Announcement – GitHub Repository Now Available

I’ve had a few issue with posting scripts on WordPress as it on occasions changes special characters to their HTML equivalent for example the & has changed to &, which is not good if you copy and paste the code.

For this reason I’ve setup a GitHub repository that contains all the scripts on the blog. Going forward I’ll also link to the scripts hosted on GitHib repository as well as posting them on the here.

I’d also like to in the future upload my MST transformations to GitHub. I’m just not sure on the legality of doing so, if anybody knows what the stance is on this it please let me know in the comments below.

The URL to all the scripts available is https://github.com/Maddog2050/Scripts

vSphere – ‘inaccessible’ VM’s

Update 17/03/2016: Added a download link for the script.

Recently we had a power  blip in our comms room where I work, this caused some of our VM’s to show as inaccessible. After a little reading I found that you could reload the configuration of the VM’s to remedy this issue.

Below is a PowerShell/PowerCLI script that I used to automate this.

# Refresh all VM's

param (
	[string]$server = $(Throw "parameter 'server' is required!"),
	[string]$username,
	[string]$password
)

# Connect to the specified server
If ($username -eq "") {
	# Connect to server without username & password
	Connect-VIServer -Server $server
}
ElseIf ($username -ne "" -and $password -eq "") {
	# Connect to server with username only
	Connect-VIServer -Server $server -User $username
}
Else{
	# Connect to server with username & password
	Connect-VIServer -Server $server -User $username -Password $password
}

# Get all VM's, excluding templates
$vms = Get-View -ViewType VirtualMachine -Property Name -Filter @{"Config.Template"="false"}
foreach($vm in $vms){
    $vm.reload()
}

Download (Right click and click ‘Save Link as’)

Example usage:

C:\>.\RefreshVMs.ps1 -server <server>
C:\>.\RefreshVMs.ps1 -server <server> -username <username>
C:\>.\RefreshVMs.ps1 -server <server> -username <username> -password <password>

AD – Reset the pwdLastSet attribute using PowerShell

Update 17/03/2016: Added a download link for the script.

I had a requirement to change some of our AD accounts so that the password expired as per our company policy. Instead of having to call every user to see if they were on-site or not, I wanted a way of making the account adhere without causing the account to expire immediately. After a little look around the internet I found that you could reset the password last set date in AD which would cause the account to expire after x days that our policy defines with all the usual prompts.

Below is a Powershell script that I created to achieve this.

# This script sets a users account so that the password is to expire as per our policy,
# and resets the last password change date so that the user doesn't need login and change
# their password straight away.

# Define input parameters the script can accept.
param
(
	[Parameter(Mandatory=$True)]
	[string]$SearchBase,

	[Parameter(Mandatory=$True)]
	[string]$DNSDomainName,

	[Parameter(Mandatory=$True)]
	[string]$sAMAccountName,

	[bool]$Change = $False,

	[string]$LogFile = $MyInvocation.MyCommand.Name + ".log"
)

$Culture = Get-Culture
If ((Test-Path $Logfile) -eq $False)
{
	# Add headers to the LogFile if it doesn't already exist.
	Add-Content $LogFile "sAMAccountName, LastChange, Today, Changed"
}

# Get the user & properties from AD
$ADUser = Get-ADUser -Filter {sAMAccountName -eq $sAMAccountName} -SearchScope Subtree -SearchBase $SearchBase -Properties Name,pwdLastSet,PasswordNeverExpires -Server $DNSDomainName

# Check that user exist before going further.
If($ADUser -eq $Null)
{
	Write-Host "User not found. Aborting."
}
Else
{
	# Get the sAMAccountName from AD (Don't rely on the users input)
	$ADsAMAccountName = $ADUser.sAMAccountName

	# Get todays date and format it correctly.
	$Today = Get-Date -Format ($Culture.DateTimeFormat.FullDateTimePattern)

	# Get the date of the last password change and format it correctly.
	$LastChange = Get-Date -Date ([DateTime]::FromFileTime($ADUser.pwdLastSet)) -Format ($Culture.DateTimeFormat.FullDateTimePattern)

	If ($Change -eq $True)
	{
		# Set the password to expired, must be done first.
		$ADUser.pwdLastSet = 0
		# Set the account so that the password expires.
		$ADUser.PasswordNeverExpires = $False
		# Save the changes
		Set-ADUser -Instance $ADUser -Server $DNSDomainName

		# Reset the date of the last password change to today.
		$ADUser.pwdLastSet = -1
		# Save the changes
		Set-ADUser -Instance $ADUser -Server $DNSDomainName

		# Inform the user of the script that the account was changed.
		Write-Host "Account Changed."
	}

	# Log the change to the LogFile.
	Add-Content $LogFile "$ADsAMAccountName, $LastChange, $Today, $Change"
}

Download (Right click and click ‘Save Link as’)

Example syntax for the script

./<script>.ps1 -SearchBase "DC=contoso,DC=lan" -DNSDomainName "contoso.lan" -Change $True -sAMAccountName <accountName>