Monday, December 8, 2014

Power CLI script to take snapshots from a list of VMs.

The text file needs to contain a list of VMs 1 per row.


This script will perform several functions. First it will shut the vm down, second it verifies the vms are shut down ( user intervention ), third it will snapshot each vm in order and finally will power each vm back on. This is the safest way I have been able to find to do snapshots. 

#Connecting to VI-Server

Connect-Viserver -Server vCenterServer


$VMs = get-content "C:\Lists\vms.txt"

$Today = (Get-Date).ToString(“MM-d-yy”)

$SnapshotName = "$Today - Snapshot"


#This Function Shutsdown the VM's in the $VMs List

Function Shutdown{

foreach ($VM in $VMs){

get-vm -Name $VM | Shutdown-VMGuest -confirm:$false

Write-Host "Shutting $VM down."


Write-Host "Waiting 2 minutes for VM's to shutdown"

Sleep 120


#This Function Lists Power State of all the VMs then Verifies with the User that all VMs are shutdown

Function ShutdownVerify{

Write-Host "Verifying all VM's in $VMs are Powered Off."

foreach ($VM in $VMs){

$pwr = (Get-VM $VM).PowerState

if ($pwr -eq "PoweredOn"){

Write-Host -Foregroundcolor red "$VM is $Pwr"

}elseif ($pwr -eq "PoweredOff"){

Write-Host -Foregroundcolor green "$VM is $Pwr"



$u = Read-Host = "Any VMs Still Powered on? [Yes] or [No] (Case Sensitive)"

if ($u -match "No"){

Write-Host "Running Snapshot Script...."

}elseif ($u -match "Yes") {

Write-Host "Waiting 2 minutes..."

Sleep 120




#This Function Snapshots each server in the $VMs list.

Function Snapshot{

ForEach ($VM in $VMs)


#Create snapshot for today

New-Snapshot -Name $SnapshotName -VM $VM

Write-host "$VM Snapped"


Sleep 5


#This Function Power's on all the VMs in the $VMs List

Function PowerOn{

foreach ($VM in $VMs){

Write-Host "Starting $VM"

Start-VM -VM $VM

Write-Host "$VM started"



#Calling each function in order





Friday, August 29, 2014

Active Directory Powershell Function - Get-UserLockout

The function below is used for looking up the Locked out status of an Active Directory User. Usage is:

Get-UserLockout username

Active Directory Powershell Module required.

function Get-UserLockout


Get-ADUser $Username -Properties * | Select Lockedout }


Friday, September 7, 2012

Script for changing AD Attribute "PasswordNotRequired" for a list of users

Vulnerability came up recently where 90% of our user accounts in Active Directory were incorrectly setup with an attribute called "PasswordNotRequired" set to true. This would enable an Administrator to set a blank password for a user. This attribute is not configurable via the GUI, so PowerShell it!
First I needed to list out all the users with this attribute set. Active directory module has the command we will need for this task.

Get-ADUser -Filter * -Properties * | Select Name, DisplayName, PasswordNotRequired
This will list all the users and their settings for that particular attribute. Now I ended up Exporting this to CSV which can be done with the Export-CSV command. After which I was able to copy out the Name section of each user with the setting True to a text file.
Now to the meat of this little script.
The first line of this code I am getting the content of the text file I created. The contents of the text file look like this:
$Users = Get-Content "C:\lists\userlist.txt"
Next is 4 lines of code that go through each user in the textfile and sets the setting "PasswordNotRequired" to "False"
Foreach ($User in $Users){
$Cmd = Get-ADUser -Identity $User
$Cmd.PasswordNotRequired = "FALSE"
Set-ADUser -Instance $Cmd}
This little 5 line script saved hours of time for my team. This is why I enjoy scripting with PowerShell.

Tuesday, August 28, 2012

PowerShell: Use WMI to get logged in users

First we have to get a list of the computers. I used the get-adcomputer cmdlet for this task.

Get-ADComputer -Filter {operatingsystem -like "*professional*"} | select -Expand Name > c:\lists\computers.txt

This command will list all computers with Professional in the name.

Then using WMI I use the list i created above to output a list of all the computers and the logged in user if there is one.

Get-WmiObject -Class Win32_Computersystem -Computer (Get-Content "c:\lists\computers.txt") | Select Name, UserName | out-gridview

I use these commands for my servers with just a quick edit to the filter in the first command. This helps me after a patch cycle to make sure there are no users logged into any of the servers.

Thats it for now.

Friday, August 24, 2012

Powershell Tip: Copying commands from Get-History

Wanted to copy a command out to the clipboard without having to edit the output, Using a new-alias and get-history I was able to accomplish this.

Found a new-alias to output to the clipboard

                new-alias Out-Clipboard $env:SystemRoot\System32\clip.exe

Using this new alias along with get-history

PS C:\Scripts> get-history

  Id CommandLine

  -- -----------

   1 get-adcomputer -filter * -properties * | where {$_.operatingsystem -lik...

   2 get-history

   3 get-adcomputer -filter *

   4 get-history

   5 cls

PS C:\Scripts>

I wanted to get just the command in line 1, so I piped out all the properties of line 1

Get-History 1 | Select *

PS C:\Scripts> Get-History 1 | Select *

Id                 : 1

CommandLine        : get-adcomputer -filter * -properties * | where {$_.operati

                     ngsystem -like "*Professional*"} | FT Name, Operatingsyste

                     m, Description

ExecutionStatus    : Stopped

StartExecutionTime : 8/23/2012 10:13:39 AM

EndExecutionTime   : 8/23/2012 10:13:55 AM

PS C:\Scripts>

Seeing that there is a property for CommandLine and it looks like it contains the whole commandline as it was run I then tested to make sure that it would show me the information I was looking for

(Get-History 1).CommandLine

PS C:\Scripts> (Get-History 1).CommandLine

get-adcomputer -filter * -properties * | where {$_.operatingsystem -like "*Prof

essional*"} | FT Name, Operatingsystem, Description

PS C:\Scripts>

Sure enough it looks like it contains what I wanted so putting this together with my New-Alias Out-Clipboard

(Get-History 1).CommandLine | Out-Clipboard

Dumps the command directly into the clipboard to be pasted into your documentation exactly as you ran it.

get-adcomputer -filter * -properties * | where {$_.operatingsystem -like "*Professional*"} | FT Name, Operatingsystem, Description

I think that's pretty cool.