Hola a todos!
Les dejo en esta oportunidad, el acceso al nuevo numero de la revista LatamTechnology #10.
Excelente numero con novedades, artículos de interés, entrevistas y mucho mas!!!
URL: http://www.latamtechnology.com/
Saludos!
LeoPonti
En esta oportunidad. quiero dejarles la lista de artículos publicados en el Scripting Guy! Blog durante esta semana. Realmente es excelente el trabajo de Ed Wilson!.
Espero disfruten de los artículos!!
Excelente semana!!
Saludos
Summary: Microsoft Scripting Guy, Ed Wilson, talks about installing the free Remote Server Administration Tools for Windows PowerShell 3.0 in Windows 8.
Microsoft Scripting Guy, Ed Wilson, is here. This morning is an awesome morning. Our friends from Hamburg, Germany have been hanging out all weekend, and it has been a blast. We have spent a bit of time talking about Windows PowerShell training and some of the challenges related to that. We have also shared a love for tea. Yep. It has been a great weekend. Not only that, but the weather also cooperated—it has been sunny and not too humid.
One of the first things I do when I build a new computer running Windows 8, is install the Windows 8 Remote Server Administration Tools (RSAT) tools. After I do this, I gain access to many new and useful cmdlets that make it easy to administer everything from Active Directory Domain Services to Windows Software Update Services.
For a free download of the tools, see Remote Server Administration Tools for Windows 8 on the Microsoft Download Center. There are two versions available on the download page: a 32-bit version and a 64-bit version. Finding the actual download is pretty easy—I click the big red Download button that is shown in the following image.
I can install the RSAT tools for Windows 8 on computers running Windows 8 or Windows 8 Pro. I cannot install them on my Windows Surface RT, but I can install them on my Windows Surface Pro.
The first thing I need to know is if my computer x86 or is it x64. The way that I usually find this out is to query an environmental variable as shown here:
PS C:\Users\ed.IAMMRED> $env:PROCESSOR_ARCHITECTURE
x86
Before I install the RSAT tools on my computer, I use the following script to to see how many cmdlets and functions are currently on my computer— I have 989.
PS C:\Users\ed.IAMMRED> gcm -CommandType cmdlet, function | measure
Count : 989
Average :
Sum :
Maximum :
Minimum :
Property :
So I click the big red Download button to select my appropriate package.
Now, I have a choice. I can download the package and install it offline. Or if I choose Run, the file spools to a Temp folder, and it performs the installation from there. This works great if I have good Internet bandwidth, and if I do not anticipate needing to perform the installation again anytime soon. I will open the file, and after a quick security scan, the installation begins. Here is the dialog box I see:
While the RSAT installs, a progress bar tracks the percentage of completion. This is shown here:
The first thing I do after the installation is complete is use the Update-Help cmdlet to update the Help for the newly installed modules. This is shown here:
PS C:\Users\ed.IAMMRED> update-help -Module * -Force
After I install the RSAT tools, I check to see how many cmdlets and functions I now have. The number is 1757 as seen here:
Count : 1757
Unlike previous versions of the RSAT tools, now when I install the tools, all of the modules and support tools automatically install. In previous versions, I had to go into Programs in Control Panel, select Turn Windows features on or off, and then scroll down to Remote Server Administration Tools to turn on each tool. Now, I only need to do this if I want to turn off a feature. This menu is shown here:
After the tools install and I have updated the Help, I can open the Windows PowerShell console (or the Windows PowerShell ISE) and begin to use the tools. The cool thing is that I can use the cmdlets from the Active Directory module to query a domain controller that is running Windows Server 2008. This is shown here:
PS C:\Users\ed.IAMMRED> Get-ADUser -Filter * -Server dc1 | select -Last 1
DistinguishedName : CN=anothertestuser,OU=Testou,DC=iammred,DC=net
Enabled : False
GivenName :
Name : anothertestuser
ObjectClass : user
ObjectGUID : 36b19f4d-081b-4435-89cf-5979defe8c32
SamAccountName : $9E1000-86BJ2L7MPKB4
SID : S-1-5-21-1457956834-3844189528-3541350385-1481
Surname :
UserPrincipalName :
But I can also use cmdlets that only exist in Windows Server 2012 as shown here:
PS C:\Users\ed.IAMMRED> Get-DhcpServerInDC
IPAddress DnsName
--------- -------
192.168.0.152 wds1.iammred.net
Well, that is about it for today. Join me tomorrow as we begin a series written by Windows PowerShell MVP, Sean Kearney, about automating DiskPart. It is cool stuff.
I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.
Ed Wilson, Microsoft Scripting Guy
Use Windows PowerShell to get the BitLocker recovery key.
Summary: Microsoft Scripting Guy, Ed Wilson, talks about the decision points for deciding how to use Windows PowerShell to access Active Directory Domain Services.
Hey, Scripting Guy! I am a bit confused. I see various blogs and scripts on the Script Repository, and some always use a third-party snap-in to access Active Directory Directory Domain Services (AD DS). Others seem to use .NET Framework code to access AD DS, and still others are using a module that looks like it is part of Windows PowerShell. What is the best way to access AD DS?
—CB
Hello CB,
Microsoft Scripting Guy, Ed Wilson, is here. This morning it is actually cool here in Charlotte, North Carolina. In fact, it is way cool because the Scripting Wife found a place on the Internet so she could order some chocolate covered Macadamia nuts. By the way, they go very well with Earl Grey tea with a cinnamon stick. The chocolate, the cinnamon, and the touch of bergamot combine to create an exquisite taste sensation. So, I am out on the lanai sipping tea, nibbling on chocolate covered Macadamia nuts and checking my email on my Surface RT, and I ran across this email to scripter@microsoft.com from CB.
When comparing options for working with Active Directory Domain Services from within Windows PowerShell, one option stands above all the others: supportability. When I use the Active Directory module from Microsoft, it is supported. For me, this means a lot. So if something does not work out perfectly, I know it is supported.
I gain access to the Active Directory module in two ways. On a domain controller that is running at least Windows Server 2008 R2, I add the Active Directory management feature, and I have access to the Active Directory module. I can access it locally on the server, or I can use remoting or implicit remoting to access the cmdlets from my workstation. For more information about remoting, see Use PowerShell Active Directory Cmdlets Without Installing Any Software.
I can also install the Remote Server Admin Tools (RSAT) on my workstation. The version I install depends on the version of the operating system that I have on my workstation. For more information, see What's Up with Active Directory Domain Services Cmdlets?
Note If I install Active Directory Management Service for Windows Server 2008, I do not get access to the Active Directory module on the server. I must install the RSAT tools on my workstation for management purposes. For more information, see Install Active Directory Management Service for Easy PowerShell Access.
In my mind, the cmdlets from the Active Directory module are easy to use. They are a little quirky, but after I get used to the quirks, they simply make sense. Therefore, to create a new user in an organizational unit (OU) named testou in the Iammred.net domain, I type the following:
New-ADUser -Name mynewtestuser -Path 'ou=testou,dc=iammred,dc=net' If I want to use the [adsi] type accelerator to create a new user, I type something like this:
$adsi = [adsi]"LDAP://dc=iammred,dc=net"
$de = $adsi.Create('user','cn=anothertestuser,ou=testou')
$de.setinfo()
One big problem with using this methodology (besides the fact that it is more typing and less intuitive), is the fact that tab expansion does not work properly. Therefore, some of the methods I want to use do not show up when I press the Tab key.
The advantage, of using the [adsi] type accelerator is that I can use it no matter what version of Windows AD DS is running in. I do not have to have the AD Management service installed, nor do I need a server running at least Windows Server 2008 R2. If my domain meets the minimum guidelines for using the Active Directory module, there is really no decision—I can use the module and use the cmdlets. They are easy, and they are powerful.
CB, that is all there is to using the Active Directory module. Join me tomorrow when I will talk about Windows PowerShell 3.0 in Windows 8. It is a way cool post, and a great way to continue your weekend. See you then.
Summary: Use a Windows PowerShell cmdlet to retrieve logged information about Windows PowerShell.
How can I easily find logged information about Windows PowerShell?
Use the Get-WinEvent cmdlet and look for a LogName with powershell in the name:
Get-WinEvent -LogName *powershell*
Summary: Microsoft Scripting Guy, Ed Wilson, concludes his five-part series about Windows PowerShell Workflow.
Hey, Scripting Guy! I have a number of commands that I want to run against several remote servers. The commands include stuff that must happen prior to something else happening. But then, there are also some things that I would like to happen as fast as possible. Is this permissible? If so, do I have to write two different workflows?
—TB
Hello TB,
Microsoft Scripting Guy, Ed Wilson, is here. This afternoon I am sipping an awesome cup of Oolong tea with a cinnamon stick, jasmine flower, and lemon grass. The flavor is just about perfect. In the background, I am listening to Ravel. Outside, the sky is dark and it is raining. The thunder seems to punctuate the music.
Note This is the last post in a five-part series about Windows PowerShell Workflow for “mere mortals.” Before you read this post, please read:
For more information about workflow, see these Hey, Scripting Guy! Blog posts: Windows PowerShell Workflow.
Well TB, the good news is that you do not need to write two different workflows to enable parallel processing and sequential processing. Windows PowerShell Workflows are flexible enough to handle both in the same workflow.
To add a sequence activity to a Windows PowerShell Workflow, all I need to do is use the Sequence keyword and specify a script block. When I do this, it causes the commands in the sequence script block to run sequentially and in the specified order.
The key concept here is that a Sequence activity occurs within a Parallel activity. The Sequence activity is required when I want commands to run in a particular order. This is because commands running inside a Parallel activity run in an undetermined order.
The commands in the Sequence script block run in parallel with all of the commands in the Parallel activity. But the commands within the Sequence script block run in the order in which they appear in the script block. The following workflow illustrates this technique:
workflow get-winfeatures
{
Parallel {
Get-WindowsFeature -Name PowerShell*
InlineScript {$env:COMPUTERNAME}
Sequence {
Get-date
$PSVersionTable.PSVersion } }
}
In the previous workflow, the order for Get-WindowsFeature, the inline script, and the Sequence activity is not determined. The only thing I know for sure is that the Get-Date command runs before I obtain the PSVersion because this is the order that I specified in the Sequence activity script block.
To run my workflow, I first run the PS1 script that contains the workflow. Next, I call the workflow and I pass two computer names to it via the PSComputerName automatic parameter. Here is my command:
get-winfeatures -PSComputerName server1, server2
The image that follows shows the Windows PowerShell ISE where I call the workflow. It also illustrates the order in which the commands ran this time. Note that the commands in the Sequence script block ran in the specified order—that is, Get-Date executed before $PsVersionTable.PSVersion. Also notice that they were in the same Parallel stream of execution.
One of the cool things about this workflow, is that I ran it from my laptop running Windows 8. What is so cool about that? Well, the Get-WindowsFeature cmdlet does not work on desktop operating systems. Therefore, I ran a command from my laptop—a command which does not exist on my laptop, but it does exist on the target computers, Server1 and Server2.
Another cool workflow feature is the InlineScript activity. I am able to access an environmental variable from the remote servers. The InlineScript activity allows me to do things that otherwise would not be permitted in a Windows PowerShell Workflow. It adds a lot of flexibility.
TB, that is all there is to using Windows PowerShell Workflow and specifying Sequence information. This concludes Windows PowerShell Workflow week. Join me tomorrow when I will talk about Active Directory with Windows PowerShell.
Summary: View Windows PowerShell console host information.
How can I easily find information about the Windows PowerShell console host?
Use the Get-Host cmdlet, and select the RawUI property from the InterhostUserInterface object:
(get-host).ui.RawUI
Summary: Microsoft Scripting Guy, Ed Wilson, continues his five-part series about Windows PowerShell Workflow.
Hey, Scripting Guy! Yesterday you talked about Windows PowerShell Workflow activities. But you only demonstrated the Parallel activity. Is there something you can share with me about some of the other types of activities? In particular I am interested in checkpoints because I think they can help me.
—AP
Hello AP,
Microsoft Scripting Guy, Ed Wilson, is here. This morning, it is really foggy outside. To be honest, it seems to look more like fall than the end of summer. But then, I am not a real weather person—I don’t even play one on TV. It is fairly humid and fairly cool—a nice morning for a cup of English Breakfast tea. I am not in the mood to experiment today, and so I am going with a standard recipe of mine: Three scoops of English Breakfast tea, a scoop of lemon grass, and a single crushed cinnamon stick. I let it steep for three minutes and 45 seconds, grab my tea pot, my Surface RT, and head outside to check email.
AP, you want to talk about checkpoints in a Windows PowerShell workflow today. No problem…
Note This is the fourth in a five-part series of blog posts about Windows PowerShell Workflow for “mere mortals.” Before you read this post, please read:
If I have a Windows PowerShell Workflow, and I need to save the workflow state or data to a disk while the workflow runs, I can configure a checkpoint. In this way, if something interrupts the workflow, it does not need to restart completely. Instead, the workflow resumes from the point of the last checkpoint. Setting a checkpoint in a Windows PowerShell Workflow is sometimes referred to as “persistence” or “persisting a workflow.” Because Windows PowerShell Workflows run on large distributed networks, or they control the execution of long running tasks, it is vital that the workflow can handle interruptions.
A checkpoint is a snapshot of the workflow’s current state. This includes the current values of variables and generated output. A checkpoint persists this data to a disk. It is possible to configure multiple checkpoints in a workflow.
Windows PowerShell Workflow provides multiple methods to implement a checkpoint. Whichever method is used to generate the checkpoint, Windows PowerShell will use the data in the latest checkpoint for the workflow to recover and resume the workflow if it is interrupted. If a workflow runs as a job (such as by using the AsJob workflow common parameter), Windows PowerShell retains the workflow checkpoint until the job is deleted (for example, by using the Remove-Job cmdlet).
I can place checkpoints anywhere in a Windows PowerShell Workflow. This includes before and after each command or activity. The counter-balance to this sort of a paranoid approach is that each checkpoint uses resources. Therefore, it interrupts processing the workflow—often with perceptible results. In addition, every time the workflow runs on a target computer, it “checkpoints” the workflow.
So where are the best places to place a checkpoint? I like to place a checkpoint after a portion of the workflow that is significant, such as something that takes a long time to run. Or it might be a section of the workflow that uses a great amount of resources. Or even something that relies on a resource that is not always available.
There are several levels of checkpoints that I can add to a Windows PowerShell Workflow. For example, I can add a checkpoint at the workflow level or at the activity level. If I add a checkpoint at the workflow level, it will set a checkpoint at the beginning and at the end of the workflow.
The absolutely, positively easiest way to add a checkpoint to a Windows PowerShell Workflow is to use the –PSPersist common parameter when calling the workflow.
The following workflow obtains network adapter, disk, and volume information:
workflow Get-CompInfo
Get-NetAdapter
Get-Disk
Get-Volume
To cause the workflow to set a checkpoint, I call the workflow with the –PSPersist parameter, and I set it to $true as shown here:
Get-CompInfo -PSComputerName server1, server2 -PSPersist $true
When I run the workflow, a progress bar appears. It takes a few seconds due to the checkpoints. This progress bar is shown in the image that follows.
After the checkpoints, the workflow completes quickly and displays the gathered information. The following image shows the output and the command line that I used to call the workflow.
If I use core Windows PowerShell cmdlets, they pick up an automatic –PSPersist parameter. I can then set a checkpoint for my workflow at the activity level. I use the –PSPersist parameter the same way that I do if I use it at the workflow level. To cause a checkpoint, I set the value to $true. To disable a checkpoint, I set it to $false.
In the workflow that follows, I set a checkpoint to occur after the completion of the first and third activities.
Get-process -PSPersist $true
Get-service -PSPersist $true
The workflow obtains process information, and then the workflow takes a checkpoint. Next, disk information and service information appear and the final checkpoint occurs. In the image that follows, the progress bar indicates a checkpoint in progress. But in the output pane, process information appears. This indicates that the Get-Process cmdlet ran prior to the checkpoint.
The CheckPoint-WorkFlow activity causes a workflow to checkpoint immediately. I can place it in any location in the workflow. The big advantage of the Checkpoint-Workflow activity is that I can use it to checkpoint a workflow that does not use the core Windows PowerShell cmdlets as activities. This means that, for example, I can use a workflow that includes Get-NetAdapter, Get-Disk, and Get-Volume, and still be able to checkpoint the activity.
I need to use Checkpoint-Workflow because no –PSPersist parameter adds automatically to the non-core Windows PowerShell cmdlets. Here is my revised workflow:
Checkpoint-Workflow
AP, that is all there is to using checkpoints with Windows PowerShell workflow. Windows PowerShell Workflow Week will continue tomorrow when I will talk about more cool workflow stuff.
Summary: Use Windows PowerShell to display date, time, and hour in 24-hour format.
How can I use Windows PowerShell to get the hour of the day in 24-hour format?
Use the Get-Date cmdlet and specify the “%H” pattern to the UFormat parameter (H is case sensitive):
get-date -UFormat "%H"
Summary: Microsoft Scripting Guy Ed Wilson continues his five-part series about Windows PowerShell Workflow.
Hey, Scripting Guy! So what’s up with Windows PowerShell workflows and activities? I do not know what an activity is. Can you help me?
—CJ
Hello CJ,
Microsoft Scripting Guy, Ed Wilson, is here. Ah…this afternoon, I am sipping a cup of Darjeeling Earl Grey tea with a bit of cinnamon stick, and I added just a bit of lavender honey from a nearby lavender farm. I am accompanying my tea with a 90% cocoa bar with black currants and hazelnuts. The combination is absolutely stunning.
Note This is the third in a five-part series of blog posts about Windows PowerShell Workflow for “mere mortals.” Before you read this post, please read:
A Windows PowerShell Workflow is made up of a series of activities. In fact, the basic unit of work in a Windows PowerShell Workflow is called an activity. There are five types of Windows PowerShell Workflow activities that are available for use. The following table describes the types of activities.
Activity
Description
CheckPoint-Workflow (alias = PSPersist)
Takes a checkpoint. Saves the state and data of a workflow in progress. If the workflow is interrupted or rerun, it can restart from any checkpoint.
Use the Checkpoint-Workflow activity along with the PSPersist workflow common parameter and the PSPersistPreference variable to make your workflow robust and recoverable.
ForEach -Parallel
Runs the statements in the script block once for each item in a collection. The items are processed in parallel. The statements in the script block run sequentially.
Parallel
Allows all statements in the script block to run at the same time. The order of execution is undefined.
Sequence
Creates a block of sequential statements within a parallel script block. The Sequence script block runs in parallel with other activities in the Parallel script block. However, the statements in the Sequence script block run in the order in which they appear. Sequence is valid only within a Parallel script block.
Suspend-Workflow
Stops a workflow temporarily. To resume the workflow, use the Resume-Job cmdlet.
Windows PowerShell cmdlets from the core modules are automatically implemented as activities for use in a Windows PowerShell Workflow. These core modules, all begin with the name Microsoft.PowerShell. To find these cmdlets, I can use the Get-Command cmdlet as shown here:
Get-Command -Module microsoft.powershell*
The command and the associated output from the command are shown in the image that follows.
However, not all of the cmdlets from the Windows PowerShell core modules are permitted as automatic activities for Windows PowerShell Workflows. The reason for this is that some of the core cmdlets do not work well in workflows. A quick look at the disallowed list makes this abundantly clear. The following table lists the disallowed core cmdlets.
Add-History
Invoke-History
Add-PSSnapin
New-Alias
Clear-History
New-Variable
Clear-Variable
Out-GridView
Complete-Transaction
Remove-PSBreakpoint
Debug-Process
Remove-PSSnapin
Disable-PSBreakpoint
Remove-Variable
Enable-PSBreakpoint
Set-Alias
Enter-PSSession
Set-PSBreakpoint
Exit-PSSession
Set-PSDebug
Export-Alias
Set-StrictMode
Export-Console
Set-TraceMode
Get-Alias
Set-Variable
Get-History
Start-Transaction
Get-PSBreakpoint
Start-Transcript
Get-PSCallStack
Stop-Transcript
Get-PSSnapin
Trace-Command
Get-Transaction
Undo-Transaction
Get-Variable
Use-Transaction
Import-Alias
Write-Host
If a cmdlet is not in the Windows PowerShell core modules, it does not mean that it is excluded. In fact, it probably is not excluded. Therefore, when a non-core Windows PowerShell cmdlet is used in a Windows PowerShell Workflow, Windows PowerShell will automatically run the cmdlet as an InlineScript activity.
An InlineScript activity permits me to run commands in a Windows PowerShell workflow, and to share data that would not be otherwise permitted.
In the InlineScript script block, I can call all Windows PowerShell commands and expressions and share state and data within the session. This includes imported modules and variable values. For example, the cmdlets listed in the previous table that are not permitted in a Windows PowerShell workflow, could be included in an InlineScript activity.
To create a Windows PowerShell Workflow that uses a parallel workflow activity, I use the Parallel keyword, and I supply a script block. The following workflow illustrates this technique:
WorkFlow Get-EventLogData
Get-EventLog -LogName application -Newest 1
Get-EventLog -LogName system -Newest 1
Get-EventLog -LogName 'Windows PowerShell' -Newest 1 } }
When I run the script that contains the Get-EventLogData workflow, I go to the execution pane of the Windows PowerShell ISE to execute the workflow. What happens is that the three Get-EventLog cmdlet commands execute in parallel. This results in a powerful and quick way to grab event log data. If I call the workflow with no parameters, it runs on my local computer. This is shown here:
The cool thing is that with a Windows PowerShell Workflow, I automatically gain access to several automatic parameters. One of the automatic parameters is PSComputerName. Therefore, with no additional work (this workflow does not exist on Server 1 or Server2—it only exists on my workstation), I can use the automatic PSComputerName workflow parameter, and run the workflow on two remote servers. This is shown here:
Because I am not accessing the PSComputerName automatic parameter directly within my Windows PowerShell activity, I am actually using an automatic workflow parameter. For more information, see the following online Help: about_WorkflowCommonParameters.
There are also workflow activity-specific common parameters. For more information, see Using Activities in Script Workflows.
CJ, that is all there is to using Windows PowerShell Workflow activities. Windows PowerShell Workflow Week will continue tomorrow when I will talk about more Windows PowerShell Workflow activities.
Summary: Easily customize the way Windows PowerShell displays a date.
How can I use Windows PowerShell to easily display the date as day-dash-month-dash-four-digit year?
Use the Get-Date cmdlet,specify a custom format by using the Format parameter, and use dd for the date, M for the month and yyyy for a four-digit year (this is case sensitive):
Get-Date -Format "dd-M-yyyy"
Summary: Microsoft Scripting Guy, Ed Wilson, continues a five-part series about Windows PowerShell Workflow.
Hey, Scripting Guy! So Windows PowerShell Workflow seems pretty cool. But I am wondering if it is possible to use it to easily provide workflow types of things for remote computers? Is this possible?
—BB
Hello BB,
Microsoft Scripting Guy, Ed Wilson, is here. We are enjoying a cool stretch of weather here in Charlotte, North Carolina. In fact, we have the windows open. We are also enjoying our visiting friends from Hamburg, Germany. So not only do we have great weather, but we have great company.
Note This is the second in a five-part series of blog posts about Windows PowerShell Workflow for “mere mortals.” You should read PowerShell Workflow for Mere Mortals: Part 1 before you read this post. For more information about workflow, see these Hey, Scripting Guy! Blog posts: Windows PowerShell Workflow.
One of the reasons for using a Windows PowerShell Workflow is to be able to easily execute commands in parallel. This can result in some significant time savings.
Note For an example of the time savings that are possible by using a Windows PowerShell Workflow and running commands in parallel, see the excellent post written by Windows PowerShell MVP, Niklas Goude, Use PowerShell Workflow to Ping Computers in Parallel.
To perform a parallel activity by using Windows PowerShell Workflow, use the Foreach keyword with the –Parallel parameter. This is followed by the operation and the associated script block. The following script illustrates this technique:
Foreach -Parallel ($cn in $computers)
{ Get-CimInstance -PSComputerName $cn -ClassName win32_computersystem }
One of the things to keep in mind (as a major source of early frustration) is that when I call the Get-CimInstance cmdlet from within the script block of my parallel Foreach keyword, I have to use the automatically added PSComputerName parameter, not the ComputerName parameter I would normally use with the cmdlet. This is because this is the way that Windows PowerShell Workflow handles computer names. If I look at the command-line syntax for Get-CimInstance, I do not see the ––PSComputerName parameter at all.
The nice thing is that if I forget to use –PSComputerName, and I try to run the Windows PowerShell Workflow, an error message appears. The message is detailed enough that it actually tells me the issue and tells me what I need to do to solve it.
When I rename the parameter in Get-CimInstance, I can run the workflow, and it does not generate any errors. This is shown here.
The complete GetComputerInfo workflow is shown here:
Workflow GetComputerInfo
$computers = "server1","client1"
{ Get-CimInstance -PSComputerName $cn -ClassName win32_computersystem } }
I call the workflow, and I am greeted with computer information for each of the servers with names I stored in the $computers variable. The script and the output from the script are shown here.
BB, that is all there is to use Windows PowerShell Workflow on a remote computer. Windows PowerShell Workflow Week will continue tomorrow when I will talk about more cool workflow stuff.
En esta oportunidad, les dejo los artículos que fueron publicados en la semana del 12/8 al 19/8 en el blog de TechNet WikiNinjas
19/8Interview with a Wiki Ninja and SharePoint Guru - Matthew Yarlett Por Ed Price
19/8July Small Basic Guru - Nonki Takahashi's "Shapes Editor" Por Ed Price
18/8Training Needs Analysis - Trainer to Trainer Por Serhad MAKBULOĞLU
18/8Top Contributors Awards! Special Steef-Jan, Gokan & Sandro edition :D Por XAML guy
17/8July SharePoint Guru - Matthew Yarlett brings us "SharePoint 2010: Viewing, Sorting, and Filtering SharePoint User Profiles Using PowerShell" Por Ed Price
16/8Friday with International Community Update – Articles about BizTalk Server 2010 and 2013 from Holland Por Luciano Lima [MVP] Brazil
15/8TechNet Wiki - Enter the International Council Por Ed Price
14/8Wiki Life: What content is not appropriate for our wiki Por Horizon_Net
13/8July BizTalk Guru - Steef-Jan brings us "Provisioning BizTalk Services using the Windows Azure Management Portal" Por Ed Price
13/8TNWiki Article Spotlight - Directory Services Por LeoPonti
12/8Interview with a Wiki Ninja: Carmelo La Monica - Community Contributor in C#, VB.NET, LINQ, Windows 8 apps, and Windows Phone 8 apps Por Ed Price
12/8Interview with a Wiki Ninja: Lex Hegt Por Sandro Pereira
Espero que disfruten de estos artículos y esta semana, se vienen muchos mas... :=)
Summary: Learn how to use Windows PowerShell to display the date in locale-specific format.
How can I use Windows PowerShell to display the day, month, and two-digit year in locale specific format?
Use the Get-Date cmdlet and the –uformat parameter:
get-date -UFormat %x
Summary: Microsoft Scripting Guy, Ed Wilson, begins a five-part series about Windows PowerShell Workflow.
Hey, Scripting Guy! What is up with Windows PowerShell Workflow? Everyone acts like it is some deep, dark mystery—similar to trying to understand neutrinos. So come on…it is Windows PowerShell, so how hard can it be?
—MD
Hello MD,
Microsoft Scripting Guy, Ed Wilson, is here. This week I am going to address some questions and comments that have been collecting about Windows PowerShell Workflow. I like using Windows PowerShell Workflow because it offers a number of significant capabilities that help solve rather interesting issues.
Note This is the first in a five-part series of blog posts about Windows PowerShell Workflow for “mere mortals.” For more information, see these Hey, Scripting Guy! posts about Windows PowerShell Workflow. For a conceptual introduction, see When Windows PowerShell Met Workflow.
Windows PowerShell Workflows are cool because the commands consist of a sequence of related activities. I can use a workflow to run commands that take an extended period of time. By using a workflow, my commands can survive reboots, disconnected sessions. They can even be suspended and resumed without losing the data. This is because the workflow automatically saves state and data at the beginning and at the end of the workflow. In addition, it can use specific points that I specify. These persistence points are like checkpoints or snapshots of the activity. If a failure occurs that is unrecoverable, I can use the persisted data points, and then resume from the last data point instead of having to begin the entire process anew.
Note Windows PowerShell Workflow is Windows Workflow Foundation. But instead of having to write the workflow in XAML, I can write the workflow by using Windows PowerShell syntax. I can also package the workflow in a Windows PowerShell module. For detailed documentation, see Windows Workflow Foundation.
The two main reasons to use Windows PowerShell Workflow are reliability and performance when performing large scale or long-running commands. These reasons break down into the following key points:
I can run a workflow that uses Windows PowerShell cmdlets if the target (the managed node) runs at least Windows PowerShell 2.0. I do not need Windows PowerShell 2.0 if the workflow does not run Windows PowerShell cmdlets. I can use WMI or CIM commands on computers that do not have Windows PowerShell installed. This means that I can use Windows PowerShell workflow in a heterogeneous environment.
The computer that runs the workflow is the host (client) computer. It must be running at least Windows PowerShell 3.0 and have Windows PowerShell remoting enabled. In addition, the target (managed node) computer must have at least Windows PowerShell 2.0 with Windows PowerShell remoting enabled if the workflow includes Windows PowerShell cmdlets.
Although much of the focus with Windows PowerShell Workflow is about large network management, I can use Windows PowerShell Workflow on my own local computer. I might want to do this if the task at hand might take a long time to run. Therefore, from a learning standpoint, it makes sense to begin with a workflow that simply works on my local computer.
To write a workflow, I begin with the Workflow keyword. I provide a name for the workflow, and inside the braces (script block), I specify the script that I want to use. The syntax is very much like a Windows PowerShell function. Here is my basic workflow:
Workflow HelloUser
{ "Hello $env:USERNAME" }
Just like a Windows PowerShell function, I need to run the script and load the workflow prior to using it. In the Windows PowerShell ISE, I run the script that contains the workflow, and then I can use the workflow in the immediate window. This is shown in the following image:
I can use normal Windows PowerShell commands and add logic to my workflow. The following workflow uses the Get-Date cmdlet to retrieve the time in 24-hour format. Then if the hour is less than 12, it displays “good morning.” If the hour is between 12 and 18, it displays “good afternoon.” Otherwise, it displays “good evening.” Here is the workflow:
Workflow HelloUserTime
$dateHour = Get-date -UFormat '%H'
if($dateHour -le 12) {"good morning"}
ELSeIF ($dateHour -gt 12 -AND $dateHour -le 18) {"good afternoon"}
ELSE {"good evening"}
MD, there is a start for using Windows PowerShell Workflow. Windows PowerShell Workflow for Mere Mortals Week will continue tomorrow.
En esta oportunidad, quería dejarles un Script muy interesante, el cual nos permite exportar en pocos segundos, el detalle de las subnets que tenemos en cada uno de nuestros Site del Forest donde necesitemos tener dicho detalle, de estar en una estructura pequeña, no tendrías problemas ni nos demandaría mucho tiempo realizar dicha tarea en forma manual, pero tengan en cuenta ante ambientes muy grandes, que sería de mucho tiempo de trabajo, tener la información exportada en un archivo.
Este detalle nos puede server como inventario o también para realizar un análisis de como tenemos configurado nuestro Site&Services en cuanto a las subnets a que sitio pertenecen, recuerden que tener bien configurado esta parte, hará que las autenticaciones, sean validadas en el sitio local o más cercano de donde está el equipo que el usuario quiere acceder, evitando inconvenientes de lentitud innecesarios.-
Entonces, descargando el archivo *.vbs desde: Link subido a Microsoft TechNet Gallery y guardarlo como list_subnets.vbs y luego, desde línea de comando, nos posicionamos en el directorio donde guardamos el archivo vbs y ejecutamos cscript list_subnets.vbs > export_subnets.txt y en el archivo *.txt que detallamos, nos exportara el detalle de Site y que Subnets están declaradas en el mismo, toda información correspondiente al Forest que pertenece el equipo desde donde corrimos el script.
El archivo export_subnets.txt resultante, tendrá un formato similar a como les detallo a continuación:
Microsoft (R) Windows Script Host Version 5.8 Copyright (C) Microsoft Corporation. All rights reserved.
SITIO1,10.1.10.0/24,10.1.19.0/24,10.1.20.0/24,10.1.27.0/24,10.1.29.0/24,10.1.59.0/24,10.1.60.0/24, 10.1.67.0/24,10.113.33.0/24 SITIO2,10.1.12.0/24,10.1.44.0/24,10.1.6.0/24,10.10.44.0/24,10.11.44.0/24,10.13.44.0/24,10.29.0.0/21, 10.29.4.0/24,10.3.11.0/24,10.3.44.0/24 SITIO3,10.1.22.0/24,10.1.57.0/24,10.1.7.0/24,10.11.7.0/24,10.113.12.0/24,10.113.13.0/24,10.113.27.0/24, 10.113.37.0/24,10.114.12.0/24 SITIO4,10.1.33.0/24,10.1.38.0/24,10.1.4.0/22,10.1.9.0/24,10.10.33.0/24,10.101.0.0/20,10.11.32.0/22, 10.111.1.0/24,10.112.0.0/24 SITIO5,10.1.93.0/24,10.2.93.0/24,10.3.92.0/22,10.4.93.0/24,10.65.93.0/24,10.66.93.0/24,10.67.93.0/24, 10.68.93.0/24,10.69.93.0/24 SITIO6,10.100.42.0/24,10.113.34.0/24,10.113.43.0/24,10.113.44.0/24,10.113.62.0/24 SITIO7,10.100.80.0/24,10.144.144.0/24,10.144.152.0/24,10.144.153.0/24,10.144.38.0/24,10.144.4.0/24, 10.144.8.0/22,10.145.152.0/24
Espero les sea de utilidad.
Salu2
En esta oportunidad, les quiero dejar como redireccionar el contenedor default donde quedan los objetos Computers al generarse cuando se hace el Join de los equipos a nuestro dominio, como ventaja principal para realizar esta tarea, es cuando queremos desde un principio, aplicar políticas de dominio a nuestros equipos apenas los pongamos en dominio, sin esperar a que los objetos sean movidos de OU después de un tiempo.
En el Contenedor "Computers" donde por default en un dominio que instalamos y no realizamos el cambio, es donde se generan los objetos Computers al realizar el Join de los mismos y donde no podemos adjuntar una GPO de Dominio, con lo cual, muchos optan por correr el comando que les quiero dejar y ahí si, en la nueva OU que direccionamos, podremos poner una GPO de dominio y aplicar configuraciones para que apliquen desde un principio en los equipos que adjuntamos a nuestro dominio.
Como comentario inicial, este comando se corre por dominio, con lo que si tenemos varios dominios donde queremos realizar este cambio, por más que los mismos correspondan a un único Forest, tendremos que correrlo en cada uno de los dominios que deseamos modificar.-
Para empezar, entraremos a nuestra Consola de administración de Usuarios y Computadoras, para lo cual, tenemos que estar trabajando desde un Domain Controller o desde un equipo donde tengamos en Windows Server 2003 o Windows XP las Herramientas Administrativas de Active Directory o en Windows Server 2008 o Superior, el Feature de Administración instalado.
Luego hacemos Start – Administrative Tools – Active Directory Users and Computers como se muestra en la siguiente pantalla:
También podemos abrir la consola, desde Start - Run - Poniendo la llamada a la consola dsa.msc
Donde en la consola, podremos ver el contenedor Default de cualquier implementación de Active Directory donde se generan los objetos "Computer" al realizar el join al dominio, ese contenedor, se llama "Computers":
Ahora para realizar el cambio, generaremos una nueva OU que este directamente desde el raíz del dominio, para lo cual, nos pondremos en el dominio, desplegamos el menu y hacemos New - Organizational Unit como se muestra a continuación:
Donde nos aparecerá una ventana de creación y pondremos el nombre de la OU que deseamos generar, en este caso, pondremos "NewComputers"
Al dar OK, veremos la OU ya generada en la consola de Users and Computers, para también seguir, es importante ir desde la consola, View - Advanced Features:
Ahora desde la nueva OU, desplegaremos el menu, y vamos a "Properties", en la nueva ventana que nos aparece, vamos a la solapa "Attribute Editor" y de la lista de atributos que aparecen, vamos al atributo "distinguishedName", donde daremos la opción "View" y copiaremos la información que tenga dicho atributo.
Una vez realizado el paso anterior, vamos a Start - Command Prompt el cual ejecutaremos como "Administrator" (sobre Command Prompt, desplegamos el menu y seleccionamos la opción "Run as administrator")
En la ventana de CMD que se nos abrirá, escribiremos el comando redircmd, dejamos un espacio y pegamos lo copiado con anterioridad, desplegando el menu y seleccionando la opción "Paste":
Donde se pegará la información del atributo DistinguishedName, quedando la línea de comando completa de la siguiente manera:
Un punto a tener en cuenta, lo que aparece luego de OU= puede variar según la estructura de OUs y Dominio que estemos ejecutando. Luego de que tenemos completa la línea de comando a ejecutar, al dar "ENTER", se realizará el cambio que estamos solicitando y nos dará el aviso que el mismo, se realizó correctamente:
Luego de este cambio, todo equipo Computer que hagamos Join a nuestro dominio, se generará el objeto en la nueva OU que direccionamos.-
Con la herramienta ADExplorer, pueden chequear el atributo de dominio "wellKnownObjects" que tenga aplicado el cambio realizado como se muestra en la siguiente pantalla:
Espero que lo puedan aplicar, que les sea productivo el cambio, ya que como comente al principio, es útil para aplicar GPOs desde un principio en los equipos que son agregados a nuestro dominio de Active Directory.-
En esta oportunidad, les quiero dejar como redireccionar el contenedor default donde quedan los objetos Users al generarse cuando desde una aplicación, se generan cuentas y se deja al dominio que las genere en un contenedor por defecto.
En el Contenedor "Users" donde por default en un dominio que instalamos y no realizamos el cambio, es donde se generan los objetos Users.-
Donde en la consola, podremos ver el contenedor Default de cualquier implementación de Active Directory donde se generan los objetos "User", ese contenedor, se llama "Users":
Donde nos aparecerá una ventana de creación y pondremos el nombre de la OU que deseamos generar, en este caso, pondremos "NewUsers"
En la ventana de CMD que se nos abrirá, escribiremos el comando redirusr, dejamos un espacio y pegamos lo copiado con anterioridad, desplegando el menu y seleccionando la opción "Paste":
Luego de este cambio, todo usuario que se genere desde un aplicativo que tiene delegada al dominio el lugar donde se genere, se creará el objeto en la nueva OU que direccionamos.-
Espero que lo puedan aplicar y que les sea productivo el cambio según cada una de las estructuras de dominio que administran.-
En esta oportunidad, quiero dejarles las formas en las que podemos chequear la versión de nuestro Schema de Active Directory, esto identificará la versión de Sistema Operativo de nuestros Domain Controllers, no en general, ya que con eso lo identificamos viendo el Functional Level de nuestra estructura, pero si sabremos que al menos un Domain Controller de nuestra infraestructura, es de la versión de nuestro Schema, ya que para promover un Domain Controller con una versión de Sistema Operativo superior, si o si tenemos que realizar un upgrade o extender nuestro Schema del Forest.-
Las versiones de Schema hasta el momento y a que versión de Sistema Operativo corresponden, son las siguiente:
* 13 - Windows 2000 Server * 30 - Windows Server 2003 * 31 - Windows Server 2003 R2 * 44 - Windows Server 2008 * 47 - Windows Server 2008 R2 * 51 - Windows Server 8 Developers Preview * 52 – Windows Server 8 Beta (Disponible al público) * 56 - Windows Server 2012
Si bien tenemos scripts y otras herramientas para chequear la versión de nuestro Schema, a mi en este post me gustaría identificar cuatro formas:
1) Mediante dsquery. 2) Mediante consola de adsiedit. 3) Mediante consola de ldp. 4) Mediante clave de registro (regedit).
1) Mediante dsquery:
Desde un Domain Controller o equipo perteneciente al dominio, teniendo las herramientas administrativas o el features de administración de Active Directory, ejecutaremos la línea de comando mediante un CMD.
En donde ejecutaremos la siguiente linea de comando:
dsquery * cn=schema,cn=configuration,dc=leoponti,dc=net -scope base -attr objectVersion
Donde "dc=leoponti,dc=net" corresponde a las referencias del Forest que tengan cada uno de ustedes, en mi caso el laboratorio aplica a un distinguishedname "dc=leoponti,dc=net"
Al ejecutarlo, nos dara la versión que tengamos en cada una de las estructuras según se muestra a continuación:
2) Mediante consola de adsiedit.
Desde un Domain Controller o equipo perteneciente al dominio, teniendo las herramientas administrativas o el features de administración de Active Directory, ejecutaremos dentro de las herramientas administrativas, la consola ADSIEdit:
En la parte superior izquierda de la consola que se nos abrirá, en la opcion ADSI Edit, desplegamos el menu y seleccionamos "Connect to", donde nos aparecera una ventana de selección y pondremos las referencias de Schema como se muestran a continuación:
Una vez que nos conecta, desplegamos el menu dentro del CN=Schema y seleccionamos properties:
En la ventana que nos aparecerá, buscamos la opción que dice "objectVersion" como se muestra a continuación:
3) Mediante consola de ldp.
Desde un Domain Controller o equipo perteneciente al dominio, teniendo las herramientas administrativas o el features de administración de Active Directory, vamos a "Run"
Ejecutamos la herramienta ldp y dentro de la misma, vamos a Connection - Connect..
Donde nos aparecera una ventana para configurar la conexión que deseamos realizar y cargamos en "Server:" el FQDN del dominio o la IP/hostname de un Domain Controller.
Luego que nos conectamos al dominio, necesitamos autenticarnos para poder ver la información del mismo, donde hacemos en la misma consola: Connection - Bind:
Donde nos aparecerá una ventana para cargar credenciales validas del dominio al que nos queremos conectar, si ya estamos logeados con credenciales del dominio a consultar, damos OK sin cargar ninguna referencia:
Podremos chequear entonces, que estamos conectados con credenciales válidas:
Luego, para que nos aparezca la estructura que deseamos consultar, vamos a View - Tree como se muestra a continuación:
Donde nos aparecerá una ventana para cargar la ruta completa de nuestra estructura a consultar desde LDP, en nuestro caso, seleccionaremos el distinguishedname correspondientes a nuestro Schema, como se muestra a continuación:
En el arbol del lado izquierdo, podremos dar doble click y nos aparecerá del lado derecho, en todas las referencias, una linea con "objectVersion:" y la información que estamos buscando:
4) Mediante clave de registro (regedit).
En la línea de comando, ejecutaremos la consola "regedit".
En la rama de registro, buscamos: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NTDS\Parameters y ahi dentro, la clave: "Schema Version" donde nos aparecerá el valor que estamos buscando:
De esta forma, les dejo cuatro maneras de poder buscar y tener el valor de que versión esta nuestro Schema de Active Directory.-
Espero que les sea de utilidad.
LeoPonti.
En esta oportunidad, quiero compartir con ustedes una forma sencilla de hacer un dispositivo USB booteable con Windows Server 2012, de esta misma forma, también se puede hacer con Windows Server 2008R2, Windows 7 y Windows 8.-
Para comenzar, tenemos que descargar la Herramienta Windows 7 USB/DVD Tool desde Microsoft Store Online: http://www.microsoftstore.com/store/msstore/html/pbPage.Help_Win7_usbdvd_dwnTool
Una vez que se descarga el instalador, corremos la instalación del mismo, para lo cual, tenemos que tener instalado previamente .NET Framework 3.5, si no lo tenemos instalado, nos aparecerá un aviso de descargo e instalarlo como se muestra a continuación:
Donde vamos a “Download and install this feature” para procederá la instalación de .NET Framework 3.5
Cuando finalice la instalación de .NET Framework, nos aparecerá el aviso como se muestra a continuación:
Al darle "Close", si comenzaremos la instalación de la Tool que necesitamos para poder realizar el dispositivo USB Booteable:
Aceptando la pantalla de bienvenida, daremos la opcion "Next":
Al dar la opcion "Install", comenzará el proceso de instalación.
Dando Finish, se cerrará la instalacion habiendo finalizado la misma.
Ahora ejecutaremos la Tool desde el icono que nos apareció en el escritorio.
Donde nos aparecerá la siguiente ventana dando comienzo al wizard para generar el dispositivo booteable.
Donde iremos a “Browse” y seleccionamos la ISO de Windows Server 2012 que previamente hayamos descargado desde la Web de Microsoft y tengamos localmente en nuestro disco.
Daremos NEXT y nos apareceran las siguientes posibilidades.
Start over: Volveremos a la pantalla para cargar en la Tool, la imagen ISO de nuestro Sistema Operativo Windows Server 2012.USB Device: Seguiremos la Tool para generar el disco booteable con un dispositivo USB.DVD: Seguiremos la Tool para generar el disco booteable con nuestra unidad de DVD.
En nuestro caso, seleccionaremos la opción USB device para seguir nuestro wizard.
Luego de confirmar la unidad con el dispositivo USB, daremos "Begin copying" para comenzar el proceso de dar format al dispositivo y posterior copia en el dispositivo y configurarlo como booteable.
Luego de dar el formato, comienza la copia de archivos:
Una vez que finalice correctamente, nos aparecerá la confirmación como se muestra a continuación:
De esta forma, tendremos nuestro dispositivo USB con particularidad de ser booteable y listo para poderlo utilizar en donde querramos instalarlo.
Espero que les sea de utilidad y lo puedan aplicar, nunca esta de mas tener preparada esta forma de instalar nuestros Servidores, ya que en mas de una oportunidad, es la única manera que tenemos de instalarlos.-
En esta oportunidad, me gustaria dejarles la solucion a un inconveniente al querer despromover un Domain Controller el cual este operativo y al querer despromoverlo, les aparezca el siguiente mensaje: The operation failed because: Active Directory Domain Services could not configure the computer account <hostname>$ to the remote Active Directory Domain Controller account <fully qualified name of helper DC>. "Access is denied"
Como primer medida, chequear el siguiente KB de Microsoft: DCPROMO fails with error "Access is denied" if the user performing the promotion is not granted the "trusted for delegation" user right
Si aun asi no encuentran la solucion, les dejo la siguiente opcion que en una oportunidad experimente y se presenta el mismo error que es cuando marcamos el objeto "Computer" del Domain Controller a despromover como proteccion de eliminacion (Protect Object from accidental deletion).
En ese caso, les paso dos formas de revertirlo si estamos en una estructura de Active Directory Windows Server 2008 o superior.
Opcion 1: Destildar dicha opcion de Site&Services:
Para esta opcion entramos a la consola de Site&Services:
En dicha consola, buscamos en el Sitio del Domain Controller a despromover y dentro del mismo, NTDS Settings, donde desplegaremos el menu y seleccionaremos la opcion Properties:
En la ventana que nos aparecera, vamos a la solapa Object, donde veremos la opcion "Protect Object from accidental deletion", de estar tildada, se tiene que destildar para habilitar que el objeto pueda ser eliminado al despromoverse.
Opcion 2: Destildar dicha opcion de Users and Computers:
Para esta opcion entramos a la consola de Users and Computers:
En dicha consola, vamos al contenedor de Domain Controllers donde nos aparecera el objeto Computer del Domain Controller que deseamos despromover, donde iremos a tildar la opcion que encontramos en View - Advanced Features
Luego seleccionamos el objeto Computer del Domain Controller a despromover y seleccionamos Properties.
Aclaración 1: Estados dos opciones hay que chequearlas ya que se pueden haber habilitado en su momento y si no se destildan, no se podra despromover el Domain Controller en forma normal asi teniendo el mismo operativo, es importante chequear ambas opciones detalladas, ya que puede estar una o ambas con Protect Object from accidental deletion seleccionado.
Aclaración 2: Si estamos con versión de dominio con Windows Server 2000/2003, no tendremos las opciones como muestro, pero de la misma forma que les detallo, tienen que ver en la solapa Security (en lugar de la solapa object) que no este la cuenta que estamos utilizando para despromover el Domain Controller, un grupo en el cual este incluido dicho usuario o un Everyone, con un Denied aplicado, de encontrarlo, tendrán que quitarlo para continuar con la despromoción.-
Espero les sea de utilidad.-
Hola,
En el presente post, les dejo links de interés para armado, preparación, prevención y ejecución de Disaster and Recovery. Tenemos que tener la idea en claro, que nuestra infraestructura de Active Directory es el Core y permite el funcionamiento de muchas otras plataformas, que sea por autenticación, resolución de nombre, delegaciones, etc toman los recursos de nuestro dominio y para brindar un correcto servicio, tenemos que tener un plan estructurado y detallado de recovery ante fallas que se nos puedan presentar, desde un simple objeto borrado, pasando por OUs con muchos objetos, Domain Controllers, Dominios, Políticas de Dominio y hasta un desastre de magnitudes importantes que hasta pueda afectar nuestro Forest Completo.
Este tema es muy extenso de tratar y lamentablemente en muy pocos lugares le dan la importancia que realmente necesita, nos acordamos de tener un plan de recovery cuando tal vez es demasiado tarde..., pero es importante tener documentado y sobre un ambiente hacer pruebas, como para llegado el caso aplicar algo en nuestro ambiente productivo, sepamos los pasos a seguir y no se pierda tiempo con ejecuciones y "pruebas" sin sentido, demorando el tiempo de resolución del problema.
A continuación, les dejo una lista de varios links de interés, el cual les será de utilidad para armar la documentación de Disaster and Recovery de su empresa, sobre el ambiente de laboratorio para hacer estas pruebas, pueden armarlo sobre infraestructura virtual, es recomendable generar una estructura paralela de iguales características que producción, tanto en cantidad de objetos como en cantidad de equipos, ya que les servirá para destinar tiempos de resolución, pero tal vez si tienen una empresa con una estructura de Active Directory grande, no pueden duplicar todo igual, con lo que armando su laboratorio "a escala", ya les sirve para sobre cada tipo de desastres, estimar tiempos de resolución.-
Ahora si, les dejo los links, son en verdad muchos, pero pueden ir tomando los que les sea de utilidad ya que varios son de conocimiento general con lo que no necesitaran tomar información del mismo, pero de seguro, algunos se les pase y puedan tenerlo desde el siguiente detalle:
How to move a Windows installation to different hardwarehttp://support.microsoft.com/kb/249694
How to automate Ntdsutil.exe using a scripthttp://support.microsoft.com/kb/243267
How to perform an in-place upgrade of Windows Server 2003http://support.microsoft.com/kb/816579
How to perform an in-place upgrade of Windows 2000http://support.microsoft.com/kb/292175
Service overview and network port requirements for the Windows Server systemhttp://support.microsoft.com/kb/832017
How to optimize the location of a domain controller or global catalog that resides outside of a client's sitehttp://support.microsoft.com/kb/306602
NetLogon Service–Related KB ArticlesRegistration of gc._msdcs.<DnsForestName> Records in DNS Is Requiredhttp://support.microsoft.com/kb/258213/
How to enable or disable DNS updates in Windows 2000 and in Windows Server 2003http://support.microsoft.com/kb/246804
How to Prevent Domain Controllers from Dynamically Registering DNS Nameshttp://support.microsoft.com/kb/198767
Enabling debug logging for the Net Logon servicehttp://support.microsoft.com/kb/109626
KDC Service–Related KB ArticlesHow to force Kerberos to use TCP instead of UDP in Windowshttp://support.microsoft.com/kb/244474
User Token Expires When You Log on by Using a Smart Card for a Long Timehttp://support.microsoft.com/kb/323931
Authentication May Intermittently Failhttp://support.microsoft.com/kb/818173
How to troubleshoot RPC Endpoint Mapper errors in Windows Server 2003http://support.microsoft.com/kb/839880
You cannot log on or you experience a long delay on a domain controller or on a member computer that is running Windows 2000, Windows XP, or Windows Server 2003http://support.microsoft.com/kb/883268
Managing Trustshttp://technet2.microsoft.com/windowsserver/en/library/89869a49-3b6c-472a-9612-b11d30d080481033.mspx?mfr=true
Trust Technologieshttp://technet2.microsoft.com/windowsserver/en/library/9d688a18-15c7-4d4e-9d34-7a763baa50a11033.mspx?mfr=true
How to build and reset a trust relationship from a command linehttp://support.microsoft.com/kb/175025/
Schema Updates Require Write Access to Schema in Active Directoryhttp://support.microsoft.com/kb/285172
Initial Synchronization Requirements for Windows 2000 Server and Windows Server 2003 Operations Master Role Holders http://support.microsoft.com/?id=305476
Summary of ―Piling On Scenarios in Active Directory Domains http://support.microsoft.com/kb/305027
Using Ntdsutil.exe to transfer or seize FSMO roles to a DC http://support.microsoft.com/kb/255504
Clean up server metadatahttp://go.microsoft.com/fwlink/?LinkId=70779
How Operations Masters Work http://go.microsoft.com/fwlink/?LinkId=70799
Phantoms, tombstones and the infrastructure master http://support.microsoft.com/kb/248047
Creating and Deleting Objects in Active Directory Domain Serviceshttp://msdn.microsoft.com/en-us/library/aa772216.aspx
Performing an Authoritative Restore of Active Directory Objectshttp://technet2.microsoft.com/windowsserver/en/library/690730c7-83ce-4475-b9b4-46f76c9c7c901033.mspx?mfr=true
Guarding Against Accidental Bulk Deletions in Active Directory http://technet2.microsoft.com/windowsserver/en/library/ea72bc34-6136-42e3-aa36-e2246f15d09d1033.mspx?mfr=true
Security Descriptors and Access Control Lists Technical Reference http://technet2.microsoft.com/windowsserver/en/library/0b340511-024f-43d0-86d7-17ada2f5b4f41033.mspx
Best Practice Guide for Securing Active Directory Installationshttp://technet.microsoft.com/en-us/library/cc773365.aspx
Download: Best Practice Guide for Securing Active Directory Installations.dochttp://www.microsoft.com/downloads/details.aspx?familyid=2eaa45c7-d936-413e-9586-a8bb6ff739d9&displaylang=en&tm
Best Practice Guide for Securing Active Directory Installations and Day-to-Day Operationshttp://technet.microsoft.com/en-us/windowsserver/2000/bb735369.aspx
Download: Windows Server 2003 Active Directory Operations Guidehttp://www.microsoft.com/downloads/details.aspx?FamilyID=6a238df8-115c-4e1a-89f1-ee9bc9486c0f&DisplayLang=en
Download: Active Directory Domain Services Operations Guide.dochttp://www.microsoft.com/downloads/details.aspx?familyid=291BDDB7-EDC6-4E6D-9852-A9A14991D67C&displaylang=en
How to restore deleted user accounts and their group memberships in Active Directoryhttp://support.microsoft.com/kb/840001
Using LDIFDE to import and export directory objects to Active Directoryhttp://support.microsoft.com/default.aspx?scid=kb;EN-US;237677
AdRestore v1.1http://technet.microsoft.com/en-us/sysinternals/bb963906.aspx
How to disable the drag-and-drop functionality of the Active Directory Users and Computers tool in Windows Server 2003http://support.microsoft.com/kb/827687
Metadata Cleanup How to remove data in Active Directory after an unsuccessful domain controller demotionhttp://support.microsoft.com/kb/216498
How to remove Orphaned domains from Active Directoryhttp://support.microsoft.com/kb/230306
DsRemoveDsDomainW error 0x2015 error message when you use NTDSUTIL to try to remove metadata for a domain controller that was removed from your network in Windows Server 2003http://support.microsoft.com/kb/887424
Domain controllers do not demote gracefully when you use the Active Directory Installation Wizard to force demotion in Windows Server 2003 and in Windows 2000 Serverhttp://support.microsoft.com/kb/332199
IFMHow to use the Install from Media feature to promote Windows Server 2003-based domain controllershttp://support.microsoft.com/kb/311078
Unattended Installation[DCInstall] (Unattended Installation)http://technet2.microsoft.com/WindowsServer/en/library/9639f180-c7fe-41c6-8c3d-92389023f0e71033.mspx
Unattended promotion and demotion of Windows 2000 and Windows Server 2003 domain controllershttp://support.microsoft.com/kb/223757
DSRM How to Change the Recovery Console Administrator Password on a Domain Controllerhttp://support.microsoft.com/kb/239803
How to Reset the Directory Services Restore Mode Administrator Account Password in Windows Server 2003http://support.microsoft.com/kb/322672
Using Terminal Services for remote administration of Windows 2000 or Windows Server 2003 domain controllers in Directory Service Restore modehttp://support.microsoft.com/kb/256588
Backup and Restore A new event error message is logged if you do not back up a Windows Server 2003 Service Pack 1 (SP1)-based domain controller in a given time periodhttp://support.microsoft.com/kb/914034
How to perform an authoritative restore to a domain controller in Windows 2000http://support.microsoft.com/kb/241594
Domain controller is not functioning correctlyhttp://support.microsoft.com/kb/837513
ReplicationUsing Repadmin.exe to troubleshoot Active Directory replicationhttp://support.microsoft.com/kb/229896
Initiating Replication Between Active Directory Direct Replication Partnershttp://support.microsoft.com/kb/232072
TechNet Support WebCast: Troubleshooting Active Directory replication using the Repadmin tool: A look into the inner workingshttp://support.microsoft.com/kb/905739
Monitoring and Troubleshooting Active Directory Replication Using Repadminhttp://technet.microsoft.com/en-us/library/cc811551.aspx
Windows 2000 - Best Practices: Active Directory Forest Recoveryhttp://www.microsoft.com/downloads/details.aspx?FamilyID=3EDA5A79-C99B-4DF9-823C-933FEBA08CFE&displaylang=en
Windows 2003 - Planning for Active Directory Forest Recoveryhttp://www.microsoft.com/DOWNLOADS/details.aspx?familyid=AFE436FA-8E8A-443A-9027-C522DEE35D85&displaylang=en
Windows 2008 - Planning for Active Directory Forest Recoveryhttp://technet.microsoft.com/en-us/library/cc786327.aspx
Active Directory Directory Services Maintenance Utility (ntdsutil.exe) http://go.microsoft.com/fwlink/?LinkId=70810
Webcast: Windows Server 2003 Active Directory Diagnostics, Troubleshooting, and Recovery http://go.microsoft.com/fwlink/?LinkId=70804
Virus scanning recommendations for computers that are running Windows Server 2008, Windows Server 2003, Windows 2000, Windows XP, or Windows Vistahttp://support.microsoft.com/kb/822158
How to rebuild the SYSVOL tree and its content in a domainhttp://support.microsoft.com/kb/315457
Best Practices for SYSVOL Maintenancehttp://support.microsoft.com/kb/324175
Introduction to Administering SYSVOLhttp://technet2.microsoft.com/windowsserver/en/library/551f0123-26a7-4ce5-be71-173e7aa79bd31033.mspx?mfr=true
Restoring and Rebuilding SYSVOLhttp://technet2.microsoft.com/windowsserver/en/library/21280b7f-9f14-4ff9-8c0d-ec0e555522f01033.mspx?mfr=true
SYSVOL Junction inherits NTFS permissions from the drive roothttp://support.microsoft.com/?id=319808
How to relocate the SYSVOL tree on a domain controller that is running Windows 2000 Server or Windows Server 2003http://support.microsoft.com/?id=842162
How to minimize SYSVOL size by removing administrative templates (.adm files)http://support.microsoft.com/kb/813338
FRS Technical Referencehttp://technet2.microsoft.com/WindowsServer/en/library/965a9e1a-8223-4d3e-8e5d-39aeb70ec5d91033.mspx?mfr=true
Active Directory Operations overviewhttp://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/maintain/opsguide/part1/adogd11.mspx
Virus scanning recommendations for computers that are running Windows Server 2003, Windows 2000, or Windows XPhttp://support.microsoft.com/?id=822158
FRS Tools and Settingshttp://technet2.microsoft.com/windowsserver/en/library/3a94d321-4400-442f-a1a9-9569a0db2a561033.mspx?mfr=true
Recovering missing FRS objects and FRS attributes in Active Directoryhttp://support.microsoft.com/Default.aspx?id=312862
Troubleshooting journal wrap errors on SYSVOL and DFS replica setshttp://support.microsoft.com/?id=292438
Active Directory Operations Overview: Troubleshooting File Replication Servicehttp://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/maintain/opsguide/part1/adogd11.mspx#E2BAC
Folder Name Is Changed to ―FolderName_NtFrs_<xxxxxxxx>http://support.microsoft.com/?id=328492
Using the BurFlags registry key to reinitialize File Replication Service replica setshttp://support.microsoft.com/kb/290762
Default Group Policy objects become corrupted: disaster recoveryhttp://technet.microsoft.com/en-us/library/cc739095.aspx
Windows 2000 Default Group Policy Restore Toolhttp://www.microsoft.com/downloads/details.aspx?FamilyID=B5B685AE-B7DD-4BB5-AB2A-976D6873129D&displaylang=en
Group Policy: Back Up, Restore, Copy, and Importhttp://technet.microsoft.com/en-us/library/cc759276.aspx
Scripting Group Policy tasks using GPMChttp://technet.microsoft.com/en-us/library/cc784365.aspx
GPO Operations - Backup/Restore - Administering Group Policy with GPMChttp://www.microsoft.com/downloads/details.aspx?familyid=D8291B79-922A-439C-88E9-54041A2953DD&displaylang=en
How to configure the Windows Time service against a large time offsethttp://support.microsoft.com/kb/884776
Windows Time Service Technical Referencehttp://technet.microsoft.com/en-us/library/cc773061.aspx
Managing the Windows Time Servicehttp://technet.microsoft.com/en-us/library/cc737124.aspx
How to detect and recover from a USN rollback in Windows 2000 Serverhttp://support.microsoft.com/kb/885875
How to detect and recover from a USN rollback in Windows Server 2003http://support.microsoft.com/kb/875495
Considerations when hosting Active Directory domain controller in virtual hosting environmentshttp://support.microsoft.com/kb/888794
Possible Active Directory Inconsistency After You Restore a Domain Controllerhttp://support.microsoft.com/kb/316829
Information about lingering objects in a Windows 2000 Server-based forest or in a Windows Server 2003-based forest http://support.microsoft.com/kb/910205
Lingering objects prevent Active Directory replication from occurringhttp://support.microsoft.com/kb/317097
Lingering objects may remain after you bring an out-of-date global catalog server back online http://support.microsoft.com/kb/314282
Outdated Active Directory objects generate event ID 1988 in Windows Server 2003http://support.microsoft.com/kb/870695
The Active Directory database Garbage Collection processhttp://support.microsoft.com/kb/198793
Useful shelf life of a system-state backup of Active Directoryhttp://support.microsoft.com/kb/216993
Enable strict replication consistencyhttp://technet.microsoft.com/en-us/library/cc784245.aspx
The Repadmin.exe tool does not report existing lingering objects in Windows Server 2003http://support.microsoft.com/kb/948071
Clean that Active Directory forest of lingering objects (non-Microsoft)http://blogs.technet.com/glennl/archive/2007/07/26/clean-that-active-directory-forest-of-lingering-objects.aspx
Active Directory Utilities (non-Microsoft)http://www.codeplex.com/ActiveDirectoryUtils
10 Immutable Laws of Securityhttp://technet.microsoft.com/en-us/library/cc722487.aspx
Auditing Security Events Best practiceshttp://technet2.microsoft.com/WindowsServer/en/library/5658fae8-985f-48cc-b1bf-bd47dc2109161033.mspx?mfr=true
Securing Active Directory Administrative Groups and Accountshttp://technet.microsoft.com/en-us/library/cc700835.aspx
Default groupshttp://technet.microsoft.com/en-us/library/cc756898.aspx
Download: Best Practices for Delegating Active Directory Administrationhttp://www.microsoft.com/DownLoads/details.aspx?familyid=631747A3-79E1-48FA-9730-DAE7C0A1D6D3&displaylang=en
Download: Best Practices for Delegating Active Directory Administration Appendiceshttp://www.microsoft.com/DownLoads/details.aspx?familyid=29DBAE88-A216-45F9-9739-CB1FB22A0642&displaylang=en
Domain Migration Cookbook Chapter 1: Securityhttp://technet.microsoft.com/en-us/library/bb727125.aspx
Using SID History to Preserve Resource Accesshttp://technet.microsoft.com/en-us/library/cc779590.aspx
Netdom trusthttp://technet.microsoft.com/en-us/library/cc835085.aspx
When to create an external trusthttp://technet.microsoft.com/en-us/library/cc755427.aspx
Security Considerations for Trustshttp://technet.microsoft.com/en-us/library/cc755321.aspx
Enhanced Active Directory Disaster recovery features in Windows Server 2008Ntdsutilhttp://technet.microsoft.com/en-us/library/cc753343.aspx
Active Directory Database Mounting Tool Step-by-Step Guidehttp://technet.microsoft.com/en-us/library/cc753609.aspx
Dsamainhttp://technet.microsoft.com/en-us/library/cc772168.aspx
Installing Windows Server Backuphttp://technet.microsoft.com/en-us/library/cc771232.aspx
Perform a Full Server Backup of a Domain Controller by Using the GUI (Windows Server Backup)http://technet.microsoft.com/en-us/library/cc771045.aspx
Perform a Full Server Backup of a Domain Controller by Using the Command Line (Wbadmin)http://technet.microsoft.com/en-us/library/cc771583.aspx
Scheduling Regular Full Server Backups of a Domain Controllerhttp://technet.microsoft.com/en-us/library/cc754843.aspx
Scenario Overviews for Backing Up and Recovering AD DShttp://technet.microsoft.com/en-us/library/cc732238.aspx
Other Active Directory Disaster Recovery linksBack up the WINS databasehttp://technet.microsoft.com/en-us/library/cc727901.aspx
Recovering a WINS Database From Other Backup Sourceshttp://support.microsoft.com/kb/235609
DHCP Backup/Restorehttp://technet.microsoft.com/en-us/library/cc774808.aspx
Summary: Learn how to display all Windows PowerShell modules and cmdlet names.
How can I get output that shows Windows PowerShell module names and the cmdlets or functions that are contained inside the modules?
Use the Get-Module cmdlet, and then for each module, display the name and use Get-Command (gcm is an alias) to retrieve the cmdlets and functions (this is a single-line command broken at the pipe character for readability):
Get-Module -ListAvailable |
foreach {"`r`nmodule name: $_"; "`r`n";gcm -Module $_.name -CommandType cmdlet, function | select name}
Summary: Microsoft Scripting Guy, Ed Wilson, talks about understanding Windows PowerShell 3.0 in Windows 8.
Microsoft Scripting Guy, Ed Wilson, is here. It is an exciting and great day! I have been working a bit to solidify the editorial calendar for the Hey, Scripting Guy! Blog. I can say that there are some absolutely awesome posts coming up in the next couple months. I am not just saying this because I am writing them. Nope. I have a great lineup of guest writers. The upcoming stuff will simply rock!
One of the really great things about Windows 8 is the implementation of Windows PowerShell 3.0. But many of the really cool commands (cmdlets or functions) are not strictly Windows PowerShell 3.0. For example, one function I use on a regular basis when I am traveling is Get-NetAdapter. This command tells me if a network adapter is up. Because I toggle my wireless and my Ethernet adapter connections (on or off depending on the network), I often need to see if a particular adapter is up.
Another function I use a lot when I am traveling is the Get-NetConnectionProfile function. This tells me how a particular network adapter has been identified by the operating system. I can modify the profile by using Set-NetConnectionProfile. I need to use this a lot when I am traveling and I want to demonstrate Windows PowerShell.
Neither of the two previously mentioned functions are part of Windows PowerShell 3.0, per se. They are included in modules that ship with Windows 8. The associated modules are shown here:
PS C:\> Get-Command Get-NetConnectionProfile, Get-NetAdapter
CommandType Name ModuleName
----------- ---- ----------
Function Get-NetConnectionProfile NetConnection
Function Get-NetAdapter NetAdapter
Am I being pedantic? If so, it is not my intention. It is important to know where specific functionality arises, so that when I install Windows PowerShell 3.0 onto a computer running Windows 7, I will know what to expect. This concept will be important when Windows 8.1 ships with Windows PowerShell 4.0 because Windows PowerShell 4.0 in Windows 8.1 will expose certain cmdlets and functions that may not be available if I install Windows PowerShell 4.0 on a down-level system.
With all the great commands in Windows 8, it is easy to forget that the capability comes from modules that ship with the operating system, and that they are not part of Windows PowerShell 3.0 core installation. But it is Windows PowerShell 3.0 that makes these cool modules shine. Most of the capability comes from the CIM infrastructure that is part of the Windows Management Framework 3.0 (where you obtain Windows PowerShell 3.0).
For example, the Get-NetAdapter function uses CIM to expose network adapter information. It is very convenient. The command and its associated output are shown here:
I can achieve the same output in Windows 7 by using Windows PowerShell 3.0. I use the Get-CimInstance cmdlet, query the Win32_NetworkAdapter WMI class, and choose the appropriate properties. The command is a bit longer than just typing Get-NetAdapter, but if I use it all the time, all I need to do is write my own function. Following is the command (gcim is the alias for Get-CimInstance, Select is the alias for Select-Object, and ft is the alias for Format-Table). This command is a single-line command that I broke at the pipe character for readability.
gcim win32_networkadapter |
select netconnectionid, description, interfaceindex, macaddress, speed |
ft * -auto
Here is the command and the output from the command:
Join me tomorrow as I begin a series of posts called Windows PowerShell Workflow for Mere Mortals. It is a great series, and you will not want to miss it.