14 March 2018

Exchange 2016 cmdlet help

help is broken in Exchange 2016 PowerShell console - the only way to make it work i found to be this:


$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchangeservername/PowerShell/?SerializationLevel=None

Invoke-Command –Session $Session –ScriptBlock {Get-Help Get-Mailbox}

but you will not be abble to import the exchange cmdles through this pssession because it will throw an error.

to import the cmdlest you need to have a different pssession without "SerializationLevel=None"


$Session2 = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exton.office.orange.intra/PowerShell
Import-PSSession $Session2

02 March 2018

Get-WmiObject hangs

for some reason Get-WmiObject hangs on some of the computers that is queryes and the powershell console must be restarted.

in order to overcome this problem a used "-AsJob" parameter


$Job = Get-WmiObject -Class win32_computersystem -AsJob -ComputerName ServerName | Wait-Job -Timeout 30
$Result = $Job | Receive-Job

27 January 2018

Protect OU (Organizational Unit) in AD from accidental deletion

to verify if your OUs are protected from accidental deletion use:

Get-ADOrganizationalUnit -Filter * -Properties * |Select-Object DistinguishedName, ProtectedFromAccidentalDeletion


to protect all OUs in AD from accidental deletion use:

Get-ADOrganizationalUnit -Filter * | Set-ADObject -ProtectedFromAccidentalDeletion:$true

Find FSMO roles from powershell

Get-ADDomainController -Filter * | Select-Object Name, Site,  OperatingSystem, OperationMasterRoles

21 January 2018

Search eventlogs with xml filter

# 4625 bad password in client log
# 4771 bad password in DC log
# 4740 lockout in DC log
# <Select Path="Security">*[System[(EventID=4740 or EventID=4771)]]</Select>

[xml]$XMLFilter = @"
<QueryList>
  <Query Id="0" Path="Security">
    <Select Path="Security">*[System[(EventID=4740)]]</Select>
  </Query>
</QueryList>
"@

$AllDomainControllers = Get-ADDomainController -Filter *

$AllEvents = @()

foreach($DC in $AllDomainControllers){
    $Events = @()
    $Events += Get-WinEvent -FilterXml $XMLFilter -ComputerName $DC.HostName -ErrorAction SilentlyContinue
    $AllEvents += $Events
    $DC.HostName + ' ' + $Events.Length
}

foreach($Event in $AllEvents){
    $EventXMLData = [xml]$Event.ToXml()
    for($i=0; $i -lt $EventXMLData.Event.EventData.Data.Count; $i++){
        $Name = $EventXMLData.Event.EventData.Data[$i].Name
        $Value = $EventXMLData.Event.EventData.Data[$i].'#text'
        Add-Member -InputObject $Event -MemberType NoteProperty -Force -Name $Name -Value $Value
    }
}

$AllEvents |
Select-Object TargetUsername, MachineName, TimeCreated,IpAddress, ID |
Format-Table