Goatee PFE

Blog of Microsoft Premier Field Engineer Ashley McGlone featuring PowerShell scripts for Active Directory.

Goatee PFE

  • PowerShell DSC FAQ: Sorting Out Certificates

    Hello, everyone. This week I posted over on the PowerShell Team Blog. One of the most common questions I get regarding PowerShell Desired State Configuration is about certificates. What kind do I need? How many? Where do they go? In this blog post we...
  • Links for DevOps Columbus

    These are some helpful links for folks new to PowerShell and Desired State Configuration.

  • Forensics: Automating Active Directory Account Lockout Search with PowerShell (an example of deep XML filtering of event logs across multiple servers in parallel)

    Today we learn how to efficiently filter event log queries, going beyond simple event ID filtering into the specific values of the XML message data. Then we will run this filter against multiple servers in parallel for faster data collection.

  • Let's meet up in North Carolina Monday evening (8/10)

    This is a quick announcement that I'll be in Raleigh/Durham, North Carolina this coming Monday night, August 10th. I'll be speaking on one of my favorite topics (Active Directory PowerShell) at the Research Triangle PowerShell User Group . Find...
  • Configuring Active Directory with PowerShell DSC and the New xADRecycleBin Resource

    Today’s post is the second in a series on using PowerShell DSC with Active Directory. We will demonstrate configuring the AD Recycle Bin and domain trusts with PowerShell Desired State Configuration. As a bonus we will throw in a registry key for some special logging on the domain controller.

  • UPDATED: Copy and Merge Group Policies (GPOs) with PowerShell

    Do you have Group Policies gone wild? Did you realize too late that it might not be such a good idea to delegate GPO creation to half the IT department? Have you wanted to combine multiple policies into one for simplicity? This blog post is for you.

  • 17 Hours of PowerShell Desired State Configuration (DSC) Video Training

    I am excited!  Microsoft Premier customers now have access to 17 hours of real-world PowerShell Desired State Configuration (DSC) video training through the Premier Workshop Library on Demand (WLOD) subscription.  We recorded 11 modules on topics from beginner to advanced.  The training gracefully builds one concept upon another until the student is armed with all of the information they need to successfully begin using PowerShell DSC in their environment.

    We wrote this training after spending months in the field helping customers just like you get started with PowerShell DSC.  We took that experience and wrapped it into this video training for the real-world knowledge that our customers love.

  • PSHSummit: Managing PowerShell in the Enterprise Using Group Policy

    If you're like me you enjoy geeking out on all the bells and whistles of PowerShell. Leveraging that schweetness across thousands of machines is a key goal. Managing PowerShell in the enterprise is a different conversation that does not get enough visibility. So much of the PowerShell content in the community is geared towards features rather than operations. The goal of this session is to get into the nitty gritty of making PowerShell effective in your enterprise-scale environment with Group Policy. What setting are available? What are my options for managing client and server settings of PowerShell? Come find out about mass configuration of execution policy, module logging, Update-Help, WSMAN, and more. These topics sound simple on the surface, but they quickly spiral into some interesting conversations.

  • Deploy Active Directory with PowerShell DSC (a.k.a. “DSC-PROMO”)

    Today’s post is the first in a series on using PowerShell DSC with Active Directory. I don’t know how many blog posts there will be. I haven’t written them yet. What I can tell you, is that I have a load of fun scripts to share. Today we will start out with deploying a new forest using PowerShell DSC.

  • Helper Function to Create a PowerShell DSC Composite Resource

    This script automates creating a PowerShell DSC composite resource:

    • Create the folder structure
    • Create the psd1 and schema.psm1 files
    • Supply template text with the appropriate names filled in
    • Open the files for editing

    I have also included some pro tips for working with DSC composite resources.

  • Forensics: Audit Group Policy Links and Changes with PowerShell

    In a previous post I created a report of all organizational units (OUs) and sites with their linked group policy objects (GPOs). This report gives visibility to all of our group policy usage at-a-glance. Since this is one of my most popular downloads I thought it was time to give it a fresh coat of paint. Today I am releasing two significant updates:

    1. After using the script at a customer site recently I noticed that the OU list was in no particular order. Child OUs were listed randomly and not under their parent OUs. Not sure how I missed this the first time around.
    2. In continuing the forensics theme, I thought it would be swell to add some good old fashioned AD Replication Attribute Metadata for tracking the changes to these GPO links.

    I don’t know of anywhere else you can find a report like this. Enjoy!

  • Forensics: Monitor Active Directory Privileged Groups with PowerShell

    Someone just now added Jimmy to the Domain Admins group! How do I know? Because I used PowerShell to check. Let me show you how.

    Some of the best customers that I visit get email pages when high value group memberships change. Obviously this is strongly encouraged for IT shops of any size. Of course you can buy products to do this, but here on my blog we build these tools ourselves. It’s more fun and FREE with PowerShell.

  • Active Directory Week on the Hey Scripting Guy Blog and Free AD PowerShell Videos at Microsoft Virtual Academy

    Hello, everyone. Today I have a short post with some helpful links to share. If you are in the US, I hope you have a good Thanksgiving holiday week and not too much after-hours support. Spending time with family is refreshing for me at the holidays. ...
  • Microsoft Virtual Academy: Using PowerShell for Active Directory

    Welcome! Today’s post includes demo scripts and links from the Microsoft Virtual Academy event: Using PowerShell for Active Directory. We had a great time creating this for you, and I hope you will share it with anyone needing to ramp up their AD PowerShell skills.

    I built extra secret demos that you have never seen before on my blog or at any conference presentations I have given to date. I guarantee everyone from beginners to seasoned scripters will pick up new techniques in this free training.

  • See GoateePFE Live or On-Demand Talking about Active Directory PowerShell

    Whew.  This has been a busy season for speaking, blogging, and recording. I’ve spent more time on airplanes than in my office at home for the last few months. It’s all good, and I want to share it with you.

    Here are some places you can find me online, on stage, and on camera…

    • Microsoft Virtual Academy: Using PowerShell for Active Directory – October 29
    • Live 360: TechMentor Orlando 2014 – November 17-21
    • Microsoft Premier Workshop Library on Demand - PowerShell video training

    Read the full post for links and more information. Hope to see you soon.

  • DogFoodCon 2014: Reduce Server Outages Using PowerShell Desired State Configuration

    Reduce Server Outages Using PowerShell Desired State Configuration - Ever configured a server only to find someone changed it? Ever tracked an outage back to an unauthorized change? Tired of manually configuring new server builds? Come learn how PowerShell Desired State Configuration can help you save time building servers and reduce outages.

  • PowerShell Module for Active Directory SID History Now Faster

    It has been a while since I’ve released any updates to the Active Directory SID History PowerShell Module.  Today’s release leverages improvements in PowerShell v3.0 for faster and better results.

  • GPO Migration with PowerShell – Now including WMI filters

    This week I am presenting a session on GPO migration at TechMentor Redmond 2014. This is an expanded version of the session I gave at the PowerShell Summit back in April. I received feedback in April that WMI filters must be supported before this would be considered a viable solution. So I went back to my lab, integrated some code from the TechNet Script Center, and we have version 1.1 now, including WMI filter migration.

  • DNS Server and Zone Reporting with PowerShell

    While working on DNS automation for a customer recently I needed some quick scripts to inventory Active Directory-integrated DNS server and zone configurations. All too often the way we think things are configured does not match reality. Are the forwarders consistent and correct? Is scavenging enabled where you thought it was? Do the right zones have aging enabled? Are the zones stored at the domain or forest level? Today's script is an easy way to check.

  • DNS Zone Copy and Merge with PowerShell

    Have you ever wanted to roll up all of your reverse zones into a "big 10" super zone? Do you need to copy DNS zones between environments and preserve the record aging? Today's post is for you.

  • The GoateePFE Active Directory PowerShell Link Fest

    Over the years on this blog I have created a number of short links to my most popular posts. I thought it might be handy to post a greatest hits list of these short links for easy reference and sharing. Enjoy!

  • PowerShell Summit North America 2014

    I know this post is a little late, but I wanted to offer some helpful information that I picked up at the PowerShell Summit last month.  This post is packed with links to keep you surfing high-value PowerShell content for days.

  • Career Tip: The Power of a Niche

    Have you reached a plateau in your career?  Need a new challenge?  Trapped at one company?  Then build your own niche.  Differentiate yourself.

  • Three Steps to Migrate Group Policy Between Active Directory Domains or Forests Using PowerShell

    Have you ever wanted to copy all of your production Group Policy Objects (GPOs) into a lab for testing?  Do you have to copy GPOs between domains or forests?  Do you need to migrate them to another environment due to an acquisition, merger, or divestiture? These are common problems for many administrators.

    There are VBScripts provided with the Group Policy Management Console (GPMC), but that is so "last decade". (Really. They were published in 2002.)  What about WMI filters, OU links, login scripts, and embedded credentials? I’ve drafted a PowerShell module to do this with speed and style. This post discusses the pitfalls, preparations, and scripts for a successful GPO migration.

  • Oh Snap! Active Directory Attribute Recovery With PowerShell

    Have you ever had to repopulate a batch of corrupted attributes or properties for a large set of Active Directory objects? (Think Exchange or Lync, for example.) The Active Directory Recycle Bin is great for recovering deleted objects, but it will not help with corrupted objects. Authoritative restore is the textbook option, but there is a better way. Yes, you can buy expensive third-party products to do this, or you can use the free features in the box for your own attribute-level recovery solution for Active Directory. This blog post will explain how.