When i run the below script to extract the OU info using quest ad commandlets it gives me an error as below
Object reference not set to an instance of an object.
+ CategoryInfo : NotSpecified: (:) [Get-QADComputer], NullReferenceException
+ FullyQualifiedErrorId : System.NullReferenceException,Quest.ActiveRoles.ArsPowerShellSnapIn.Powershell.Cmdlets.GetComputerCmdlet
Below is The Script which is use
$password = convertTo-secureString -string "123" -asPlainText -force
$credential = new-object System.Management.automation.Pscredential ("test.com\sh" , $password)
$session = New-PSSession -computername CI -credential $credential -port 5985 -Authentication Default
Invoke-Command -Session $session -ScriptBlock {
Add-PSSnapin Quest.ActiveRoles.ADManagement
$ou = get-qadcomputer QUAG | select -ExpandProperty canonicalname
}
$adou= (Invoke-Command -Session $session -ScriptBlock { $ou })
Get-PSSession | Remove-PSSession
$adou
Can Some one please help me with this?
Thanks!
You don't need to run QAD from within a remote session, you can try it from your admin station:
Add-PSSnapin Quest.ActiveRoles.ADManagement
$pw = read-host "Enter password" -AsSecureString
Connect-QADService -Service 'server.company.com' -ConnectionAccount 'company\administrator' -ConnectionPassword $pw
Get-QADComputer QUAG | Select-Object -ExpandProperty CanonicalName
I think the problem is with the way you're declaring and then invoking that script block. Not tested, but I think this might work better:
Invoke-Command -Session $session -ScriptBlock {
Add-PSSnapin Quest.ActiveRoles.ADManagement
}
$ou = {get-qadcomputer QUAG | select -ExpandProperty canonicalname}
$adou= (Invoke-Command -Session $session -ScriptBlock $ou)
Related
Ultimately, I'm trying to create a script that will get all Windows Services Running as a domain Service Account from a list of remote machines and output a csv file with three columns: the Service Account Name, the Windows Service, and the Hostname. I cannot figure out how to create the hashtable with two arrays. I've had some success with just one key and one array using += but even that has some issues and I'm reading this is inefficient.
This is modified code that gets all Win Services running as System on my local system:
$server = $env:COMPUTERNAME
$tgtAcct = 'SYSTEM'
$reportCsv = Join-Path -Path ([Environment]::GetFolderPath("Desktop")) -ChildPath ("report.$(Get-Date -Format `"yyyMMdd_hhmmss`").csv")
$GetServiceAccounts = {
[CmdletBinding()]
param(
$hostname
)
$serviceList = #( Get-WmiObject -Class Win32_Service -ComputerName $hostname -Property Name, StartName, SystemName -ErrorAction Stop )
$serviceList
}
Function Process-CompletedJobs(){
$jobs = Get-Job -State Completed
ForEach ($job in $jobs) {
$data = Receive-Job $job
Remove-Job $job
If ($data.GetType() -eq [System.Object[]]) {
$serviceList = $data | Where-Object { $_.StartName -ne $null -and $_.StartName.ToUpper().Contains($tgtAcct) }
ForEach ($service in $serviceList) {
$account = $service.StartName
$winService = $service.Name
$occurance = $service.SystemName
}
}
}
}
Start-Job -ScriptBlock $GetServiceAccounts -Name "read_$($server)" -ArgumentList $server | Wait-Job > $null
Process-CompletedJobs
Here is what I've tried that isn't working:
$server = $env:COMPUTERNAME
$tgtAcct = 'SYSTEM'
$serviceAccounts = #{}
$accountTable = #()
$winSvcTable = #()
$occurTable = #()
$reportCsv = Join-Path -Path ([Environment]::GetFolderPath("Desktop")) -ChildPath ("report.$(Get-Date -Format `"yyyMMdd_hhmmss`").csv")
$GetServiceAccounts = {
[CmdletBinding()]
param(
$hostname
)
$serviceList = #( Get-WmiObject -Class Win32_Service -ComputerName $hostname -Property Name, StartName, SystemName -ErrorAction Stop )
$serviceList
}
Function Process-CompletedJobs(){
$jobs = Get-Job -State Completed
ForEach ($job in $jobs) {
$data = Receive-Job $job
Remove-Job $job
If ($data.GetType() -eq [System.Object[]]) {
$serviceList = $data | Where-Object { $_.StartName -ne $null -and $_.StartName.ToUpper().Contains($tgtAcct) }
ForEach ($service in $serviceList) {
$account = $service.StartName
$winService = $service.Name
$occurance = $service.SystemName
$script:serviceAccounts.Item($account) += $winService
$script:serviceAccounts.Item($account) += $occurance
}
}
}
}
Start-Job -ScriptBlock $GetServiceAccounts -Name "read_$($server)" -ArgumentList $server | Wait-Job > $null
Process-CompletedJobs
ForEach ($serviceAccount in $serviceAccounts.Keys) {
ForEach ($occurance in $serviceAccounts.Item($serviceAccount)) {
ForEach ($winService in $serviceAccounts.Item($serviceAccount)) {
$row = New-Object PSObject
Add-Member -InputObject $row -MemberType NoteProperty -Name "Account" -Value $serviceAccount
Add-Member -InputObject $row -MemberType NoteProperty -Name "Service" -Value $winService
Add-Member -InputObject $row -MemberType NoteProperty -Name "Hostname" -Value $occurance
$accountTable += $row
}
}
}
$accountTable | Export-Csv $reportCsv
I'm trying to modify code written by Andrea Fortuna that almost does what I want but want to split the second column into two. Again, I'm also looking for how to do this without adding to each array using += if possible. https://www.andreafortuna.org/2020/03/25/windows-service-accounts-enumeration-using-powershell/
If your goal is to export to CSV, then a single top-level hashtable is not the data structure you want.
Export-Csv will expect a collection of individual objects, so that's what you'll want to create:
Function Process-CompletedJobs(){
$jobs = Get-Job -State Completed
ForEach ($job in $jobs) {
$data = Receive-Job $job
Remove-Job $job
If ($data.GetType() -eq [System.Object[]]) {
$serviceList = $data | Where-Object { $_.StartName -ne $null -and $_.StartName.ToUpper().Contains($tgtAcct) }
ForEach ($service in $serviceList) {
# don't assign this new object to anything - let it "bubble up" as output instead
[pscustomobject]#{
Account = $service.StartName
Service = $service.Name
Occurrence = $service.SystemName
}
}
}
}
}
Now you can do:
Start-Job -ScriptBlock $GetServiceAccounts -Name "read_$($server)" -ArgumentList $server | Wait-Job > $null
Process-CompletedJobs |Export-Csv ...
What about this?
$server = $env:COMPUTERNAME
$tgtAcct = 'SYSTEM'
$reportCsv = Join-Path -Path ([Environment]::GetFolderPath("Desktop")) -ChildPath ("report.$(Get-Date -Format `"yyyMMdd_hhmmss`").csv")
$GetServiceAccounts = {
[CmdletBinding()]
param(
$hostname
)
$serviceList = #( Get-WmiObject -Class Win32_Service -ComputerName $hostname -Property Name, StartName, SystemName -ErrorAction Stop )
$serviceList
}
Function Process-CompletedJobs(){
$jobs = Get-Job -State Completed
$hashtable = #{}
ForEach ($job in $jobs) {
$data = Receive-Job $job
Remove-Job $job
If ($data.GetType() -eq [System.Object[]]) {
$serviceList = $data | Where-Object { $_.StartName -ne $null -and $_.StartName.ToUpper().Contains($tgtAcct) }
ForEach ($service in $serviceList) {
$account = $service.StartName
$winService = $service.Name
$occurance = $service.SystemName
$hashtable[$account] = #{winService = $winService; occurance = $occurance}
}
}
}
return $hashtable
}
Start-Job -ScriptBlock $GetServiceAccounts -Name "read_$($server)" -ArgumentList $server | Wait-Job > $null
$myHashTable = Process-CompletedJobs
Make it simple it will work, this is the complete script and I have tried and valid for many servers you can change the variable $hostnames = $env:COMPUTERNAME,host2,host3,.. as you need
and I added some parameters to get a grid view of result to test and add force and notypeinfo. in export-csv
Here is the code - I hope you mark it answer if it helps:
$hostnames = $env:COMPUTERNAME
$tgtAcct = 'SYSTEM'
$reportCsv = Join-Path -Path ([Environment]::GetFolderPath("Desktop")) -ChildPath ("report.$(Get-Date -Format `"yyyMMdd_hhmmss`").csv")
$TableName = "System Accounts"
#Create a table
$Table = new-object System.Data.DataTable "$TableName"
#Create a column and you can increase it as many as you need
$col1 = New-Object System.Data.DataColumn "Service Account Name",([string])
$col2 = New-Object System.Data.DataColumn "Windows Service",([string])
$col3 = New-Object System.Data.DataColumn "Hostname",([string])
# Add the Columns
$Table.columns.add($col1)
$Table.columns.add($col2)
$Table.columns.add($col3)
foreach($hostname in $hostnames){
$serviceList = Get-WmiObject -Class Win32_Service -ComputerName $hostname -Property Name, StartName, SystemName -ErrorAction Stop | Where-Object { $_.StartName -ne $null -and $_.StartName.ToUpper().Contains($tgtAcct) }
foreach ($service in $serviceList){
$Row = $Table.NewRow()
$Row."Hostname" = $hostname
$Row."Service Account Name" = $service.StartName
$servicename = $service.Name.ToString()
$Row."Windows Service" = $servicename
$Table.Rows.Add($Row)
}}
$Table | Out-GridView
$Table | Export-Csv $reportCsv -Force -NoTypeInformation
I have an array that I write certificate information into using a credential called $array_otheruser but when I try to Export-Csv, the file becomes empty.
However, it writes fine if my export line is within the $ScriptBlock. However, I want to export it out of scriptblock, is this possible?
The code below writes an empty file:
[string][ValidateNotNullOrEmpty()]$passwd = "password"
$secpasswd = ConvertTo-SecureString -String $passwd -AsPlainText -Force
$mycreds = New-Object Management.Automation.PSCredential ("username", $secpasswd)
$array_otheruser = #()
$CSVFile = "c:\temp\temp9.csv"
$Certs = Get-ChildItem Cert: -Recurse
[ScriptBlock]$ScriptBlock = {
$Certs | where {
$_.PsIsContainer -eq $false
} | ForEach-Object ({
$obj | Add-Member -MemberType NoteProperty -Name "NotAfter" -Value $_.NotAfter
$obj | Add-Member -MemberType NoteProperty -Name "NotBefore" -Value $_.NotBefore
$array_otheruser += $obj
$obj = $null
})
}
$otheruser = Invoke-Command -ScriptBlock $ScriptBlock -ComputerName $env:computername -Credential $mycreds | Wait-Job
$otheruser | Receive-Job
$array_otheruser | Export-Csv -Path $CSVFile -NoTypeInformation
The code below writes into the file (where I've put the Export-Csv inside the scriptblock):
[ScriptBlock]$ScriptBlock = {
...
$array_otheruser += $obj
$obj = $null
})
##########This is the key difference, the export line is inside the ScriptBlock
$array_otheruser | Export-Csv -Path "c:\temp\temp9.csv" -NoTypeInformation
########
}
$otheruser = Invoke-Command -ScriptBlock $ScriptBlock -ComputerName $env:computername -Credential $mycreds | Wait-Job
$otheruser | Receive-Job
I would like to know if it is possible to have the Export-Csv file line outside of the scriptblock and have the cert information contents populate as it should using a different credential.
I am trying to export the output of the below script to a local sql table directly instead of using CSV as a mediator. Is there a way to export the output of the below script directly to the local sql table.
Get-Content "C:\test\computers.txt" | Where-Object { $_.Trim() -ne "" } |
ForEach-Object {
Invoke-Command -Computer $_ -ScriptBlock {
Param($computer)
$Database = "secaudit"
$AttachmentPath = "C:\test\SQLData.csv"
$SqlQuery = "xp_fixeddrives"
$SqlConnection = New-Object System.Data.SqlClient.SqlConnection
$SqlConnection.ConnectionString = "Data Source=$computer;Initial Catalog=$Database;Integrated Security = True"
$SqlCmd = New-Object System.Data.SqlClient.SqlCommand
$SqlCmd.CommandText = $SqlQuery
$SqlCmd.Connection = $SqlConnection
$SqlAdapter = New-Object System.Data.SqlClient.SqlDataAdapter
$SqlAdapter.SelectCommand = $SqlCmd
$DataSet = New-Object System.Data.DataSet
$nRecs = $SqlAdapter.Fill($DataSet)
$nRecs | Out-Null
$objTable = $DataSet.Tables[0]
$DataSet.Tables[0]
} -ArgumentList $_ -Credential $cred
} | Select-Object PSComputerName, Drive, "MB Free" |
Export-Csv -Path "C:\test\output_space.csv" -NoTypeInformation
$query = #"
BULK INSERT [Test1].[dbo].[table_1] FROM "C:\test\output_space.csv" WITH (FIRSTROW = 2, FIELDTERMINATOR = ",", ROWTERMINATOR = "\n")
"#
sqlcmd -S "CSCINDAE680687" -E -Q $query
Here's an example function that takes a connection string, target table name, and a data table of the rows to be loaded. By default, columns are mapped by ordinal but you can use SQlBulkCopyColumnMappings to specify different mappings, if needed.
Function Insert-TargetTable
{
param(
[Parameter(Mandatory=$True)]
[string]$TargetDatabaseConnectionString
, [Parameter(Mandatory=$True)]
[string]$TargetTableName
, [Parameter(Mandatory=$True)]
[System.Data.DataTable]$DataTable
)
$bcp = New-Object System.Data.SqlClient.SqlBulkCopy($TargetDatabaseConnectionString);
$bcp.DestinationTableName = $TargetTableName;
$bcp.WriteToServer($DataTable);
$bcp.Close();
}
Creating a script to change the ACL on entire directories recursively. The simple script changes the ACL accordingly on one file, however I do not know how to run the script on each file of Get-ChildItem
Get-ChildItem $directory –recurse | % { Write-host $_.FullName }
This outputs the appropriate list of directory/file names
$acl = Get-Acl $file
$permission = "domain/user","FullControl","Allow"
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($accessRule)
$acl | Set-Acl $file
Is there a way to set each output of Get-ChildItem as $file? I was trying to read up on ForEach-Object but I haven't been able to get the syntax right.
You can embed the code you already have in a foreach loop. Just get an array of the files by assigning the output of the Get-ChildItem call to a variable first:
$files = Get-ChildItem $directory -recurse
foreach($file in $files) {
$acl = Get-Acl $file
$permission = "domain/user","FullControl","Allow"
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($accessRule)
$acl | Set-Acl $file
}
You can try this one
Get-Childitem $directory | ForEach {
$file = $_
$acl = Get-Acl $file
$permission = "domain/user","FullControl","Allow"
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($accessRule)
$acl | Set-Acl $file
}
I would simply use the current object variable ($_):
Get-ChildItem $directory –Recurse | % {
$acl = Get-Acl -LiteralPath $_
$permission = 'domain\user', 'FullControl', 'Allow'
$accessRule = New-Object Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($accessRule)
Set-Acl -AclObject $acl -LiteralPath $_
}
If you want to put the ACL modification into a script and separate it from the Get-ChildItem I'd suggest to make the script process pipelined input:
[CmdletBinding()]
Param(
[Parameter(
Mandatory=$true,
ValueFromPipeline=$true,
ValueFromPipelineByPropertyName=$true
)]
[IO.FileSystemInfo]$Path
)
Begin {
$permission = 'domain\user', 'FullControl', 'Allow'
$accessRule = New-Object Security.AccessControl.FileSystemAccessRule $permission
}
Process {
$acl = Get-Acl -LiteralPath $Path
$acl.SetAccessRule($accessRule)
Set-Acl -AclObject $acl -LiteralPath $Path
}
Note, however, that Get-Acl cannot modify ACLs where neither your account nor one of your groups is the owner. You can work around this issue by using icacls:
[CmdletBinding()]
Param(
[Parameter(
Mandatory=$true,
ValueFromPipeline=$true,
ValueFromPipelineByPropertyName=$true
)]
[IO.FileSystemInfo]$Path
)
Begin {
$trustee = 'domain\user'
$permission = 'F'
}
Process {
& icacls $Path.FullName "/grant:r" "${trustee}:(CI)(OI)${permission}" | Out-Null
}
Can someone help me out with getting the disk info? I have 3 disks but I'm unable to get their information using add member.
I get an error:
"Add-Member : Cannot add a member with the name "Disks" because a member with that name already exists. If you want to overwrite the member anyway, use the Force parameter to overwrite it."
This is my code:
function Get-Inven {
param([string[]]$computername)
#Import-Module ActiveDirectory
foreach ($computer in $computername) {
$disks = Get-WmiObject -Class Win32_LogicalDisk -ComputerName $computer -Filter 'DriveType=3'
$os = Get-WmiObject -Class Win32_OperatingSystem -ComputerName $computer
#$comp = Get-ADComputer -Filter { cn=$computer }
$info = #{
'ComputerName'=$computer;
'OSVersion'=$os.caption;
'DnsHostName'=$comp.dnshostname
}
$obj = New-Object -TypeName PSObject -Property $info
foreach ($disk in $disks) {
$info = #{
'DriveLetter'=$disk.deviceID;
'FreeSpace'=($disk.freespace / 1MB -as [int])
}
$diskobj = New-Object -TypeName PSObject -Property $Info
$obj | Add-Member -MemberType NoteProperty -Name Disks -Value $diskobj
}
}
}
You can still set the Name property if you add the -Force parameter. You should also add the -PassThru switch parameter to emit the object back to the pipeline:
$obj | Add-Member -MemberType NoteProperty -Name Disks -Value $diskobj -Force -PassThru
UPDATE:
In my opinion you can simplify the function (no add-member calls):
foreach ($computer in $computername) {
$disks = Get-WmiObject -Class Win32_LogicalDisk -ComputerName $computer -Filter 'DriveType=3'
$os = Get-WmiObject -Class Win32_OperatingSystem -ComputerName $computer
#$comp = Get-ADComputer -Filter { cn=$computer }
$info = #{
ComputerName=$computer
OSVersion=$os.caption
DnsHostName=$comp.dnshostname
FreeSpaceMB= ($disks | foreach { "{0},{1:N0}" -f $_.Caption,($_.freespace/1MB) }) -join ';'
}
New-Object -TypeName PSObject -Property $info
}
Since there are multiple disks, you need to create the disk property as an array, then add each disk to the array. Also, remember to output $obj at the end of the $computername foreach.
function Get-Inven {
param([string[]]$computername)
$computername = 'localhost'
foreach ($computer in $computername) {
$disks = Get-WmiObject -Class Win32_LogicalDisk -ComputerName $computer -Filter 'DriveType=3'
$os = Get-WmiObject -Class Win32_OperatingSystem -ComputerName $computer
#$comp = Get-ADComputer -Filter { cn=$computer }
$info = #{
'ComputerName'=$computer;
'OSVersion'=$os.caption;
'DnsHostName'=$comp.dnshostname
}
$obj = New-Object -TypeName PSObject -Property $info
$obj | Add-Member -MemberType NoteProperty -Name Disks -Value #()
$obj | Add-Member -MemberType ScriptProperty -Name DisksList -Value {
($this.Disks|%{$_.DriveLetter + ',' + $_.FreeSpace}) -join ';'
}
foreach ($disk in $disks) {
$info = #{
'DriveLetter'=$disk.deviceID;
'FreeSpace'=($disk.freespace / 1MB -as [int])
}
$diskobj = New-Object -TypeName PSObject -Property $Info
$obj.Disks += $diskobj
}
$obj
}
}
$result = get-inven localhost
$result| select "OSVersion","DnsHostName","ComputerName","DisksList"|ConvertTo-Csv