span><span style="color: darkgrey;">.</span><span style="color: black;">split</span><span style="color: black;">(</span><span style="color: darkred;">';'</span><span style="color: black;">)</span><span style="color: black;">}</span>
<span style="color: darkgreen;"><#However, you can't just copy the output, and send it to the LogicalAccess admin to paste in ADUC. ADUC's add group
dialog won't accept DN's. So add the function at the end and now you get a list of names that you can copy and paste in
an email to your LogicalAccess admin for him/her to create the account with.
#></span>
<span style="color: blue;">Import-Csv</span> <span style="color: blueviolet;">.\adexport.csv</span> <span style="color: darkgrey;">|</span> <span style="color: blue;">?</span><span style="color: black;">{</span><span style="color: orangered;">$_</span><span style="color: darkgrey;">.</span><span style="color: black;">DN</span> <span style="color: darkgrey;">-match</span> <span style="color: darkred;">'lastname'</span> <span style="color: darkgrey;">-and</span> <span style="color: orangered;">$_</span><span style="color: darkgrey;">.</span><span style="color: black;">objectclass</span> <span style="color: darkgrey;">-eq</span> <span style="color: darkred;">'user'</span><span style="color: black;">}</span> <span style="color: darkgrey;">|</span> <span style="color: blue;">%</span><span style="color: black;">{</span><span style="color: orangered;">$_</span><span style="color: darkgrey;">.</span><span style="color: black;">memberof</span><span style="color: darkgrey;">.</span><span style="color: black;">split</span><span style="color: black;">(</span><span style="color: darkred;">';'</span><span style="color: black;">)</span><span style="color: black;">}</span> <span style="color: darkgrey;">|</span> <span style="color: blue;">%</span><span style="color: black;">{</span><span style="color: blue;">Get-NameFromDN</span> <span style="color: orangered;">$_</span><span style="color: black;">}</span>
</pre><br />
</div></div>The first Import-Csv produces a list of group DNs. I can't use that for ADUC.<br />
<br />
The second Import-Csv produces what I want. Here is what it does.<br />
<br />
The second Import-Csv line passes each line of the csv file to the pipeline where a match is performed in both the DN column and the objectclass column. Once a match is found it grabs the memberof field in the matched line and splits it based on the semi-colon as the delimiter which produces a [string[]] of distinguished names of all the groups the account belonged to. This array is passed to the pipeline and each DN is passed to the function Get-NameFromDN which uses the powerful -split operation to split the string based on a pattern ",*..=" (which will match ou= or ,ou= or cn= or ,dc= etc...). The function then returns the second element of the split distinguished name (remember that because a DN starts with my delimiter pattern the first element [0] is empty). The output produces a list of Group names only, that I pasted into an email and sent to my logical access guy.<br />
I could have piped the group DNs to another function like Get-QADGroup $_, wrapped the function with parentheses, and gotten the name property like this:<br />
<span style="font-size: small;"><br />
</span><br />
<div style="font-family: "Courier New",Courier,monospace;"><span style="font-size: small;">...| %{(Get-QADGroup $_).name}</span></div><br />
but that was significantly slower so I'd rather run it through my splitting function for speed sake.<br />
<br />
You may have noticed in my Get-NameFromDN function I used the replace method. That is because in my environment we use Lastname, Firstname. LDAP has to escape the comma in the DN because each path element in the DN is separated by a comma; so commas within an attribute are escaped with a slash (\). Additionally, csvde escapes the \, again so that it is \\, in the csv file. The replace method in the function is replacing the escape character with nothing. That way the list that is produced can be directly used in ADUC. <br />
<br />
Of course this is just one example of how you can use the split functionality in PowerShell. I'm sure that as you do more scripting the knowledge of the power of -split will come in handy.<br />
<br />
Have fun.Cameron Ovehttp://www.blogger.com/profile/07332062383899059988noreply@blogger.com0tag:blogger.com,1999:blog-7626999270234232842.post-8975020188046176562010-02-09T11:13:00.000-08:002010-02-09T16:09:30.679-08:00Windows Pentesters Delight--Watch Out Linux Users, Move Over for MS.Well one of my hobbies is security. Of course anyone who wants the respect for the Security community should probably learn Linux and the tools that come with Linux. This has led to me doing some cool stuff with Bash, learning BackTrack, and research and gaining knowledge of the Linux environment. I've also been taking the course over at Offensive-Security.com. I know that Linux is for serious security guru's (who would laugh at someone that said they use Windows for all their security needs), but I think that PowerShell has the ability to offer viable alternatives to some of the Linux tools. Just throwing this out there--Linux should watch it or else it may lose it's 'Security' throne to Windows (I'm sure that comment is going to get flamed).<br />
<br />
Anyway, take for example Information Gathering Techniques. The BackTrack distro offers a number of tools to find user info and email info about companies from web sites. So I was thinking, "How can I start converting some of these tools over to Windows using PowerShell?" Well here is my start...<br />
<br />
One of the first things I was thinking would be nice, would be to grab web pages to search for email addresses or other things. So here is a quick little function for grabbing web pages:<br />
<div id="codeSnippetWrapper" style="background-color: #f4f4f4; border: 1px solid silver; cursor: text; direction: ltr; font-family: 'Courier New',courier,monospace; font-size: 8pt; line-height: 10pt; margin: 20px 0px 10px; max-height: 300pt; overflow: auto; padding: 4px; text-align: left; width: 600pt;"><div id="codeSnippet" style="background-color: #f4f4f4; border-style: none; color: black; direction: ltr; font-family: 'Courier New',courier,monospace; font-size: 8pt; line-height: 10pt; overflow: visible; padding: 0px; text-align: left; width: 100%;"><br />
<pre class="PowerShellColorizedScript"><span style="color: darkblue;">function</span> <span style="color: blueviolet;">Get-WebPage</span><span style="color: black;">{</span>
<span style="color: darkblue;">param</span><span style="color: black;">(</span><span style="color: teal;">[string]</span><span style="color: orangered;">$Url</span><span style="color: black;">)</span>
<span style="color: orangered;">$WebClient</span> <span style="color: darkgrey;">=</span> <span style="color: blue;">New-Object</span> <span style="color: blueviolet;">System.Net.WebClient</span>
<span style="color: orangered;">$WebPage</span> <span style="color: darkgrey;">=</span> <span style="color: orangered;">$WebClient</span><span style="color: darkgrey;">.</span><span style="color: black;">DownloadData</span><span style="color: black;">(</span><span style="color: orangered;">$Url</span><span style="color: black;">)</span>
<span style="color: darkblue;">return</span> <span style="color: teal;">[System.Text.Encoding]</span><span style="color: darkgrey;">::</span><span style="color: black;">ASCII</span><span style="color: darkgrey;">.</span><span style="color: black;">GetString</span><span style="color: black;">(</span><span style="color: orangered;">$WebPage</span><span style="color: black;">)</span>
<span style="color: black;">}</span></pre></div></div><br />
That little goody will get you the HTML text of the URL you supply. "What can you do with that?" you ask. How about getting Google results (if you get permission from Google first of course)...<br />
<div id="codeSnippetWrapper" style="background-color: #f4f4f4; border: 1px solid silver; cursor: text; direction: ltr; font-family: 'Courier New',courier,monospace; font-size: 8pt; line-height: 10pt; margin: 20px 0px 10px; max-height: 300pt; overflow: auto; padding: 4px; text-align: left; width: 600pt;"><div id="codeSnippet" style="background-color: #f4f4f4; border-style: none; color: black; direction: ltr; font-family: 'Courier New',courier,monospace; font-size: 8pt; line-height: 10pt; overflow: visible; padding: 0px; text-align: left; width: 100%;"><br />
<pre class="PowerShellColorizedScript"><span style="color: darkblue;">function</span> <span style="color: blueviolet;">Get-GoogleResults</span><span style="color: black;">{</span>
<span style="color: darkblue;">Param</span><span style="color: black;">(</span> <span style="color: teal;">[string]</span><span style="color: orangered;">$Search</span><span style="color: darkgrey;">,</span>
<span style="color: teal;">[int]</span><span style="color: orangered;">$PageNumber</span><span style="color: darkgrey;">=</span><span style="color: purple;">1</span><span style="color: darkgrey;">,</span>
<span style="color: teal;">[string]</span><span style="color: orangered;">$site</span><span style="color: darkgrey;">=</span><span style="color: darkred;">"http://www.google.com"</span><span style="color: darkgrey;">,</span>
<span style="color: teal;">[string]</span><span style="color: orangered;">$SearchPrefix</span> <span style="color: darkgrey;">=</span> <span style="color: darkred;">"/search?q="</span>
<span style="color: black;">)</span>
<span style="color: darkblue;">Function</span> <span style="color: blueviolet;">Get-ResultObject</span><span style="color: black;">(</span><span style="color: teal;">[string]</span><span style="color: orangered;">$rTitle</span><span style="color: darkgrey;">,</span><span style="color: teal;">[string]</span><span style="color: orangered;">$rUrl</span><span style="color: black;">)</span><span style="color: black;">{</span>
<span style="color: orangered;">$tempobject</span> <span style="color: darkgrey;">=</span> <span style="color: blue;">New-Object</span> <span style="color: blueviolet;">PSObject</span> <span style="color: navy;">-Property</span> <span style="color: black;">@{</span><span style="color: black;">Title</span><span style="color: darkgrey;">=</span><span style="color: orangered;">$null</span><span style="color: black;">;</span><span style="color: black;">Link</span><span style="color: darkgrey;">=</span><span style="color: orangered;">$null</span><span style="color: black;">}</span>
<span style="color: orangered;">$tempobject</span><span style="color: darkgrey;">.</span><span style="color: black;">Title</span> <span style="color: darkgrey;">=</span> <span style="color: orangered;">$rTitle</span>
<span style="color: orangered;">$tempobject</span><span style="color: darkgrey;">.</span><span style="color: black;">Link</span> <span style="color: darkgrey;">=</span> <span style="color: orangered;">$rUrl</span>
<span style="color: darkblue;">return</span> <span style="color: orangered;">$tempobject</span>
<span style="color: black;">}</span>
<span style="color: orangered;">$PageNumber</span> <span style="color: darkgrey;">=</span> <span style="color: black;">(</span><span style="color: orangered;">$PageNumber</span> <span style="color: darkgrey;">-</span> <span style="color: purple;">1</span><span style="color: black;">)</span> <span style="color: darkgrey;">*</span> <span style="color: purple;">10</span>
<span style="color: orangered;">$WebSearch</span> <span style="color: darkgrey;">=</span> <span style="color: darkred;">"$site$searchprefix$search`&start=$PageNumber"</span>
<span style="color: orangered;">$regex</span> <span style="color: darkgrey;">=</span> <span style="color: teal;">[regex]</span><span style="color: darkred;">'<h3 class=r>.*?</h3>'</span>
<span style="color: orangered;">$GoogleResults</span> <span style="color: darkgrey;">=</span> <span style="color: blue;">Get-WebPage</span> <span style="color: orangered;">$WebSearch</span>
<span style="color: orangered;">$regex</span><span style="color: darkgrey;">.</span><span style="color: black;">matches</span><span style="color: black;">(</span><span style="color: orangered;">$GoogleResults</span><span style="color: black;">)</span> <span style="color: darkgrey;">|</span>
<span style="color: blue;">%</span><span style="color: black;">{</span> <span style="color: orangered;">$Title</span> <span style="color: darkgrey;">=</span> <span style="color: teal;">[regex]</span><span style="color: darkgrey;">::</span><span style="color: black;">replace</span><span style="color: black;">(</span><span style="color: orangered;">$_</span><span style="color: darkgrey;">,</span><span style="color: darkred;">"<.*?>"</span><span style="color: darkgrey;">,</span><span style="color: darkred;">""</span><span style="color: black;">)</span>
<span style="color: orangered;">$Link</span> <span style="color: darkgrey;">=</span> <span style="color: teal;">[regex]</span><span style="color: darkgrey;">::</span><span style="color: black;">matches</span><span style="color: black;">(</span><span style="color: orangered;">$_</span><span style="color: darkgrey;">,</span><span style="color: darkred;">'\".*\"'</span><span style="color: black;">)</span><span style="color: darkgrey;">|</span> <span style="color: blue;">%</span><span style="color: black;">{</span><span style="color: orangered;">$_</span><span style="color: darkgrey;">.</span><span style="color: black;">value</span><span style="color: darkgrey;">.</span><span style="color: black;">trim</span><span style="color: black;">(</span><span style="color: darkred;">'`"'</span><span style="color: black;">)</span><span style="color: black;">}</span>
<span style="color: orangered;">$AllResults</span> <span style="color: darkgrey;">+=</span> <span style="color: black;">@(</span><span style="color: blue;">Get-ResultObject</span> <span style="color: orangered;">$Title</span> <span style="color: orangered;">$Link</span><span style="color: black;">)</span>
<span style="color: black;">}</span>
<span style="color: darkblue;">return</span> <span style="color: orangered;">$AllResults</span>
<span style="color: black;">}</span></pre></div></div>The Get-GoogleResults will return the Title and link for each search result. You can supply the page number to get the next page of results. I.e. <i>Get-GoogleResults 'beer lovers' 3</i> will retrieve the third page of results from a Google search.<br />
<br />
That particular function returns an array of objects with Title and Link as properties. You can then go through the array get the URL for each link and search it if you want for email addresses.<br />
<br />
<div id="codeSnippetWrapper" style="border: 1px solid silver; margin: 20px 0px 10px; padding: 4px; overflow: auto; text-align: left; line-height: 10pt; background-color: #f4f4f4; width: 600pt; font-family: 'Courier New',courier,monospace; direction: ltr; max-height: 200pt; font-size: 8pt; cursor: text;"><div id="codeSnippet" style="border-style: none; padding: 0px; overflow: visible; text-align: left; line-height: 10pt; background-color: #f4f4f4; width: 100%; font-family: 'Courier New',courier,monospace; direction: ltr; color: black; font-size: 8pt;"><br />
<pre class='PowerShellColorizedScript'><span style='color:#00008b'>for</span><span style='color:#000000'>(</span><span style='color:#ff4500'>$i</span><span style='color:#a9a9a9'>=</span><span style='color:#800080'>1</span><span style='color:#000000'>;</span><span style='color:#ff4500'>$i</span> <span style='color:#a9a9a9'>-le</span> <span style='color:#800080'>10</span><span style='color:#000000'>;</span> <span style='color:#ff4500'>$i</span><span style='color:#a9a9a9'>++</span><span style='color:#000000'>)</span><span style='color:#000000'>{</span><span style='color:#0000ff'>Get-GoogleResults</span> <span style='color:#8b0000'>"samueladams.com"</span> <span style='color:#ff4500'>$i</span> <span style='color:#a9a9a9'>|</span> <span style='color:#0000ff'>%</span><span style='color:#000000'>{</span><span style='color:#0000ff'>Get-WebPage</span> <span style='color:#ff4500'>$_</span><span style='color:#a9a9a9'>.</span><span style='color:#000000'>Link</span> <span style='color:#a9a9a9'>|</span> <span style='color:#0000ff'>%</span><span style='color:#000000'>{</span><span style='color:#000000'>(</span><span style='color:#008080'>[regex]</span><span style='color:#8b0000'>'\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*'</span><span style='color:#000000'>)</span><span style='color:#a9a9a9'>.</span><span style='color:#000000'>matches</span><span style='color:#000000'>(</span><span style='color:#ff4500'>$_</span><span style='color:#000000'>)</span> <span style='color:#a9a9a9'>|</span> <span style='color:#0000ff'>%</span><span style='color:#000000'>{</span><span style='color:#ff4500'>$_</span><span style='color:#a9a9a9'>.</span><span style='color:#000000'>value</span><span style='color:#000000'>}</span><span style='color:#000000'>}</span><span style='color:#000000'>}</span><span style='color:#000000'>}</span></pre></div></div><br />
I'm pretty sure there's a couple of Linux tools that'll replace (LOL).<br />
<br />
Have fun<br />
CameronCameron Ovehttp://www.blogger.com/profile/07332062383899059988noreply@blogger.com0tag:blogger.com,1999:blog-7626999270234232842.post-91078032767222663242010-01-07T15:27:00.000-08:002010-01-15T15:33:24.254-08:00Get-Oneliner | Group it | Sort it | Format itWell if you read my first post on my blog you will note that I'm not (or wasn't) a fan of one-liners. I really like structured code; and PowerShell does a great job at letting me do that. Recently, though, I've had a change of heart (the more I use PowerShell the more I change my views on it). I've now officially become a fan of one-liners.<br />
<br />
I've been reading Dr. Tobias Weltner's book <a href="http://powershell.com/Mastering-PowerShell.pdf">Mastering-PowerShell</a> (I find it to be very well written and super helpful). Chapter 5 entitled "The PowerShell Pipeline" was very enlightening. So I wrote a one-liner that gets all AD users and groups them by manager, sorts them and displays them in a nice text tree. I have two versions. I wrote the first one because I have a multi-domain forest and some of the mangers are not in the same domain as the users and currently the ActiveDirectory module won't let you search cross domain to my knowledge. The second example is for a single domain forest. Both one-liners take into consideration that the user object my not have the manager attribute set.<br />
<br />
<span style="font-size: large;"><b><u>Example 1 Multi-domain Forest</u> </b></span><span style="font-size: small;"><i>(replace<b> foreigndomain</b> and <b>localdomain</b> with real domain names)</i></span><br />
<pre class="PowerShellColorizedScript"><span style="color: blue;">Get-ADUser</span> <span style="color: navy;">-filter</span> <span style="color: blueviolet;">*</span> <span style="color: navy;">-Properties</span> <span style="color: blueviolet;">samaccountname</span><span style="color: darkgrey;">,</span> <span style="color: blueviolet;">displayname</span><span style="color: darkgrey;">,</span> <span style="color: blueviolet;">manager</span> <span style="color: darkgrey;">|</span>
<span style="color: blue;">group</span> <span style="color: black;">{</span><span style="color: darkblue;">if</span><span style="color: black;">(</span><span style="color: black;">(</span><span style="color: orangered;">$_</span><span style="color: darkgrey;">.</span><span style="color: black;">manager</span> <span style="color: darkgrey;">-ne</span> <span style="color: orangered;">$null</span><span style="color: black;">)</span> <span style="color: darkgrey;">-and</span> <span style="color: black;">(</span><span style="color: orangered;">$_</span><span style="color: darkgrey;">.</span><span style="color: black;">manager</span> <span style="color: darkgrey;">-imatch</span> <span style="color: darkred;">"dc=localdomain"</span><span style="color: black;">)</span><span style="color: black;">)</span><span style="color: black;">{</span>
<span style="color: black;">(</span><span style="color: blue;">Get-ADObject</span> <span style="color: orangered;">$_</span><span style="color: darkgrey;">.</span><span style="color: black;">manager</span> <span style="color: navy;">-Properties</span> <span style="color: blueviolet;">displayname</span><span style="color: black;">)</span><span style="color: darkgrey;">.</span><span style="color: black;">displayname</span>
<span style="color: black;">}</span><span style="color: darkblue;">else</span><span style="color: black;">{</span>
<span style="color: darkblue;">if</span><span style="color: black;">(</span><span style="color: orangered;">$_</span><span style="color: darkgrey;">.</span><span style="color: black;">manager</span> <span style="color: darkgrey;">-imatch</span> <span style="color: darkred;">"dc=foreigndomain"</span><span style="color: black;">)</span><span style="color: black;">{</span><span style="color: darkred;">"FOREIGNDOMAINNAME"</span>
<span style="color: black;">}</span><span style="color: darkblue;">else</span><span style="color: black;">{</span>
<span style="color: darkred;">"UNKNOWN"</span><span style="color: black;">}</span><span style="color: black;">}</span><span style="color: black;">}</span> <span style="color: darkgrey;">|</span>
<span style="color: blue;">sort</span> <span style="color: blueviolet;">name</span> <span style="color: darkgrey;">|</span>
<span style="color: blue;">%</span><span style="color: black;">{</span><span style="color: orangered;">$_</span><span style="color: darkgrey;">.</span><span style="color: black;">Name</span><span style="color: black;">;</span> <span style="color: darkred;">"-------------------"</span><span style="color: black;">;</span> <span style="color: black;">(</span><span style="color: orangered;">$_</span><span style="color: darkgrey;">.</span><span style="color: black;">Group</span> <span style="color: darkgrey;">|</span>
<span style="color: blue;">%</span><span style="color: black;">{</span><span style="color: darkblue;">if</span><span style="color: black;">(</span><span style="color: orangered;">$_</span><span style="color: darkgrey;">.</span><span style="color: black;">displayname</span> <span style="color: darkgrey;">-ne</span> <span style="color: orangered;">$null</span><span style="color: black;">)</span><span style="color: black;">{</span><span style="color: darkred;">"`t$($_.displayname)"</span><span style="color: black;">}</span><span style="color: darkblue;">else</span><span style="color: black;">{</span><span style="color: darkred;">"`t$($_.samaccountname)"</span><span style="color: black;">}</span><span style="color: black;">}</span><span style="color: black;">)</span><span style="color: black;">;</span> <span style="color: darkred;">"`n"</span><span style="color: black;">}</span></pre><br />
<div id="codeSnippetWrapper" style="border: 1px solid silver; margin: 20px 0px 10px; padding: 4px; overflow: auto; text-align: left; line-height: 12pt; background-color: #f4f4f4; width: 97.5%; font-family: 'Courier New',courier,monospace; direction: ltr; max-height: 500px; font-size: 10pt; cursor: text;"><div id="codeSnippet" style="border-style: none; padding: 0px; overflow: visible; text-align: left; line-height: 12pt; background-color: #f4f4f4; width: 100%; font-family: 'Courier New',courier,monospace; direction: ltr; color: black; font-size: 10pt;"><pre class='PowerShellColorizedScript'><span style='color:#0000ff'>Get-ADUser</span> <span style='color:#000080'>-filter</span> <span style='color:#8a2be2'>*</span> <span style='color:#000080'>-Properties</span> <span style='color:#8a2be2'>samaccountname</span><span style='color:#a9a9a9'>,</span> <span style='color:#8a2be2'>displayname</span><span style='color:#a9a9a9'>,</span> <span style='color:#8a2be2'>manager</span> <span style='color:#a9a9a9'>|</span> <span style='color:#0000ff'>group</span> <span style='color:#000000'>{</span><span style='color:#00008b'>if</span><span style='color:#000000'>(</span><span style='color:#000000'>(</span><span style='color:#ff4500'>$_</span><span style='color:#a9a9a9'>.</span><span style='color:#000000'>manager</span> <span style='color:#a9a9a9'>-ne</span> <span style='color:#ff4500'>$null</span><span style='color:#000000'>)</span> <span style='color:#a9a9a9'>-and</span> <span style='color:#000000'>(</span><span style='color:#ff4500'>$_</span><span style='color:#a9a9a9'>.</span><span style='color:#000000'>manager</span> <span style='color:#a9a9a9'>-imatch</span> <span style='color:#8b0000'>"dc=localdomain"</span><span style='color:#000000'>)</span><span style='color:#000000'>)</span><span style='color:#000000'>{</span><span style='color:#000000'>(</span><span style='color:#0000ff'>Get-ADObject</span> <span style='color:#ff4500'>$_</span><span style='color:#a9a9a9'>.</span><span style='color:#000000'>manager</span> <span style='color:#000080'>-Properties</span> <span style='color:#8a2be2'>displayname</span><span style='color:#000000'>)</span><span style='color:#a9a9a9'>.</span><span style='color:#000000'>displayname</span><span style='color:#000000'>}</span><span style='color:#00008b'>else</span><span style='color:#000000'>{</span><span style='color:#00008b'>if</span><span style='color:#000000'>(</span><span style='color:#ff4500'>$_</span><span style='color:#a9a9a9'>.</span><span style='color:#000000'>manager</span> <span style='color:#a9a9a9'>-imatch</span> <span style='color:#8b0000'>"dc=foreigndomain"</span><span style='color:#000000'>)</span><span style='color:#000000'>{</span><span style='color:#8b0000'>"FOREIGNDOMAINNAME"</span><span style='color:#000000'>}</span><span style='color:#00008b'>else</span><span style='color:#000000'>{</span><span style='color:#8b0000'>"UNKNOWN"</span><span style='color:#000000'>}</span><span style='color:#000000'>}</span><span style='color:#000000'>}</span> <span style='color:#a9a9a9'>|</span> <span style='color:#0000ff'>sort</span> <span style='color:#8a2be2'>name</span> <span style='color:#a9a9a9'>|</span> <span style='color:#0000ff'>%</span><span style='color:#000000'>{</span><span style='color:#ff4500'>$_</span><span style='color:#a9a9a9'>.</span><span style='color:#000000'>Name</span><span style='color:#000000'>;</span> <span style='color:#8b0000'>"-------------------"</span><span style='color:#000000'>;</span> <span style='color:#000000'>(</span><span style='color:#ff4500'>$_</span><span style='color:#a9a9a9'>.</span><span style='color:#000000'>Group</span> <span style='color:#a9a9a9'>|</span> <span style='color:#0000ff'>%</span><span style='color:#000000'>{</span><span style='color:#00008b'>if</span><span style='color:#000000'>(</span><span style='color:#ff4500'>$_</span><span style='color:#a9a9a9'>.</span><span style='color:#000000'>displayname</span> <span style='color:#a9a9a9'>-ne</span> <span style='color:#ff4500'>$null</span><span style='color:#000000'>)</span><span style='color:#000000'>{</span><span style='color:#8b0000'>"`t$($_.displayname)"</span><span style='color:#000000'>}</span><span style='color:#00008b'>else</span><span style='color:#000000'>{</span><span style='color:#8b0000'>"`t$($_.samaccountname)"</span><span style='color:#000000'>}</span><span style='color:#000000'>}</span><span style='color:#000000'>)</span><span style='color:#000000'>;</span> <span style='color:#8b0000'>"`n"</span><span style='color:#000000'>}</span>
</pre></div></div><br />
<br />
<span style="font-size: large;"><b><u>Example 2 Single-domain Forest</u></b></span><br />
<pre class="PowerShellColorizedScript"><span style="color: blue;">Get-ADUser</span> <span style="color: navy;">-filter</span> <span style="color: blueviolet;">*</span> <span style="color: navy;">-Properties</span> <span style="color: blueviolet;">samaccountname</span><span style="color: darkgrey;">,</span> <span style="color: blueviolet;">displayname</span><span style="color: darkgrey;">,</span> <span style="color: blueviolet;">manager</span> <span style="color: darkgrey;">|</span>
<span style="color: blue;">group</span> <span style="color: black;">{</span><span style="color: darkblue;">if</span><span style="color: black;">(</span><span style="color: orangered;">$_</span><span style="color: darkgrey;">.</span><span style="color: black;">manager</span> <span style="color: darkgrey;">-ne</span> <span style="color: orangered;">$null</span><span style="color: black;">)</span><span style="color: black;">{</span><span style="color: black;">(</span><span style="color: blue;">Get-ADObject</span> <span style="color: orangered;">$_</span><span style="color: darkgrey;">.</span><span style="color: black;">manager</span> <span style="color: navy;">-Properties</span> <span style="color: blueviolet;">displayname</span><span style="color: black;">)</span><span style="color: darkgrey;">.</span><span style="color: black;">displayname</span><span style="color: black;">}</span><span style="color: darkblue;">else</span><span style="color: black;">{</span><span style="color: darkred;">"UNKNOWN"</span><span style="color: black;">}</span><span style="color: black;">}</span> <span style="color: darkgrey;">|</span>
<span style="color: blue;">sort</span> <span style="color: blueviolet;">name</span> <span style="color: darkgrey;">|</span>
<span style="color: blue;">%</span> <span style="color: black;">{</span> <span style="color: orangered;">$_</span><span style="color: darkgrey;">.</span><span style="color: black;">Name</span><span style="color: black;">;</span>
<span style="color: darkred;">"-------------------"</span><span style="color: black;">;</span>
<span style="color: black;">(</span><span style="color: orangered;">$_</span><span style="color: darkgrey;">.</span><span style="color: black;">Group</span> <span style="color: darkgrey;">|</span> <span style="color: blue;">%</span><span style="color: black;">{</span><span style="color: darkblue;">if</span><span style="color: black;">(</span><span style="color: orangered;">$_</span><span style="color: darkgrey;">.</span><span style="color: black;">displayname</span> <span style="color: darkgrey;">-ne</span> <span style="color: orangered;">$null</span><span style="color: black;">)</span><span style="color: black;">{</span><span style="color: darkred;">"`t$($_.displayname)"</span><span style="color: black;">}</span><span style="color: darkblue;">else</span><span style="color: black;">{</span><span style="color: darkred;">"`t$($_.samaccountname)"</span><span style="color: black;">}</span><span style="color: black;">}</span><span style="color: black;">)</span><span style="color: black;">;</span>
<span style="color: darkred;">"`n"</span><span style="color: black;">}</span></pre><br />
<div id="codeSnippetWrapper" style="border: 1px solid silver; margin: 20px 0px 10px; padding: 4px; overflow: auto; text-align: left; line-height: 12pt; background-color: #f4f4f4; width: 97.5%; font-family: 'Courier New',courier,monospace; direction: ltr; max-height: 200px; font-size: 10pt; cursor: text;"><div id="codeSnippet" style="border-style: none; padding: 0px; overflow: visible; text-align: left; line-height: 12pt; background-color: #f4f4f4; width: 100%; font-family: 'Courier New',courier,monospace; direction: ltr; color: black; font-size: 10pt;"><pre class='PowerShellColorizedScript'><span style='color:#0000ff'>Get-ADUser</span> <span style='color:#000080'>-filter</span> <span style='color:#8a2be2'>*</span> <span style='color:#000080'>-Properties</span> <span style='color:#8a2be2'>samaccountname</span><span style='color:#a9a9a9'>,</span> <span style='color:#8a2be2'>displayname</span><span style='color:#a9a9a9'>,</span> <span style='color:#8a2be2'>manager</span> <span style='color:#a9a9a9'>|</span> <span style='color:#0000ff'>group</span> <span style='color:#000000'>{</span><span style='color:#00008b'>if</span><span style='color:#000000'>(</span><span style='color:#ff4500'>$_</span><span style='color:#a9a9a9'>.</span><span style='color:#000000'>manager</span> <span style='color:#a9a9a9'>-ne</span> <span style='color:#ff4500'>$null</span><span style='color:#000000'>)</span><span style='color:#000000'>{</span><span style='color:#000000'>(</span><span style='color:#0000ff'>Get-ADObject</span> <span style='color:#ff4500'>$_</span><span style='color:#a9a9a9'>.</span><span style='color:#000000'>manager</span> <span style='color:#000080'>-Properties</span> <span style='color:#8a2be2'>displayname</span><span style='color:#000000'>)</span><span style='color:#a9a9a9'>.</span><span style='color:#000000'>displayname</span><span style='color:#000000'>}</span><span style='color:#00008b'>else</span><span style='color:#000000'>{</span><span style='color:#8b0000'>"UNKNOWN"</span><span style='color:#000000'>}</span><span style='color:#000000'>}</span> <span style='color:#a9a9a9'>|</span> <span style='color:#0000ff'>sort</span> <span style='color:#8a2be2'>name</span> <span style='color:#a9a9a9'>|</span> <span style='color:#0000ff'>%</span> <span style='color:#000000'>{</span> <span style='color:#ff4500'>$_</span><span style='color:#a9a9a9'>.</span><span style='color:#000000'>Name</span><span style='color:#000000'>;</span><span style='color:#8b0000'>"-------------------"</span><span style='color:#000000'>;</span><span style='color:#000000'>(</span><span style='color:#ff4500'>$_</span><span style='color:#a9a9a9'>.</span><span style='color:#000000'>Group</span> <span style='color:#a9a9a9'>|</span> <span style='color:#0000ff'>%</span><span style='color:#000000'>{</span><span style='color:#00008b'>if</span><span style='color:#000000'>(</span><span style='color:#ff4500'>$_</span><span style='color:#a9a9a9'>.</span><span style='color:#000000'>displayname</span> <span style='color:#a9a9a9'>-ne</span> <span style='color:#ff4500'>$null</span><span style='color:#000000'>)</span><span style='color:#000000'>{</span><span style='color:#8b0000'>"`t$($_.displayname)"</span><span style='color:#000000'>}</span><span style='color:#00008b'>else</span><span style='color:#000000'>{</span><span style='color:#8b0000'>"`t$($_.samaccountname)"</span><span style='color:#000000'>}</span><span style='color:#000000'>}</span><span style='color:#000000'>)</span><span style='color:#000000'>;</span><span style='color:#8b0000'>"`n"</span><span style='color:#000000'>}</span></pre></div></div><br />
Output will be something like this:<br />
<div id="codeSnippetWrapper" style="border: 1px solid silver; margin: 20px 0px 10px; padding: 4px; overflow: auto; text-align: left; line-height: 12pt; background-color: #f4f4f4; width: 97.5%; font-family: 'Courier New',courier,monospace; direction: ltr; max-height: 600px; font-size: 10pt; cursor: text;"><div id="codeSnippet" style="border-style: none; padding: 0px; overflow: visible; text-align: left; line-height: 12pt; background-color: #f4f4f4; width: 100%; font-family: 'Courier New',courier,monospace; direction: ltr; color: black; font-size: 10pt;"><pre><span>
PS C:\>Get-ADUser -filter * -Properties samaccountname, displayname, manager | group {if(($_.manager -ne $null) -and ($_.manager -imatch "dc=localdomain")){(Get-ADObject $_.manager -Properties displayname).displayname}else{if($_.manager -imatch "dc=foreigndomain"){"FOREIGNDOMAINNAME"}else{"UNKNOWN"}}} | sort name | %{$_.Name; "-------------------"; ($_.Group | %{if($_.displayname -ne $null){"`t$($_.displayname)"}else{"`t$($_.samaccountname)"}}); "`n"}
Foreign Domain
--------------------
Employee4
Employee5
Employee6
Employee7
Manager1
--------------------
Employee1
Employee2
Manager2
--------------------
Employee3
UNKNOWN
--------------------
Employee8
Employee9
.
.
.
etc...
You get the idea.
</span>
</pre></div></div><br />
Have fun.!Cameron Ovehttp://www.blogger.com/profile/07332062383899059988noreply@blogger.com1tag:blogger.com,1999:blog-7626999270234232842.post-25090418406320000372010-01-04T09:49:00.000-08:002010-01-04T10:08:45.690-08:00I definately recommend the PowerShellPack.When I first started developing for PowerShell I was using the PowerShell ISE that comes with Windows 7. Mainly because my version of Sapien PrimalScript doesn't support PowerShell v2 with Intellisense. So I looked all over for a snazzy IDE that gave me full support for PS 2. I liked <a href="http://www.powergui.org/index.jspa">Quest's editor (PowerGUI)</a> the best, but it just doesn't work at present with the AD module from Microsoft (go figure--Quest has their own AD tools, which are very robust). So I checked out Idera's PowerShellPlus. It is just a bit much for me. Don't get me wrong. PowerShellPlus is really amazing and<a href="http://powershell.com/cs/blogs/ebook/"> Dr. Tobias Weltner has a really good book</a> (and it's free) to help learn PowerShell, but the IDE is just too much for me (price wise-at least for now). Also, Sapien's <a href="http://www.primaltools.com/products/info.asp?p=PrimalScript">PrimalScript 2009</a> is supposed to be very good (I've been using 2007 for all my VBScripting for years now and I really like their IDE).<br />
<br />
However, the more I used PowerShell ISE the more I enjoyed developing with it. It has a great interactive environment. I can try out my commands first in the console window then go on the left pane (where I've located the editor in my environment), and type my code when it finally works. It's so simple, yet so powerful. <br />
<br />
But...I want intellisense (so I thought). Also I'm blogging now, and I want to copy my nice color coded script to my blog. Well there really isn't a need for intellisense in ISE. Microsft allows the script editor to use tab completion (out-of-the-box). I love tab completion and behaves just like the PS console. Once you get used to tab completion intellisense becomes annoying (at least in my case it did).<br />
<br />
What about my blogging though. Well that is where the PowerShellPack comes in (finally--maybe I should have titled this blog entry something else). When you install the pack (get it <a href="http://code.msdn.microsoft.com/PowerShellPack/Release/ProjectReleases.aspx?ReleaseId=3341"><u>here</u></a>) it adds a ton of features to the ISE. I can now copy my code in colored HTML straight to the clipboard so that I can post it in my blog. Isn't that great!<br />
<br />
That's not all the PowerShellPack does. It comes with 10 modules that let you do all kinds of things. I'm playing around with building UIs using the new cmdlets around WPF. Good stuff. Head over to the <a href="http://code.msdn.microsoft.com/PowerShellPack">main site</a>. Check out some videos and have fun.Cameron Ovehttp://www.blogger.com/profile/07332062383899059988noreply@blogger.com1tag:blogger.com,1999:blog-7626999270234232842.post-33744383575772006552010-01-04T09:29:00.000-08:002010-01-04T09:29:56.982-08:00Running PowerShell v2 RTM on Something Other Than Win 7 or Win 2008R2I know this site is dedicated to running PowerShell v2 RTM on Windows 7 or Windows 2008 R2. However if you would like to start playing with PowerShell v2 RTM on some other operating system go <a href="http://support.microsoft.com/kb/968929"><u>here</u></a>.<br />
<br />
Have fun.Cameron Ovehttp://www.blogger.com/profile/07332062383899059988noreply@blogger.com2tag:blogger.com,1999:blog-7626999270234232842.post-52793194377376735422010-01-04T09:23:00.000-08:002010-01-11T11:09:06.304-08:00How to use PowerShell v2 RTM and the ActiveDirectory Module that comes with RSAT.I noticed that not a lot of people are using the new Active Directory module in PowerShell v2 RTM (ps2rtm). <i>Maybe it's because you can only take advantage of the AD module if you are running Windows 7. Windows 7 with AD module and ADWS will let you manage Win 2003 AD but you cannot run the PowerShell AD module on Win XP or 2003. </i><br />
<br />
I had been avoiding PowerShell until recently for the more familiar (in my case) vbscript for several years now. I just didn't want to give up vb. [adsi] in PowerShell didn't seem that much easier than adsi in vbscript. However, recently a catastrophic event took place in my life (all my work in vb for the last year were gone) which caused me to re-evaluate PowerShell. I'd been putting it off but now forces were at work that kind of shoved me in that direction. So I dove in. I have to say--I am so glad I did.<br />
<br />
That said I'm finding that a large majority of the posh community are not using the latest greatest. I can understand that. Had I invested a couple of years in ps1 I would be reluctant to move to ps2rtm for production stuff (look at me I didn't even want to move away from vbscript). Plus I was reluctant to move to Windows 7. <i>All my colleagues were using Win7 RCx not sure which version. I waited until RTM and then only installed it on an extra workstation in my office. Now I run it on my primary workstation--it really is a nice OS.</i><br />
<br />
Anyway, I just wanted to say to moving to ps2rtm and using the new ActiveDirectory module is not that painful (if you are running Windows 7). It takes all of 15 minutes. I'm not trying to diminish the value of Quest tools, but really the future of ps2 includes a fully functional, fully featured set of AD tools. And it's really not that hard to start taking advantage of them (even if you are running a Windows 2003 functional AD environment).<br />
<br />
First prepare your AD environment. <a href="http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=008940c6-0296-4597-be3e-1d24c1cf0dda"><u>Here</u></a> are the instructions and download. Read the page carefully. For Windows 2003 DCs you will need to install two patches (the links for the patches are in the instructions on that page) and you may need to install the latest .Net 3.5 from Microsoft Update site. Again all of the instructions and prerequisites are found on the page I linked to above. I'm running a Windows 2003 native AD environment on DCs with Windows 2003 SP2 (no R2 in my environment) and ADWS works great. You only need one DC running ADWS in each domain.<br />
<br />
Next install the RSAT tools in Windows 7. Installation and instructions are <a href="http://www.microsoft.com/downloads/details.aspx?FamilyID=7D2F6AD7-656B-4313-A005-4E344E43997D&displaylang=en"><u>here</u></a>. After installing the RSAT tools you need to enable the AD features.<br />
<br />
If you have prepared your environment according to the instructions, then, after starting PowerShell enter the command <i>import-module activedirectory</i>. <br />
<br />
enter <i>get-help *-ad*</i> or <i>get-command -Module ActiveDirectory</i> to see all of the AD functionality that the ActiveDirectory module gives.<br />
<br />
<i>Sorry Windows XP users or Windows 2003 server users. The ActiveDirectory module is not (as of yet) available for those systems. I saw a number of forums with complaints about that but with no response so not sure if MS will ever make the module available for those systems.</i><br />
<br />
Have fun.Cameron Ovehttp://www.blogger.com/profile/07332062383899059988noreply@blogger.com0tag:blogger.com,1999:blog-7626999270234232842.post-25087206314831123662009-12-30T11:37:00.000-08:002010-01-15T15:08:23.351-08:00WPK--Tough to learn but very rewarding.<span style="font-size: small;">Well I've been trying to figure out how to build an app with WPK (Windodws Presentation Framework PowerShell Kit). James Brundage has some really nice videos you can check out <a href="http://code.msdn.microsoft.com/PowerShellPack/Wiki/View.aspx?title=Videos&referringTitle=Home">here</a>. The main site for WPK is <a href="http://code.msdn.microsoft.com/PowerShellPack">here</a> (which is really the home site for the PowerShellPack). WPK is just one module that comes in the PowerShellPack.</span><br />
<span style="font-size: small;"><br />
The reason I say "Tough to learn..." is due to the general lack of good documentation. For example if I get-help new-textbox I get all of the different parameters all jumbled up together. If I use the -full switch on get-help it displays all of the parameters individually, but there is no explanation on how to use the parameters or what kind of data to feed the parameters (the jumbled parameters in some cases show what type of data the parameter is looking for). So within PowerShell's help system (outside of finding parameters) it becomes difficult figuring out how to use the parameters. For example one parameter on almost all WPK new-* cmdlets is the -DataBinding parameter, but there is nothing within PowerShell that explains how to use that parameter. If you look online, the data you feed that parameter is very complex. So then you go to the WPF MS site and try to interpret C# into PowerShell because none of the examples on the WPF site show how to use PowerShell cmdlets. For me it turned into a guess fest.</span><br />
<span style="font-size: small;"> </span><br />
<span style="font-size: small;">So, yes, tough to learn. However, after ton's of digging today, I found very rewarding what I can actually do with WPK once you know how it works. It'll be nice to see some good documentation in one place in the future. If someone is aware of a such a place please let me know.</span><br />
<span style="font-size: small;"><br />
Anyway, I started playing around with it today and had problems referencing other objects inside the main window. For example if I wanted to change the content of a label with the text from a TextBox, I was finding it difficult to do. I found a bunch of information on -DataBinding (which I have to say was at a minimum confusing). Again, there is so little documentation on WPF as it relates to PowerShell cmdlets. I spent hours trying to make the text on one TextBox equal to the text in another Textbox. Well it ends up that the best place to find answers are the examples that get installed when you install the PowerShellPack. I found the examples on my %systemdirve%\Users\%username%\My Documents\WindowsPowerShell\Modules\WPK\Examples.<br />
<br />
Here is a quick script that sort of emulates a chat window.</span><span style="font-size: small;"><span id="ctl00_Content_UserNameHeaderLabel"><br />
</span></span><br />
<div id="codeSnippetWrapper" style="border: 1px solid silver; margin: 20px 0px 10px; padding: 4px; overflow: auto; text-align: left; line-height: 12pt; background-color: #f4f4f4; width: 97.5%; font-family: 'Courier New',courier,monospace; direction: ltr; max-height: 200px; font-size: 10pt; cursor: text;"><div id="codeSnippet" style="border-style: none; padding: 0px; overflow: visible; text-align: left; line-height: 12pt; background-color: #f4f4f4; width: 100%; font-family: 'Courier New',courier,monospace; direction: ltr; color: black; font-size: 10pt;"><pre class="PowerShellColorizedScript"><span style="color: blue;">New-Grid</span> <span style="color: navy;">-Name</span> <span style="color: blueviolet;">gGrid1</span> <span style="color: navy;">-Background</span> <span style="color: blueviolet;">blue</span> <span style="color: navy;">-Rows</span> <span style="color: purple;">2</span> <span style="color: navy;">-Columns</span> <span style="color: darkred;">"auto"</span><span style="color: darkgrey;">,</span><span style="color: darkred;">"1*"</span> <span style="color: navy;">-On_Loaded</span> <span style="color: black;">{</span>
<span style="color: orangered;">$script:AccData</span> <span style="color: darkgrey;">=</span> <span style="color: orangered;">$window</span> <span style="color: darkgrey;">|</span> <span style="color: blue;">Get-ChildControl</span> <span style="color: blueviolet;">AccData</span>
<span style="color: orangered;">$script:Data</span> <span style="color: darkgrey;">=</span> <span style="color: orangered;">$window</span> <span style="color: darkgrey;">|</span> <span style="color: blue;">Get-ChildControl</span> <span style="color: blueviolet;">Data</span>
<span style="color: orangered;">$AccData</span><span style="color: darkgrey;">.</span><span style="color: black;">background</span> <span style="color: darkgrey;">=</span> <span style="color: darkred;">"black"</span>
<span style="color: orangered;">$AccData</span><span style="color: darkgrey;">.</span><span style="color: black;">foreground</span> <span style="color: darkgrey;">=</span> <span style="color: darkred;">"lime"</span>
<span style="color: black;">}</span> <span style="color: navy;">-Children</span> <span style="color: black;">{</span>
<span style="color: blue;">New-Label</span> <span style="color: darkred;">"Data"</span> <span style="color: navy;">-Row</span> <span style="color: purple;">0</span> <span style="color: navy;">-Column</span> <span style="color: purple;">0</span> <span style="color: navy;">-Foreground</span> <span style="color: darkred;">"yellow"</span>
<span style="color: blue;">New-TextBox</span> <span style="color: navy;">-TextWrapping</span> <span style="color: blueviolet;">Wrap</span> <span style="color: navy;">-AcceptsReturn</span> <span style="color: navy;">-Row</span> <span style="color: purple;">0</span> <span style="color: navy;">-Column</span> <span style="color: purple;">1</span> <span style="color: navy;">-Name</span> <span style="color: blueviolet;">Data</span> <span style="color: navy;">-On_PreviewKeyUp</span> <span style="color: black;">{</span>
<span style="color: darkblue;">if</span><span style="color: black;">(</span><span style="color: orangered;">$_</span><span style="color: darkgrey;">.</span><span style="color: black;">key</span> <span style="color: darkgrey;">-eq</span> <span style="color: darkred;">"Return"</span><span style="color: black;">)</span><span style="color: black;">{</span>
<span style="color: orangered;">$AccData</span><span style="color: darkgrey;">.</span><span style="color: black;">text</span> <span style="color: darkgrey;">=</span> <span style="color: orangered;">$AccData</span><span style="color: darkgrey;">.</span><span style="color: black;">text</span> <span style="color: darkgrey;">+</span> <span style="color: orangered;">$this</span><span style="color: darkgrey;">.</span><span style="color: black;">text</span>
<span style="color: orangered;">$this</span><span style="color: darkgrey;">.</span><span style="color: black;">text</span> <span style="color: darkgrey;">=</span> <span style="color: darkred;">""</span>
<span style="color: black;">}</span>
<span style="color: black;">}</span>
<span style="color: blue;">New-Label</span> <span style="color: darkred;">"Accumulated Data"</span> <span style="color: navy;">-Row</span> <span style="color: purple;">1</span> <span style="color: navy;">-Column</span> <span style="color: purple;">0</span> <span style="color: navy;">-Foreground</span> <span style="color: darkred;">"yellow"</span>
<span style="color: blue;">New-TextBox</span> <span style="color: navy;">-IsReadOnly</span> <span style="color: navy;">-TextWrapping</span> <span style="color: blueviolet;">Wrap</span> <span style="color: navy;">-Row</span> <span style="color: purple;">1</span> <span style="color: navy;">-Column</span> <span style="color: purple;">1</span> <span style="color: navy;">-Name</span> <span style="color: blueviolet;">AccData</span>
<span style="color: black;">}</span> <span style="color: navy;">-asjob</span></pre></div></div>Of course I'm running PowerShell v2.0 RTM on Windows 7. I had to install the PowerShellPack for this to work.<br />
<br />
Have fun.Cameron Ovehttp://www.blogger.com/profile/07332062383899059988noreply@blogger.com0tag:blogger.com,1999:blog-7626999270234232842.post-889464407310282932009-12-17T20:24:00.000-08:002010-01-15T15:03:07.982-08:00Remove a user in domainA from a group in domainBI'm writing a script in Posh (that seems to be the popular acronym for PowerShell--so I'll go with it as well) that finds all of the inactive users in the domain and moves them to an OU to be disabled one month later if the manager of the user doesn't respond to the email that the script sends. I finished that part and and now I'm at the point that I disable user accounts where there was no response.<br />
<br />
The moving and disabling the users is rather straight forward in Posh. The problem I encounterd was removing the group memberships of the users (a business requirement when we disable the user account). Now removing the group memberships of groups in the same domain as the user account is also very straight forward, but what happens when you try to remove the user account from a group that is located in a sibling domain in the same forest.<br />
Well here's what happens:<br />
<br />
<div style="color: red;">Remove-ADGroupMember : Cannot find an object with identity: 'CN=Smith\, John,OU=Users,OU=location,DC=DomainA,DC=example,DC=com' under: 'DC=DomainB,DC=example,DC=com'.<br />
At line:1 char:21<br />
+ Remove-ADGroupMember <<<< -Identity $group.ObjectGUID -Members $group.member[12] -Credential $myAdminCreds.DomainB -server DomainB.example.com<br />
+ CategoryInfo : <span style="text-decoration: underline;"><b>ObjectNotFound: (CN=Smith\, Joh...,DC=example,DC=com:ADPrincipal) </b> </span> [Remove-ADGroupMember], ADIdentityNotFoundException<br />
+ FullyQualifiedErrorId : SetADGroupMember.ValidateMembersParameter,Microsoft.ActiveDirectory.Management.Commands.RemoveADGroupMember<br />
</div><br />
All in nice bright red wording.<br />
<br />
Here is a script similar to the one that generated that error:<br />
<br />
<pre><span style="color: cadetblue; font-weight: bold;">Import-Module</span><span style="color: black;"> </span><span style="color: maroon;">ActiveDirectory</span><span style="color: black;">
</span><span style="color: purple;">$adminCreds</span><span style="color: black;"> </span><span style="color: red;">=</span><span style="color: black;"> @{domainA </span><span style="color: red;">=</span><span style="color: black;"> </span><span style="color: cadetblue; font-weight: bold;">Get-Credential</span><span style="color: black;"> </span><span style="color: maroon;">"</span><span style="color: maroon;">domA\admin</span><span style="color: maroon;">"</span><span style="color: black;">;domainB </span><span style="color: red;">=</span><span style="color: black;"> </span><span style="color: cadetblue; font-weight: bold;">Get-Credential</span><span style="color: black;"> </span><span style="color: maroon;">"</span><span style="color: maroon;">domB\admin</span><span style="color: maroon;">"</span><span style="color: black;">}
</span><span style="color: purple;">$user</span><span style="color: black;"> </span><span style="color: red;">=</span><span style="color: black;"> Get-ADUser johndoe -Properties memberof -Credential </span><span style="color: purple;">$adminCreds</span><span style="color: black;">.domainA
</span><span style="color: purple;">$groups</span><span style="color: black;"> </span><span style="color: red;">=</span><span style="color: black;"> </span><span style="color: purple;">$user</span><span style="color: black;">.memberof | </span><span style="color: cadetblue; font-weight: bold;">where</span><span style="color: black;">{</span><span style="color: purple;">$_</span><span style="color: black;"> </span><span style="color: red;">-match</span><span style="color: black;"> </span><span style="color: maroon;">"</span><span style="color: maroon;">dc=domainB</span><span style="color: maroon;">"</span><span style="color: black;">}
</span><span style="color: blue;">foreach</span><span style="color: black;">(</span><span style="color: purple;">$group</span><span style="color: black;"> </span><span style="color: blue;">in</span><span style="color: black;"> </span><span style="color: purple;">$groups</span><span style="color: black;">){
Remove-ADGroupMember -Identity </span><span style="color: purple;">$group</span><span style="color: black;"> -Members </span><span style="color: purple;">$user</span><span style="color: black;">.distinguishedName -Server domainB.example.com -Credential </span><span style="color: purple;">$adminCreds</span><span style="color: black;">.domainB
}
</span></pre><br />
Had I chosen groups from domainA, the script would have run without error.<br />
<br />
So I posted my problem on every forum I could find including 'The Official Scripting Guys Forum!' as well on #powershell irc chat on freenode.net. To date no one has responded. So I delved into a work-a-round.<br />
<br />
At first I tried straight up ADSI:<br />
<br />
<pre><span style="color: purple;">$group</span><span style="color: black;"> </span><span style="color: red;">=</span><span style="color: black;"> [</span><span style="color: teal;">adsi</span><span style="color: black;">]</span><span style="color: maroon;">"</span><span style="color: maroon;">LDAP://$($group.distinguishedName)</span><span style="color: maroon;">"</span><span style="color: black;">
</span><span style="color: purple;">$group</span><span style="color: black;">.putEx(</span><span style="color: black;">4</span><span style="color: black;">,</span><span style="color: maroon;">"</span><span style="color: maroon;">member</span><span style="color: maroon;">"</span><span style="color: black;">,@(</span><span style="color: purple;">$user</span><span style="color: black;">.distinguishedName))
</span><span style="color: purple;">$group</span><span style="color: black;">.setinfo()</span></pre><br />
However, because my account is not an administrator in the sibling domain I got an access denied error. I did a bunch of research again and low-and-behold the best I got was that there is no specific way to provide credentials to a foreign domain with [adsi] (albeit a sibling domain in the same forest). I even mapped a drive to the domain controller in domainB using my admin credentials in that domain--nadda!<br />
<br />
So after a ton of unfruitful research I developed my own work-around. If one of you Posh gurus wants to post an easier way I'd be delighted. I use WinRM 2.0 to accomplish this (I read a ton of help pages):<br />
<br />
<div id="codeSnippetWrapper" style="border: 1px solid silver; margin: 20px 0px 10px; padding: 4px; overflow: auto; text-align: left; line-height: 12pt; background-color: #f4f4f4; width: 97.5%; font-family: 'Courier New',courier,monospace; direction: ltr; max-height: 500px; font-size: 10pt; cursor: text;"><br />
<div id="codeSnippet" style="border-style: none; padding: 0px; overflow: visible; text-align: left; line-height: 12pt; background-color: #f4f4f4; width: 100%; font-family: 'Courier New',courier,monospace; direction: ltr; color: black; font-size: 10pt;"><pre><!--
Code highlighting produced by Actipro SyntaxEditor
http://www.ActiproSoftware.com/Products/DotNet/
--><span style="color: #5F9EA0; font-weight: bold;">Import-Module</span><span style="color: #000000;"> </span><span style="color: #800000;">ActiveDirectory</span><span style="color: #000000;">
</span><span style="color: #800080;">$adminCreds</span><span style="color: #000000;"> </span><span style="color: #FF0000;">=</span><span style="color: #000000;"> @{domainA </span><span style="color: #FF0000;">=</span><span style="color: #000000;"> </span><span style="color: #5F9EA0; font-weight: bold;">Get-Credential</span><span style="color: #000000;"> </span><span style="color: #800000;">"</span><span style="color: #800000;">domA\admin</span><span style="color: #800000;">"</span><span style="color: #000000;">;domainB </span><span style="color: #FF0000;">=</span><span style="color: #000000;"> </span><span style="color: #5F9EA0; font-weight: bold;">Get-Credential</span><span style="color: #000000;"> </span><span style="color: #800000;">"</span><span style="color: #800000;">domB\admin</span><span style="color: #800000;">"</span><span style="color: #000000;">}
</span><span style="color: #008000;">#</span><span style="color: #008000;">Get the user object</span><span style="color: #008000;">
</span><span style="color: #800080;">$user</span><span style="color: #000000;"> </span><span style="color: #FF0000;">=</span><span style="color: #000000;"> Get-ADUser johndoe -Properties memberof -Credential </span><span style="color: #800080;">$adminCreds</span><span style="color: #000000;">.domainA
</span><span style="color: #008000;">#</span><span style="color: #008000;">Find groups with distinguishedNames that are in domainB</span><span style="color: #008000;">
</span><span style="color: #800080;">$groups</span><span style="color: #000000;"> </span><span style="color: #FF0000;">=</span><span style="color: #000000;"> </span><span style="color: #800080;">$user</span><span style="color: #000000;">.memberof | </span><span style="color: #5F9EA0; font-weight: bold;">where</span><span style="color: #000000;">{</span><span style="color: #800080;">$_</span><span style="color: #000000;"> </span><span style="color: #FF0000;">-match</span><span style="color: #000000;"> </span><span style="color: #800000;">"</span><span style="color: #800000;">dc=domainB</span><span style="color: #800000;">"</span><span style="color: #000000;">}
</span><span style="color: #008000;">#</span><span style="color: #008000;">Create a remote session on domainB's domain controller</span><span style="color: #008000;">
</span><span style="color: #800080;">$s</span><span style="color: #000000;"> </span><span style="color: #FF0000;">=</span><span style="color: #000000;"> </span><span style="color: #5F9EA0; font-weight: bold;">New-PSSession</span><span style="color: #000000;"> </span><span style="color: #5F9EA0; font-style: italic;">-ComputerName</span><span style="color: #000000;"> </span><span style="color: #800000;">domb-dc1</span><span style="color: #000000;"> </span><span style="color: #5F9EA0; font-style: italic;">-Credential</span><span style="color: #000000;"> </span><span style="color: #800080;">$adminCreds</span><span style="color: #000000;">.domainB
</span><span style="color: #008000;"><#</span><span style="color: #008000;">Unfortunately you can't just reference variables in your local ps session while in the remote session so some setup
work is needed. Cycling through the collection of group DNs you first create a hash table (I love hash tables) with
the parameters you will need to work with in the remote session.</span><span style="color: #008000;">#></span><span style="color: #000000;">
</span><span style="color: #0000FF;">foreach</span><span style="color: #000000;">(</span><span style="color: #800080;">$group</span><span style="color: #000000;"> </span><span style="color: #0000FF;">in</span><span style="color: #000000;"> </span><span style="color: #800080;">$groups</span><span style="color: #000000;">){
</span><span style="color: #800080;">$LHparams</span><span style="color: #000000;"> </span><span style="color: #FF0000;">=</span><span style="color: #000000;"> @{userDN </span><span style="color: #FF0000;">=</span><span style="color: #000000;"> </span><span style="color: #800080;">$user</span><span style="color: #000000;">.distinguishedName;groupDN </span><span style="color: #FF0000;">=</span><span style="color: #000000;"> </span><span style="color: #800080;">$group</span><span style="color: #000000;">} </span><span style="color: #008000;">#</span><span style="color: #008000;">Local Host parameters.</span><span style="color: #008000;">
</span><span style="color: #000000;"> </span><span style="color: #008000;"><#</span><span style="color: #008000;">We need to send those parameters to the remote session. The variable '$multivars' is an arbitrary name.
You can use what ever you makes sense in that spot. 'RHparams' Remote Host parameters will be set in the remote pssession.
$multivars becomes $LHparams and can be used to set a variable on the remote host.
You can send multiple arguments and must have multiple parameters (param($a, $b))to hold those arguments.
So this would work:</span><span style="color: #008000;">#></span><span style="color: #000000;">
</span><span style="color: #5F9EA0; font-weight: bold;">Invoke-Command</span><span style="color: #000000;"> </span><span style="color: #5F9EA0; font-style: italic;">-Session</span><span style="color: #000000;"> </span><span style="color: #800080;">$s</span><span style="color: #000000;"> </span><span style="color: #5F9EA0; font-style: italic;">-ScriptBlock</span><span style="color: #000000;"> {</span><span style="color: #0000FF;">param</span><span style="color: #000000;">(</span><span style="color: #800080;">$rhuserDN</span><span style="color: #000000;">, </span><span style="color: #800080;">$rhgroupDN</span><span style="color: #000000;">) </span><span style="color: #800080;">$userDN</span><span style="color: #000000;"> </span><span style="color: #FF0000;">=</span><span style="color: #000000;"> </span><span style="color: #800080;">$rhuserDN</span><span style="color: #000000;">;</span><span style="color: #800080;">$groupDN</span><span style="color: #000000;"> </span><span style="color: #FF0000;">=</span><span style="color: #000000;"> </span><span style="color: #800080;">$rhgroupDN</span><span style="color: #000000;">}`
-ArgumentList </span><span style="color: #800080;">$user</span><span style="color: #000000;">.distinguishedName,</span><span style="color: #800080;">$group</span><span style="color: #000000;">
</span><span style="color: #008000;">#</span><span style="color: #008000;">However, I like hash tables better-well actually I love hash tables (best thing since sliced bread). so:</span><span style="color: #008000;">
</span><span style="color: #000000;">
</span><span style="color: #5F9EA0; font-weight: bold;">Invoke-Command</span><span style="color: #000000;"> </span><span style="color: #5F9EA0; font-style: italic;">-Session</span><span style="color: #000000;"> </span><span style="color: #800080;">$s</span><span style="color: #000000;"> </span><span style="color: #5F9EA0; font-style: italic;">-ScriptBlock</span><span style="color: #000000;"> {</span><span style="color: #0000FF;">param</span><span style="color: #000000;">(</span><span style="color: #800080;">$multivars</span><span style="color: #000000;">) </span><span style="color: #800080;">$RHparams</span><span style="color: #000000;"> </span><span style="color: #FF0000;">=</span><span style="color: #000000;"> </span><span style="color: #800080;">$multivars</span><span style="color: #000000;">} -ArgumentList </span><span style="color: #800080;">$LHparams</span><span style="color: #000000;">
</span><span style="color: #008000;"><#</span><span style="color: #008000;">Now you may be tempted to enter the session in your script--but don't. My previous post had the script doing that but it
doesn't work. The commands issued in the script after entering a PSSession don't do anything. So do this
(check example 5 of Help invoke-command -examples): </span><span style="color: #008000;">#></span><span style="color: #000000;">
</span><span style="color: #800080;">$command</span><span style="color: #000000;"> </span><span style="color: #FF0000;">=</span><span style="color: #000000;"> {
</span><span style="color: #800080;">$group</span><span style="color: #000000;"> </span><span style="color: #FF0000;">=</span><span style="color: #000000;"> [</span><span style="color: #008080;">adsi</span><span style="color: #000000;">]</span><span style="color: #800000;">"</span><span style="color: #800000;">LDAP://$($RHparams.groupDN)</span><span style="color: #800000;">"</span><span style="color: #000000;">
</span><span style="color: #800080;">$group</span><span style="color: #000000;">.putEx(</span><span style="color: #000000;">4</span><span style="color: #000000;">,</span><span style="color: #800000;">"</span><span style="color: #800000;">member</span><span style="color: #800000;">"</span><span style="color: #000000;">,@(</span><span style="color: #800080;">$RHparams</span><span style="color: #000000;">.userDN))
</span><span style="color: #800080;">$group</span><span style="color: #000000;">.setinfo()
}
</span><span style="color: #008000;"><#</span><span style="color: #008000;">Note that when using the hash table in the remote session the porperties ARE case sensitive.
GroupDN gets you nothing groupDN has the data.</span><span style="color: #008000;">#></span><span style="color: #000000;">
</span><span style="color: #008000;"><#</span><span style="color: #008000;">Of course we want as few commands as possible so let's not run the invoke-command twice
instead let's do this: </span><span style="color: #008000;">#></span><span style="color: #000000;">
</span><span style="color: #800080;">$LHparams</span><span style="color: #000000;"> </span><span style="color: #FF0000;">=</span><span style="color: #000000;"> @{userDN </span><span style="color: #FF0000;">=</span><span style="color: #000000;"> </span><span style="color: #800080;">$user</span><span style="color: #000000;">.distinguishedName;groupDN </span><span style="color: #FF0000;">=</span><span style="color: #000000;"> </span><span style="color: #800080;">$group</span><span style="color: #000000;">}
</span><span style="color: #800080;">$command</span><span style="color: #000000;"> </span><span style="color: #FF0000;">=</span><span style="color: #000000;"> {
</span><span style="color: #0000FF;">param</span><span style="color: #000000;">(</span><span style="color: #800080;">$multivars</span><span style="color: #000000;">)
</span><span style="color: #800080;">$RHparams</span><span style="color: #000000;"> </span><span style="color: #FF0000;">=</span><span style="color: #000000;"> </span><span style="color: #800080;">$multivars</span><span style="color: #000000;">
</span><span style="color: #800080;">$group</span><span style="color: #000000;"> </span><span style="color: #FF0000;">=</span><span style="color: #000000;"> [</span><span style="color: #008080;">adsi</span><span style="color: #000000;">]</span><span style="color: #800000;">"</span><span style="color: #800000;">LDAP://$($RHparams.groupDN)</span><span style="color: #800000;">"</span><span style="color: #000000;">
</span><span style="color: #800080;">$group</span><span style="color: #000000;">.putEx(</span><span style="color: #000000;">4</span><span style="color: #000000;">,</span><span style="color: #800000;">"</span><span style="color: #800000;">member</span><span style="color: #800000;">"</span><span style="color: #000000;">,@(</span><span style="color: #800080;">$RHparams</span><span style="color: #000000;">.userDN))
</span><span style="color: #800080;">$group</span><span style="color: #000000;">.setinfo()
}
</span><span style="color: #008000;">#</span><span style="color: #008000;">Now send the commands to the remote session just once.</span><span style="color: #008000;">
</span><span style="color: #000000;"> </span><span style="color: #5F9EA0; font-weight: bold;">Invoke-Command</span><span style="color: #000000;"> </span><span style="color: #5F9EA0; font-style: italic;">-Session</span><span style="color: #000000;"> </span><span style="color: #800080;">$s</span><span style="color: #000000;"> </span><span style="color: #5F9EA0; font-style: italic;">-ScriptBlock</span><span style="color: #000000;"> </span><span style="color: #800080;">$command</span><span style="color: #000000;"> </span><span style="color: #5F9EA0; font-style: italic;">-ArgumentList</span><span style="color: #000000;"> </span><span style="color: #800080;">$LHparams</span><span style="color: #000000;">
}
</span><span style="color: #800000;">"</span><span style="color: #800000;">***The script looks like this without all the extraneous comments***</span><span style="color: #800000;">"</span><span style="color: #000000;">
</span><span style="color: #008000;">#</span><span style="color: #008000;">Provided for easier reading of the code.</span><span style="color: #008000;">
</span><span style="color: #000000;">
</span><span style="color: #5F9EA0; font-weight: bold;">Import-Module</span><span style="color: #000000;"> </span><span style="color: #800000;">ActiveDirectory</span><span style="color: #000000;">
</span><span style="color: #800080;">$adminCreds</span><span style="color: #000000;"> </span><span style="color: #FF0000;">=</span><span style="color: #000000;"> @{domainA </span><span style="color: #FF0000;">=</span><span style="color: #000000;"> </span><span style="color: #5F9EA0; font-weight: bold;">Get-Credential</span><span style="color: #000000;"> </span><span style="color: #800000;">"</span><span style="color: #800000;">domA\admin</span><span style="color: #800000;">"</span><span style="color: #000000;">;domainB </span><span style="color: #FF0000;">=</span><span style="color: #000000;"> </span><span style="color: #5F9EA0; font-weight: bold;">Get-Credential</span><span style="color: #000000;"> </span><span style="color: #800000;">"</span><span style="color: #800000;">domB\admin</span><span style="color: #800000;">"</span><span style="color: #000000;">} </span><span style="color: #008000;">#</span><span style="color: #008000;">Hash table woohoo!!!</span><span style="color: #008000;">
</span><span style="color: #000000;">
</span><span style="color: #800080;">$user</span><span style="color: #000000;"> </span><span style="color: #FF0000;">=</span><span style="color: #000000;"> Get-ADUser johndoe -Properties memberof -Credential </span><span style="color: #800080;">$adminCreds</span><span style="color: #000000;">.domainA
</span><span style="color: #800080;">$groups</span><span style="color: #000000;"> </span><span style="color: #FF0000;">=</span><span style="color: #000000;"> </span><span style="color: #800080;">$user</span><span style="color: #000000;">.memberof | </span><span style="color: #5F9EA0; font-weight: bold;">where</span><span style="color: #000000;">{</span><span style="color: #800080;">$_</span><span style="color: #000000;"> </span><span style="color: #FF0000;">-match</span><span style="color: #000000;"> </span><span style="color: #800000;">"</span><span style="color: #800000;">dc=domainB</span><span style="color: #800000;">"</span><span style="color: #000000;">}
</span><span style="color: #800080;">$s</span><span style="color: #000000;"> </span><span style="color: #FF0000;">=</span><span style="color: #000000;"> </span><span style="color: #5F9EA0; font-weight: bold;">New-PSSession</span><span style="color: #000000;"> </span><span style="color: #5F9EA0; font-style: italic;">-ComputerName</span><span style="color: #000000;"> </span><span style="color: #800000;">domB-dc1</span><span style="color: #000000;"> </span><span style="color: #5F9EA0; font-style: italic;">-Credential</span><span style="color: #000000;"> </span><span style="color: #800080;">$adminCreds</span><span style="color: #000000;">.domainB
</span><span style="color: #0000FF;">foreach</span><span style="color: #000000;">(</span><span style="color: #800080;">$group</span><span style="color: #000000;"> </span><span style="color: #0000FF;">in</span><span style="color: #000000;"> </span><span style="color: #800080;">$groups</span><span style="color: #000000;">){
</span><span style="color: #800080;">$LHparams</span><span style="color: #000000;"> </span><span style="color: #FF0000;">=</span><span style="color: #000000;"> @{userDN </span><span style="color: #FF0000;">=</span><span style="color: #000000;"> </span><span style="color: #800080;">$user</span><span style="color: #000000;">.distinguishedName;groupDN </span><span style="color: #FF0000;">=</span><span style="color: #000000;"> </span><span style="color: #800080;">$group</span><span style="color: #000000;">} </span><span style="color: #008000;">#</span><span style="color: #008000;">another hash table woohoo woohoo!!!</span><span style="color: #008000;">
</span><span style="color: #000000;"> </span><span style="color: #800080;">$command</span><span style="color: #000000;"> </span><span style="color: #FF0000;">=</span><span style="color: #000000;"> {
</span><span style="color: #0000FF;">param</span><span style="color: #000000;">(</span><span style="color: #800080;">$multivars</span><span style="color: #000000;">)
</span><span style="color: #800080;">$RHparams</span><span style="color: #000000;"> </span><span style="color: #FF0000;">=</span><span style="color: #000000;"> </span><span style="color: #800080;">$multivars</span><span style="color: #000000;">
</span><span style="color: #800080;">$group</span><span style="color: #000000;"> </span><span style="color: #FF0000;">=</span><span style="color: #000000;"> [</span><span style="color: #008080;">adsi</span><span style="color: #000000;">]</span><span style="color: #800000;">"</span><span style="color: #800000;">LDAP://$($RHparams.groupDN)</span><span style="color: #800000;">"</span><span style="color: #000000;">
</span><span style="color: #800080;">$group</span><span style="color: #000000;">.putEx(</span><span style="color: #000000;">4</span><span style="color: #000000;">,</span><span style="color: #800000;">"</span><span style="color: #800000;">member</span><span style="color: #800000;">"</span><span style="color: #000000;">,@(</span><span style="color: #800080;">$RHparams</span><span style="color: #000000;">.userDN))
</span><span style="color: #800080;">$group</span><span style="color: #000000;">.setinfo()
}
</span><span style="color: #5F9EA0; font-weight: bold;">Invoke-Command</span><span style="color: #000000;"> </span><span style="color: #5F9EA0; font-style: italic;">-Session</span><span style="color: #000000;"> </span><span style="color: #800080;">$s</span><span style="color: #000000;"> </span><span style="color: #5F9EA0; font-style: italic;">-ScriptBlock</span><span style="color: #000000;"> </span><span style="color: #800080;">$command</span><span style="color: #000000;"> </span><span style="color: #5F9EA0; font-style: italic;">-ArgumentList</span><span style="color: #000000;"> </span><span style="color: #800080;">$LHparams</span><span style="color: #000000;">
}
</span></pre></div></div>Cameron Ovehttp://www.blogger.com/profile/07332062383899059988noreply@blogger.com3tag:blogger.com,1999:blog-7626999270234232842.post-61528467133250916552009-12-15T15:03:00.000-08:002009-12-15T15:10:38.943-08:00LastLogonTimeStampHey VBScripters,<br />
<br />
Do you like working with LastLogonTimeStamp (remember this):<br />
<br />
<br />
<pre><code><span style="font: 10pt Courier New;"><span class="vbscript1-reservedword">Set</span><span class="vbscript1-space"> </span><span class="vbscript1-identifier">oUser</span><span class="vbscript1-space"> </span><span class="vbscript1-symbol">=</span><span class="vbscript1-space"> </span><span class="vbscript1-systemfunctionsandvariables">GetObject</span><span class="vbscript1-symbol">(</span><span class="vbscript1-string">"LDAP://"</span><span class="vbscript1-space"> </span><span class="vbscript1-symbol">&</span><span class="vbscript1-space"> </span><span class="vbscript1-identifier">sUserDN)
</span><span class="vbscript1-reservedword">Set</span><span class="vbscript1-space"> </span><span class="vbscript1-identifier">oLastLTS</span><span class="vbscript1-space"> </span><span class="vbscript1-symbol">=</span><span class="vbscript1-space"> </span><span class="vbscript1-identifier">oUser.</span><span class="vbscript1-reservedword">Get</span><span class="vbscript1-symbol">(</span><span class="vbscript1-string">"lastlogontimestamp"</span><span class="vbscript1-symbol">)
iLastLogon</span><span class="vbscript1-space"> </span><span class="vbscript1-symbol">=</span><span class="vbscript1-space"> </span><span class="vbscript1-identifier">oLastLTS.HighPart</span><span class="vbscript1-space"> </span><span class="vbscript1-symbol">*</span><span class="vbscript1-space"> </span><span class="vbscript1-symbol">(</span><span class="vbscript1-number">2</span><span class="vbscript1-symbol">^</span><span class="vbscript1-number">32</span><span class="vbscript1-symbol">)</span><span class="vbscript1-space"> </span><span class="vbscript1-symbol">+</span><span class="vbscript1-space"> </span><span class="vbscript1-identifier">oLastLTS.LowPart
iLastLogon</span><span class="vbscript1-space"> </span><span class="vbscript1-symbol">=</span><span class="vbscript1-space"> </span><span class="vbscript1-identifier">iLastLogon</span><span class="vbscript1-space"> </span><span class="vbscript1-symbol">/</span><span class="vbscript1-space"> </span><span class="vbscript1-symbol">(</span><span class="vbscript1-number">60</span><span class="vbscript1-space"> </span><span class="vbscript1-symbol">*</span><span class="vbscript1-space"> </span><span class="vbscript1-number">10000000</span><span class="vbscript1-symbol">)
iLastLogon</span><span class="vbscript1-space"> </span><span class="vbscript1-symbol">=</span><span class="vbscript1-space"> </span><span class="vbscript1-identifier">iLastLogon</span><span class="vbscript1-space"> </span><span class="vbscript1-symbol">/</span><span class="vbscript1-space"> </span><span class="vbscript1-number">1440
</span><span class="vbscript1-identifier">dLastLogon</span><span class="vbscript1-space"> </span><span class="vbscript1-symbol">=</span><span class="vbscript1-space"> </span><span class="vbscript1-identifier">iLastLogon</span><span class="vbscript1-space"> </span><span class="vbscript1-symbol">+</span><span class="vbscript1-space"> </span><span class="vbscript1-string">#1/1/1601#
</span></span>
</code></pre><br />
Here is how this works in Powershell v2 RTM using the ActiveDirectory module:<br />
<br />
<pre><span style="color: purple;">$ADUser</span><span style="color: black;"> </span><span style="color: red;">=</span><span style="color: black;"> Get-ADUser johndoe -Properties lastlogontimestamp
</span><span style="color: blue;">if</span><span style="color: black;"> (</span><span style="color: purple;">$ADUser</span><span style="color: black;">.lastlogontimestamp </span><span style="color: red;">-ne</span><span style="color: black;"> </span><span style="color: purple;">$null</span><span style="color: black;">){
</span><span style="color: purple;">$lastlogon</span><span style="color: black;"> </span><span style="color: red;">=</span><span style="color: black;"> </span><span style="color: cadetblue; font-weight: bold;">Get-Date</span><span style="color: black;"> </span><span style="color: cadetblue; font-style: italic;">-Date</span><span style="color: black;"> ([</span><span style="color: teal;">DateTime</span><span style="color: black;">]::</span><span style="color: saddlebrown;">FromFileTime</span><span style="color: black;">([</span><span style="color: teal;">Int64</span><span style="color: black;">]::</span><span style="color: saddlebrown;">Parse</span><span style="color: black;">(</span><span style="color: purple;">$ADUser</span><span style="color: black;">.lastlogontimestamp))) </span><span style="color: cadetblue; font-style: italic;">-Format</span><span style="color: black;"> MM/dd/yyyy
} </span><span style="color: blue;">else</span><span style="color: black;"> {
</span><span style="color: purple;">$lastlogon</span><span style="color: black;"> </span><span style="color: red;">=</span><span style="color: black;"> </span><span style="color: cadetblue; font-weight: bold;">Get-Date</span><span style="color: black;"> </span><span style="color: cadetblue; font-style: italic;">-Date</span><span style="color: black;"> </span><span style="color: purple;">$ADUser</span><span style="color: black;">.created </span><span style="color: cadetblue; font-style: italic;">-Format</span><span style="color: black;"> MM/dd/yyyy
}</span></pre><br />
I think that is just so elegant. If I hadn't added the checks and the formatting (like I didn't do in the VB script) this would have only taken two lines. Cool huh?<br />
<br />
Have fun,<br />
Cameron out.Cameron Ovehttp://www.blogger.com/profile/07332062383899059988noreply@blogger.com2tag:blogger.com,1999:blog-7626999270234232842.post-34095619569352081982009-12-15T10:56:00.000-08:002010-01-15T14:50:29.471-08:00Get Latest File functionOur HR department dumps an employee file that contains the latest listing of employees in the company to the same folder each week. The file contains their employee ID, their Manager, and their manager's employee ID. The following function allows me to get the lastest file from any folder in the last x number of days. <br />
<div id="codeSnippet" style="border-style: none; padding: 0px; overflow: visible; text-align: left; line-height: 12pt; background-color: #f4f4f4; width: 100%; font-family: 'Courier New',courier,monospace; direction: ltr; color: black; font-size: 10pt;"><pre><span style="color: blue;">function</span><span style="color: black;"> </span><span style="color: cadetblue;">Get-LatestFile</span><span style="color: black;">([</span><span style="color: teal;">string</span><span style="color: black;">]</span><span style="color: purple;">$FilePath</span><span style="color: black;">, [</span><span style="color: teal;">int</span><span style="color: black;">]</span><span style="color: purple;">$NumDaysAgo</span><span style="color: black;">){
</span><span style="color: purple;">$DateToCompare</span><span style="color: black;"> </span><span style="color: red;">=</span><span style="color: black;"> (</span><span style="color: cadetblue; font-weight: bold;">Get-date</span><span style="color: black;">).AddDays(</span><span style="color: red;">-</span><span style="color: purple;">$NumDaysAgo</span><span style="color: black;">)
</span><span style="color: blue;">return</span><span style="color: black;"> </span><span style="color: cadetblue; font-weight: bold;">get-childitem</span><span style="color: black;"> </span><span style="color: purple;">$FilePath</span><span style="color: black;"> | </span><span style="color: cadetblue; font-weight: bold;">where-object</span><span style="color: black;"> {</span><span style="color: purple;">$_</span><span style="color: black;">.lastwritetime –gt </span><span style="color: purple;">$DateToCompare</span><span style="color: black;">}</span></pre><pre><span style="color: black;">}</span>
</pre></div>Use the function as follows:<br />
<br />
<pre><span style="color: purple;">$LatestFile</span><span style="color: black;"> </span><span style="color: red;">=</span><span style="color: black;"> </span><span style="color: cadetblue;">Get-LatestFile</span><span style="color: black;"> </span><span style="color: maroon;">"</span><span style="color: maroon;">\\server\share\</span><span style="color: maroon;">"</span><span style="color: black;"> </span><span style="color: black;">7</span>
</pre><br />
So basically you supply the folder location and the time frame. The above command will look for the latest file in the past seven (7) days in the location specified.Cameron Ovehttp://www.blogger.com/profile/07332062383899059988noreply@blogger.com0tag:blogger.com,1999:blog-7626999270234232842.post-35422958683138141552009-12-15T07:01:00.000-08:002009-12-17T22:50:12.701-08:00PowerShell BloggingWell there are a number of really good resources out there for PowerShell and I've been using them frequently. However, I've noticed that not a lot of people are using PowerShell v2 RTM that comes with Windows 7 to manage Active Directory. I'm hoping this can become a place where AD and PowerShell V2 can come together to help administrators take advantage of some of the exciting technologies that are available. I'm new to blogging and I'm a 'newbie' with PowerShell. I've spent the last decade VBScripting all over the place now I'm really focused on learning and taking advantage of all the power PowerShell has to offer.<br />
<br />
I have to say to all you VBScripters. PowerShell is really a superior scripting platform. I didn't believe it at first but over the past few weeks I'm convinced that I took way too long to come on over to the PowerShell side of scripting. <br />
<br />
My problems with PS were:<br />
<ol><li>I don't like curly brackets {}.</li>
<li>I didn't like putting $ in front of my variables.</li>
<li>I really thought I had to pipe everything. Actually, you don't have to pipe anything if (like me) you don't find that sort of thing intuitive. You can write straight script just like you would in VBScript.</li>
<li>Almost forgot--I really didn't like that comparison operators like = < > were replaced with -eq -lt -gt. <br />
</li>
</ol>Those things may seem silly to some, but an honest evaluation of my reasoning produced that list as to why I refused to switch to Posh sooner. Now that I've been using it for about three weeks I'm hooked. It really is a superior scripting language. I find myself being able to do all of the things I did in VB plus more and in a more elegant way. I'm glad I switched.<br />
<br />
If like me you have problems with the syntax, I can tell you that if you just start using PowerShell you will get used to the syntax fairly quickly. Now curly brackets don't bother me one bit and I'm already used to the $ variables. So trust me, start using PowerShell, you'll love it.<br />
<br />
I figure with this blog I'll post some of my projects and share what I learn as I learn it. Hopefully, it'll be useful to someone out there.<br />
<br />
Happy scripting...<br />
<br />
Cameron Out.Cameron Ovehttp://www.blogger.com/profile/07332062383899059988noreply@blogger.com0