Friday, December 11, 2009

get-nestedgroups

Here is a script i worked on that searches for the group you are looking for in AD and return the Name, Members, type, and domain that it is in and returns all other AD groups that may be nested (group within a group) in that group.  If the search is ambiguous it will return all groups with like names and you may get duplicates because of it.

$>./get-nestedgroups.ps1 "My Universal Group"

Group_Name                        Members                           Group_Type      Domain
----------                        -------                           ----------      ------
MyAdminGroup                      {jarrettirons, MyAdminGroup-Gl... Universal       mydomain
MyAdminGroup-Global               {user1,user2,user3,user4,user,... Global          subdomain

--Jarrett

# Function get-NestedMembers 
# List the members of a group including all nested members of subgroups 

# GLOBAL VARIABLES
$adgroups = @()
[array]$disabled_status = @("514", "546", "2", "66050")
[array]$roots = @()
$roots = "LDAP://dc=mydomain,dc=com"
$roots += "LDAP://dc=subdomain,dc=mydomain,dc=com"


# PRIVATE FUNCTIONS

###################################################
function get-NestedMembers ([array]$domaingroup) {  
###################################################
    foreach ($dgroup in $domaingroup) {
    if ($dgroup.objectclass -contains 'group') {
      ($dgroup | select @{Name="Group_Name"; Expression={$_.cn}},
                                     @{Name="Members"; Expression={foreach ($member in $_.member) {
                                                                      $admember = new-object DirectoryServices.DirectoryEntry("LDAP://$member");
                                                                          if ($admember.objectclass -contains "person") {
                                                                            if ($disabled_status -notcontains $admember.useraccountcontrol) {
                                                                                [string]$admember.cn
                                                                                remove-item variable:\admember
                                                                            }
                                                                          }
                                                                          else {[string]$admember.cn}
                                                                        }
                                                                      }},
                                        
                                     @{Name="Group_Type"; Expression={if (([string]$_.grouptype) -eq '-2147483640') {
                                                                        return "Universal"
                                                                      }
                                                                      if (([string]$_.grouptype) -eq '-2147483646') {
                                                                        return "Global"
                                                                        }
                                                                      }},
                                     @{Name="Domain"; Expression={
                                        $null = ([string]$_.distinguishedname) -match "DC=([^,]+)"; $matches[1]
                                        }})
      $dgroup.member | % {
        $adobject = new-object directoryservices.directoryentry("LDAP://$_")
        if ($adobject.objectclass -ne $null) {
          if ($adobject.objectclass -contains 'group') {
            get-nestedMembers $adobject
          }
        }
      }
    }
    }
}
################################
function get-adGroup ($group) {
################################
  [array]$roots = @()
  $roots = "LDAP://dc=msprod,dc=msp"
  $roots += "LDAP://dc=guest,dc=msprod,dc=msp"
  $category = "group"
  $dom = New-Object System.DirectoryServices.DirectoryEntry

  $dirSearcher = New-Object System.DirectoryServices.DirectorySearcher
  $dirSearcher.PageSize = 1000
  $dirSearcher.Filter = ("(objectCategory=$category)")
  foreach ($root in $roots)
    {
      $dirSearcher.SearchRoot = $root
      trap [System.Exception] {continue;}
      [array]$items += $dirSearcher.FindAll() | ?{$_.properties.name -like $group} 
    }
  foreach ($item in $items){
    [array]$results += new-object DirectoryServices.DirectoryEntry($item.path);
  }
  return $results
}
##############################
function get-adUser ($user) {
##############################
  $category = "Person"
  $dom = New-Object System.DirectoryServices.DirectoryEntry
  
  $dirSearcher = New-Object System.DirectoryServices.DirectorySearcher
  $dirSearcher.PageSize = 1000
  $dirSearcher.Filter = "(&(objectCategory=Person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
  foreach ($root in $roots)
    {
      $dirSearcher.SearchRoot = $root
      trap [System.Exception] {continue;}
      $results = $dirSearcher.FindAll() | ?{$_.properties.name -like "$user"} | sort-object properties.cn
    }

  foreach ($item in $results) {
    $object = $item.Properties
  }
  return $results.properties
}
#=========================================================

# MAIN
$name = get-adGroup $args
get-NestedMembers $name
Posted by Jarrett at 4:19 PM 0 comments
Labels: ,

Tuesday, September 29, 2009

Here is a script I pasted together that modifies the machine.config in the .Net framework using Powershell. This script basically allows you to add and remove domains and specify what connection limit you would like to set it to by adding/modifying system.net/connectionmanagement elements, which you can find out more here. Hope this helps someone out. One sight I relied heavily on was http://www.pluralsight.com/community/blogs/dan/archive/2006/10/30/41434.aspx.
-Jarrett

# Global Vars
param(
    [string]$command = $(throw "Please specify action.`nUSAGE: `n>maxuserport.ps1 (read|add|delete) [[int]value]"),
    [string]$domain,
    [int]$value
    )
$usage = "Please specify action.`nUSAGE: `n>maxuserport.ps1 (read|add|delete) [[int]value]"
#write-host "command is " $command "domain is " $domain "and value is " $value
if ($command -notmatch "read|add|delete") {$usage; return}
$bitness = (get-wmiobject win32_OperatingSystem).OSArchitecture
$working_path = "C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG"
$working_path64 = "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG"
$machine_config = "machine.config"
$date = get-date -uformat "%Y%m%d-%H%M"
$paths = @{}
$paths.Add(32,(join-path $working_path $machine_config))
if ($bitness -eq "64-bit") {
  $paths.Add(64, (join-path $working_path64 $machine_config))
}

# ===================================================
# Functions
# ===================================================

function add ([string]$address, [int]$maxconnection) {
  if (!($address)) {"Must specify a domain to add`n"; $usage; return}
  # Loading config
  foreach ($fullpath in $paths.keys) {
    $xml = new-object System.Xml.XmlDocument
    $xml.Load($paths[$fullpath])
    $configuration = $xml.configuration
    # Creating Elements
    if (!($configuration."system.net")) {
      $systemNet = $xml.CreateElement("system.net")
      # If "system.net" does not exist then it is safe to say that
      #  "connectionManagement" does not either.
      $connectionManagement = $xml.CreateElement("connectionManagement")
    }
    else {
      $systemNet = $configuration."system.net"
      $connectionManagement = $systemNet.connectionManagement
    }
    # Add the "add" element
    $add_address = $xml.CreateElement("add")
    $add_address.SetAttribute("address", $address)
    $add_address.SetAttribute("maxconnection", $maxconnection)
    # Connecting Elements
    $null = $connectionManagement.AppendChild($add_address)
    $null = $systemNet.AppendChild($connectionManagement)
    $null = $xml.configuration.AppendChild($systemNet)
    $xml.Save($paths[$fullpath])
    read
  }
}

function read () {
  $OFS = ", "
  $domains = @()
  foreach ($fullpath in $paths.keys) {
    $xml = new-object System.Xml.XmlDocument
    $xml.Load($paths[$fullpath])
    $configuration = $xml.configuration
    # Seeing if "system.net" exists
    if (!($configuration."system.net")) {
      "system.net does not exist"
      return
    }
    $systemNet = $configuration."system.net"
    $connectionManagement = $systemNet.connectionManagement
    $connectionManagement.SelectNodes("add") | % {
      $tmp = '' | select address, maxconnection
      $tmp.address = [string]$_.address
      $tmp.maxconnection = [int]$_.maxconnection
      $domains += $tmp
    }
   "$fullpath(" + "$($domains | % {$_.address + ":" + $_.maxconnection})" + ")"
   }
}

function delete ([string]$address, [int]$maxconnection) {
  if (!($address)) {"Must specify a domain to add\n"; $usage; return}
  $target = @()
  foreach ($fullpath in $paths.keys) {
    # Loading config
    $xml = new-object System.Xml.XmlDocument
    $xml.Load($paths[$fullpath])
    $configuration = $xml.configuration
    # Checking Elements
    if (!($configuration."system.net")) { "system.net Elemnet does not exist.  Exiting"; return }
    $systemNet = $configuration."system.net"
    $connectionManagement = $systemNet.connectionManagement
    # Targeting and deleting Element
    $target = $connectionManagement.selectNodes("add") | ? {$_.address -eq $address -and $_.maxconnection -eq $maxconnection}
    if ($target -eq $null) {"Could not find domain to delete!"; return}
    foreach ($missle in $target) {
      $null = $connectionManagement.RemoveChild($missle)
    }
    $xml.Save($paths[$fullpath])
    read 
  }
}

function backup_config () {
    if (test-path ($fullpath + ".orig") ) {
      copy $fullpath ($fullpath + "." + $date)
    }
    else { copy $fullpath ($fullpath + ".orig") }
}

# ===================================================
# MAIN 
# ===================================================
&($command) $domain $value


Posted by Jarrett at 9:13 PM 0 comments
Labels: ,

Saturday, May 9, 2009

Turn off Proxy when using IIS7 Management Console!!

I know there is plenty of articles showing how to setup IIS7 with Remote Management Services and how to connect to it. However I was running into an issue where it just was not working for me. After looking at my firewall settings on both client and server, confirming that port 8172 was open and being able to telnet to the remote machine on that port, I have found in a TCP dump that I was trying to connect to the remote IIS7 server via PROXY! The IIS7 console is more integrated with IE and if you have a proxy specified in IE then the IIS7 management console (and possibly others) will try and use that proxy. Its kinda cool but annoying as hell at the same time for I have not found this anywhere and there is no errors showing this. (Sigh) Thanks Microsoft
Posted by Jarrett at 9:38 AM 0 comments

Monday, March 16, 2009

I have been working on a sketch that I must say am pretty proud of thus far. This drawing is for my wife's(Karen) graduation. I was inspired to draw her Ganesh because of the rigorous 4 years she went through to get her Masters in Traditional Chinese Medicine. CONGRATS KAREN! To sum up in one line who/what Ganesh is, Ganesh is a Hindu god of wisdom or prophecy; the god who removes obstacles. Here is the initial sketch.
Posted by Jarrett at 10:00 AM 0 comments
Labels:

Wednesday, February 11, 2009

A 32" pizza from "Big Papa's"

8 full stomachs later we still had about a dozen pieces.
Posted by Jarrett at 7:11 PM 0 comments

Saturday, October 18, 2008

Outside of Urth Cafe in Santa Monica

Posted by Jarrett at 9:17 PM 0 comments

Tuesday, January 8, 2008

Test from versaamail

Test
Posted by Jarrett at 12:36 PM 0 comments
Subscribe to: Posts (Atom)

Labels

General (30) Uncategorized (5) Microsoft (3) Windows (3) IIS 5.0 (2) Linux (2) Perl (2) Powershell (2) Big Sur (1) California (1) drawings (1) vacation (1)