tag:blogger.com,1999:blog-60431567204474040062024-03-19T19:21:57.453+10:00WWoIT - Wayne's World of ITInformation regarding Windows Infrastructure, centred mostly around commandline automation and other useful bits of information.Wayne Martinhttp://www.blogger.com/profile/09719833406577070443noreply@blogger.comBlogger147125tag:blogger.com,1999:blog-6043156720447404006.post-46076207566807346372020-07-25T18:08:00.001+10:002020-07-31T13:36:18.841+10:00PCNS and Kerberos S4U2Self updating lastLogonTimestampWhile trying to decommission a legacy user domain that was a target for MIM password synchronisation, I noticed that lastLogonTimestamp was being updated whenever a password was changing in another connected forest. It turns out this was because we still had PCNS on Domain Controllers in the legacy forest (for bi-directional password sync), and a ‘feature’ of PCNS is to update lastLogonTimestamp due to a Kerberos S4U2Self network logon. Note that this is still governed by the ‘ms-DS-Logon-Time-Sync-Interval’ attribute (default 14 days) providing a window so that LLT isn’t updated *every* time you log on, only as soon as you fall out of the time sync window.
<br />
<br />
I poked around a little and I believe this occurs because the pcnssvc.exe calls the AuthzInitializeContextFromSid() function, which appears to perform a network logon of the target user to grab information from the token. This uses the Kerberos 2003 extensions for S4U (service for user). This made it invalid to use lastLogonTimestamp as a mechanism to determine whether accounts are still being logged in to, as PCNS was making it seem like they were!
<br />
<br />
I also think that anything that uses the S4U extensions will exhibit the same behaviour. For example, to do an equivalent in PowerShell, you can create a new windows identity object with only the UPN, which also results in a network logon of the target account:
<br />
<pre class="mycode"><code>
new-object system.security.principal.windowsidentity("user@domain.com")
</code></pre>
<br />
This results in event 4624 network logon on the local machine - which consequently will fail if the target user doesn’t have SeNetworkLogonRight – ‘Access this computer from the network’ right:
<br />
<pre class="mycode"><code>
Logon Information:
Logon Type: 3
Restricted Admin Mode: -
Virtual Account: No
Elevated Token: Yes
Impersonation Level: Identification
</code></pre>
<br />
And looking at the Kerberos conversation, after getting a TGT, it ends doing a AP-REQ using the ‘PA-FOR-USER’ S4U2Self structure:
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGHvUhyphenhyphenNJictg8qUt1WmS-tvZjQypOKGUmsmMN1f0xOtjIvszzKhBZ79gufqTuYwxE9tENTCn4782BbJjkiTBEVFRYpOCHRg48j_MU_I6L1G9ZxfR36OP8UhAdBfXjQk9bD-vAwV4ooJE/s1600/WWOIT_PCNS_UpdatingLLT_20200725_2.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="136" data-original-width="564" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGHvUhyphenhyphenNJictg8qUt1WmS-tvZjQypOKGUmsmMN1f0xOtjIvszzKhBZ79gufqTuYwxE9tENTCn4782BbJjkiTBEVFRYpOCHRg48j_MU_I6L1G9ZxfR36OP8UhAdBfXjQk9bD-vAwV4ooJE/s1600/WWOIT_PCNS_UpdatingLLT_20200725_2.png" /></a></div>
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
And once the ticket has been acquired, if you use ‘klist tickets’, you’ll see the krbtgt and the S4U ticket (only showing your user, it won’t display the:
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEizSfFEDQ96KmC1va4RA_W6_xUeaGRbfAoIAIplinzIsNkLlUxirVE66f2l6kUQB-xOGQeQUYX0-Pyr9QLbVAmoKGwCc_jqsl9iPxKuM3d9ZgoqZpBQ9BzwCXZlS1738-rCF2wYF9lMZwo/s1600/WWOIT_PCNS_UpdatingLLT_20200725_1.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="174" data-original-width="627" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEizSfFEDQ96KmC1va4RA_W6_xUeaGRbfAoIAIplinzIsNkLlUxirVE66f2l6kUQB-xOGQeQUYX0-Pyr9QLbVAmoKGwCc_jqsl9iPxKuM3d9ZgoqZpBQ9BzwCXZlS1738-rCF2wYF9lMZwo/s1600/WWOIT_PCNS_UpdatingLLT_20200725_1.png" /></a></div>
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
References:
<br />
<br />
AuthzInitializeContextFromSid function<br />
<a href="http://msdn.microsoft.com/en-us/library/windows/desktop/aa376309(v=vs.85).aspx">http://msdn.microsoft.com/en-us/library/windows/desktop/aa376309(v=vs.85).aspx</a><span style="font-size: x-small;">
AuthzInitializeContextFromSid attempts to retrieve the user's token group information by performing an S4U logon.
AuthzInitializeContextFromSid attempts to retrieve the information available in a logon token had the client actually logged on. An actual logon token provides more information, such as logon type and logon properties, and reflects the behavior of the authentication package used for the logon.
</span><br />
<br />
WindowsIdentity Constructor (String)<br />
<a href="http://msdn.microsoft.com/en-us/library/td3046fc.aspx">http://msdn.microsoft.com/en-us/library/td3046fc.aspx</a><br />
<span style="font-size: x-small;">This constructor is intended for use on computers joined only to Windows Server 2003 domains. An exception is thrown for other domain types. This restriction is because the constructor uses the KERB_S4U_LOGON structure.
</span><br />
<br />
Kerberos S4U2self<br />
<a href="https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-sfu/02636893-7a1f-4357-af9a-b672e3e3de13">https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-sfu/02636893-7a1f-4357-af9a-b672e3e3de13</a><br />
<span style="font-size: x-small;">The S4U2self extension allows a service to obtain a service ticket to itself on behalf of a user. The user is identified to the KDC using the user's name and realm. Alternatively, the user might be identified based on the user's certificate. The Kerberos ticket-granting service (TGS) exchange request and response messages, KRB_TGS_REQ and KRB_TGS_REP, are used along with one of two new data structures. The new PA-FOR-USER data structure is used when the user is identified to the KDC by the user name and realm name.
</span><br />
<br />
<span style="font-size: 85%;">Wayne's World of IT (WWoIT). </span>
Wayne Martinhttp://www.blogger.com/profile/09719833406577070443noreply@blogger.com5tag:blogger.com,1999:blog-6043156720447404006.post-7777504434694962392020-07-10T23:39:00.001+10:002020-07-31T13:35:53.312+10:00FIM/MIM XPath queriesHere are a few XPath queries I've built and collected along the way. It's intriguing how powerful and yet still ultimately rather crappy and limiting FIM XPath can be. And if you want a good explanation of why – try using SQL Profiler to see the resultant T-SQL when the FIM service translates what seems like even a simple XPath query with a few conditions (especially if you're using a negative condition).
<br />
<br />
You can test any of these with the FIMAutomation snap-in, with two simple commands to export the results, then return the displayname from each ($URI points to your resource management service, typically on port 5725):
<pre class="mycode"><code>
$objects = Export-FIMConfig -uri $URI -onlyBaseResources -customConfig $filter
$objects.ResourceManagementObject.ResourceManagementAttributes | where {$_.attributename -eq 'DisplayName'} | select value
</code></pre>
<br />
<pre class="mycode"><code>
<u>Query for failed ERE's matching the specified sync rule</u>
$filter = "/ExpectedRuleEntry[DisplayName='AD: SyncRule1' and StatusError = 'ma-extension-error']"
<u>Find groups that have been modified in the last 10 days</u>
$filter = "/Request[Target = /Group[Type = 'Security'] and Operation = 'Put' and CreatedTime >= op:subtract-dayTimeDuration-from-dateTime(fn:current-dateTime(), xs:dayTimeDuration('P10D'))]"
<u>People with Attribute1 set to Null</u>
$filter = "/Person[(not(starts-with(Attribute1, '%')))]"
<u>All people that are an owner of one or more groups</u>
$filter = "/Person[ObjectID = /Group/Owner]"
<u>Find groups owned by the specified person</u>
$filter = "/Group[DisplayedOwner=/Person[DisplayName='User1']]"
<u>Find groups that have no Owner or displayedOwner</u>
$filter = "/Group[not(Owner = /Person) and not(DisplayedOwner = /Person)]"
<u>Find all people that have an accountName set</u>
$filter = "/Person[AccountName != '&Invalid&']"
<u>Find all anonymous password resets in the last day</u>
$filter = "/Request[Creator = /Resource[ObjectID = 'b0b36673-d43b-4cfa-a7a2-aff14fd90522'] and RequestStatus = 'Completed' and CreatedTime >= op:subtract-dayTimeDuration-from-dateTime(fn:current-dateTime(), xs:dayTimeDuration('P1D'))]"
<u>Groups in a set that don't have the required ERE</u>
$filter = "/Group[ObjectID = /Set[DisplayName = 'All Security Groups Internal Global Static Owner Approved']/ComputedMember and not(ExpectedRulesList = /ExpectedRuleEntry)]"
<u>SSPR registered internal enabled people</u>
$filter = "/Person[AccountType = 'Person' and AccountStatus = 'Enabled' and Domain = 'CORP' and not(AuthNLockoutRegistrationID = /GateRegistration)]"
<u>People created in the last 8 hours</u>
$filter = "/Person[CreatedTime >= op:add-dayTimeDuration-to-dateTime(fn:current-dateTime(), xs:dayTimeDuration('-PT8H'))]"
<u>Find if the specified person is a member of a group</u>
$filter = "/Person[ObjectID = /Group[DisplayName = 'Group1']/ComputedMember and AccountName = 'User1']"
<u>Find distribution groups owned by the specified person</u>
$filter = "/Group[Type='Distribution' and Owner=/Person[AccountName='User1']]"
<u>How many people have filled out the QA gate in the last 8 hours</u>
$filter = "/GateRegistration[GateID = 'authenticationGateActivity3' and CreatedTime >= op:add-dayTimeDuration-to-dateTime(fn:current-dateTime(), xs:dayTimeDuration('-PT8H'))]"
<u>Find MA data</u>
$filter = "/ma-data"
<u>People with the specified SKU (multi-valued reference)</u>
$filter = "/Person[Office365ServicePlans = /Office365License[SKU ='E3']]"
<u>People with the specified Office 365 plan</u>
$filter = "/Person[Office365ServicePlans = /Office365License[DisplayName ='E3 Office Pro Plus']]"
<u>MPRs referencing a set of requestsors</u>
$filter = "/ManagementPolicyRule[PrincipalSet=/Set[DisplayName='All Service Desk Users']]"
<u>CORP user unabled without CORP outbound ERE</u>
$filter = "/Person[AccountStatus = 'Enabled' and Domain = 'CORP' and not(ExpectedRulesList = /ExpectedRuleEntry[DisplayName = 'AD: CORP Outbound User'])]"
<u>Security Groups that have one or more deleted owners</u>
$filter = "/Group[Type = 'Security' and Owner = /Person[AccountStatus = 'Deleted']]"
<u>Security Groups that have no owner</u>
$filter = "/Group[Type = 'Security' and not(Owner = /Person)]"
<u>People without an account name (null string attribute check)</u>
$filter = "/Person[not(AccountName != '&NotPresent&') and not(DisplayName = 'Built-in Synchronization Account')]"
<u>People without a display name (null string attribute check)</u>
$filter = "/Person[not(DisplayName != '&NotPresent&')]"
<u>Enabled People without a primary domain</u>
$filter = "/Person[AccountStatus = 'Enabled' and not(Domain != '&NotPresent&')]"
<u>Internal Enabled People without a specific attribute set</u>
$filter = "/Person[Domain = 'CORP' and AccountStatus = 'Enabled' and not(Attribute1 != '&NotPresent&')]"
<u>People synchronised to office 365 but without any licenses</u>
$filter = "/Person[SyncTo365 = True and not(Office365ServicePlans = /Office365License)]"
<u>People locked out for SSPR</u>
$filter = "/Person[ObjectID = /Set[DisplayName = 'All People with Internal Accounts enabled']/ComputedMember and (AuthNWFLockedOut = '9c3aca59-a85c-437f-bb67-9ce5a70521d7')]"
<u>Orphaned ERE's that don't have a parent</u>
$filter = "/ExpectedRuleEntry[not(ResourceParent = /Set[DisplayName = 'All Objects']/ComputedMember)]"
</code></pre>
<br />
Note that a few of these reference a custom object type of Office 365 license (see <a href="https://waynes-world-it.blogspot.com/2020/06/office-365-licensing-through-mim.html">this post</a>).
<br />
<br />
<span style="font-size: 85%;">Wayne's World of IT (WWoIT). </span>
Wayne Martinhttp://www.blogger.com/profile/09719833406577070443noreply@blogger.com3tag:blogger.com,1999:blog-6043156720447404006.post-74192377060260988862020-06-24T20:44:00.002+10:002020-07-31T13:35:42.713+10:00Exchange Online Provisioning through MIMIn a complex environment, being in an Exchange hybrid configuration for an extended period of time seems largely unavoidable.<br />
<br />
In our Exchange Hybrid configuration, even with 99% of all mailboxes moved to Exchange Online, we’re still very reliant on our on-prem processes and automation, and therefore MIM provisioning.<br />
<br />
I spent a while working this out, eventually getting the MIM sync engine ADMA Exchange provisioning extensions to handle all provisioning in Exchange Online. We provision person, shared, equipment and room mailboxes using this method, with and without archives.<br />
<br />
Essentially the ADMA Export will run ‘update-recipient’ and create a MailUser of type RemoteMailbox, Subsequent ADConnect synchronisation will flow msExchRemoteRecipientType, triggering Exchange Online to provision mailboxes and archives accordingly. For us, this was tied in with group-based licensing to ensure that licenses are allocated in a timely manner.<br />
<br />
Based on attribute flow, the result will be MIM either provisioning an on-prem mailbox, or a MailUser remote mailbox object.<br /><ul><li>MailUser – Flow mailNickname and targetAddress. Target Address is constructed to be accountName@tenant.mail.onmicrosoft.com</li>
<li>Remote Mailbox – MailUser + msExchRemoteRecipientType, msExchRecipientTypeDetails and msExchRecipientDisplayType will trigger mailbox creation (and archive for people) in Exchange Online, and ensure recipient type details of a remote mailbox with the correct sub-type (eg room, shared).</li>
<li>On-prem Mailbox only - mailNickname, msExchHomeServerName and homeMDB</li>
</ul>
Based on an attribute determining where the mailbox should be created, we use a bunch of ugly nested IIF statements in a custom expression in our outbound initial-flow only rules, such as:<br />
<br /><div><table border="1" bordercolor="#888" cellspacing="0" style="border-collapse: collapse; border-color: rgb(136, 136, 136); border-width: 1px;"><tbody><tr><td style="min-width: 60px;"><font face="arial" size="2"> <b><span style="color: #1f497d; line-height: 107%;">Attribute</span></b></font></td><td style="min-width: 60px;"><font face="arial" size="2"> <b><span style="color: #1f497d; line-height: 107%;">Expression</span></b></font></td></tr><tr><td style="min-width: 60px;"><font face="arial" size="2"> mailNickname</font></td><td style="min-width: 60px;"><font face="arial" size="2"> accountName</font></td></tr><tr><td><font face="arial" size="2"> targetAddress</font></td><td><font face="arial" size="2"> IIF(Eq(<span style="line-height: 107%;">MailboxLocation</span><span style="line-height: 107%;">,"Office365"),accountName+"@</span><span style="line-height: 107%;">tenant</span><span style="line-height: 107%;">.mail.onmicrosoft.com",Null())</span></font></td></tr><tr><td><font face="arial" size="2"> msExchRecipientDisplayType</font></td><td><font face="arial" size="2"> IIF(Eq(MailboxLocation,"Office365"),IIF(Eq(accountType,"Person"),-2147483642,IIF(Eq(accountType,"Shared"),-2147483642,IIF(Eq(accountType,"Room"),-2147481850,IIF(Eq(accountType,"Equipment"),-2147481594,-2147483642)))),Null())</font></td></tr><tr><td><font face="arial" size="2"> msExchRecipientTypeDetails</font></td><td><font face="arial" size="2"> IIF(Eq(<span style="line-height: 107%;">MailboxLocation</span><span style="line-height: 107%;">,"Office365"),IIF(Eq(accountType,"Person"),2147483648,IIF(Eq(accountType,"Shared"),34359738368,IIF(Eq(accountType,"Room"),8589934592,IIF(Eq(accountType,"Equipment"),17179869184,2147483648)))),Null())</span></font></td></tr><tr><td><font face="arial" size="2"> msExchRemoteRecipientType</font></td><td><font face="arial" size="2"> IIF(Eq(<span style="line-height: 107%;">MailboxLocation</span><span style="line-height: 107%;">,"Office365"),IIF(Eq(accountType,"Person"),3,IIF(Eq(accountType,"Shared"),97,IIF(Eq(accountType,"Room"),33,IIF(Eq(accountType,"Equipment"),65,1)))),Null())</span></font></td></tr></tbody></table></div><div><p class="MsoNormalCxSpFirst" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm; mso-add-space: auto;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">This
equates to:<o:p></o:p></span></p><p class="MsoNormalCxSpFirst" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm; mso-add-space: auto;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;"><br /></span></p></div><div><table border="1" bordercolor="#888" cellspacing="0" style="border-collapse: collapse; border-color: rgb(136, 136, 136); border-width: 1px;"><tbody><tr><td style="min-width: 60px;"><font face="arial" size="2"> <b><span style="color: #1f497d; line-height: 107%;">Account Type</span></b></font></td><td style="min-width: 60px;"><font face="arial" size="2"> <b><span style="color: #1f497d; line-height: 107%;">msExchRemoteRecipientType</span></b></font></td><td style="min-width: 60px;"><font face="arial" size="2"> <b><span style="color: #1f497d; line-height: 107%;">msExchRecipientTypeDetails</span></b></font></td><td style="min-width: 60px;"><font face="arial" size="2"> <b><span style="color: #1f497d; line-height: 107%;">msExchRecipientDisplayType</span></b></font></td></tr><tr><td style="min-width: 60px;"><font face="arial" size="2"> Shared</font></td><td style="min-width: 60px;"><font face="arial" size="2"> 1<span style="line-height: 107%;"> (provision mailbox)</span></font></td><td style="min-width: 60px;"><font face="arial" size="2"> 34359738368</font></td><td style="min-width: 60px;"><font face="arial" size="2"> -2147483642</font></td></tr><tr><td><font face="arial" size="2"> Room</font></td><td><font face="arial" size="2"> 33<span style="line-height: 107%;"> (provision mailbox, room)</span></font></td><td><font face="arial" size="2"> 8589934592</font></td><td><font face="arial" size="2"> -2147481850</font></td></tr><tr><td><font face="arial" size="2"> Equipment</font></td><td><font face="arial" size="2"> 65<span style="line-height: 107%;"> (provision mailbox, equipment)</span></font></td><td><font face="arial" size="2"> 17179869184</font></td><td><font face="arial" size="2"> -2147481594</font></td></tr><tr><td><font face="arial" size="2"> Person</font></td><td><font face="arial" size="2"> 3<span style="line-height: 107%;"> (provision mailbox + archive)</span></font></td><td><font face="arial" size="2"> 2147483648</font></td><td><font face="arial" size="2"> -2147483642</font></td></tr></tbody></table><br /></div><div><p class="MsoNormal">Most of the attribute values were taken from here:<o:p></o:p></p>
<p class="MsoNormal">Recipient Type Values<o:p></o:p></p>
<p class="MsoNormal"><a href="https://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365admin-mso_exchon-mso_o365b/recipient-type-values/7c2620e5-9870-48ba-b5c2-7772c739c651">https://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365admin-mso_exchon-mso_o365b/recipient-type-values/7c2620e5-9870-48ba-b5c2-7772c739c651</a>
<o:p></o:p></p></div><div><br /></div><div><br /></div><div><br /></div>Wayne Martinhttp://www.blogger.com/profile/09719833406577070443noreply@blogger.com2tag:blogger.com,1999:blog-6043156720447404006.post-47160479747140898992020-06-20T15:21:00.002+10:002020-06-20T15:21:31.337+10:00Finding where a user is logging on fromFor years I’ve been using a doskey macro I created to Find a User.
<br />
<br />
In an enterprise environment, the logic is:<br />
<br />
<ul>
<li>Every normal user account has their home server mapped automatically, establishing a persistent SMB session with the home server from their workstation </li>
<li>Find the home server and query it to find the where the user is connecting from </li>
<li>Resolve the address and report who is connecting from where.
</li>
</ul>
<br />
A few limitations:<br />
<br />
<ol>
<li>This will only work if the home server is a Windows box </li>
<li>You will need permissions to query win32_serversession of the home remotely (typically admin) </li>
<li>If the person is connecting over Citrix or DirectAccess or another jump box, it will resolve to that source, instead of (or sometimes as well as) a workstation.
</li>
</ol>
<br />
A quick PowerShell equivalent (with zero error checking):<br />
<pre class="mycode"><code>
function Find-User ($username) {
$homeserver = ((get-aduser -id $username -prop homedirectory).Homedirectory -split "\\")[2]
$query = "SELECT UserName,ComputerName,ActiveTime,IdleTime from win32_serversession WHERE UserName like '$username'"
$results = Get-WmiObject -Namespace root\cimv2 -computer $homeServer -Query $query | Select UserName,ComputerName,ActiveTime,IdleTime
foreach ($result in $results) {
$hostname = ""
$hostname = [System.net.Dns]::GetHostEntry($result.ComputerName).hostname
$result | Add-Member -Type NoteProperty -Name HostName -Value $hostname -force
$result | Add-Member -Type NoteProperty -Name HomeServer -Value $homeServer -force
}
$results
}
# Find one or more users
$users = "user1", "user2", "user3"
$users | % {Find-User $_} | ft -wrap -auto
# Find the members of a group
get-adgroupmember -id SG-Group1 | % {Find-User $_.samaccountname} | ft -wrap -auto
</code></pre>
<br />
The original (and still the best) doskey macro:
<br />
<pre class="mycode"><code>
FU=for %g in ($1 $2 $3 $4 $5 $6 $7 $8 $9) do @for /f "tokens=2 delims=\" %i in ('"dsquery user -samid %g | dsget user -hmdir | find /i "%g""') do @for /f "skip=1 tokens=1-3" %m in ('"wmic /node:"%i" path win32_serversession WHERE "UserName Like '%g'" Get ComputerName,ActiveTime,IdleTime"') do @for /f "tokens=2" %q in ('"ping -a %n -n 1 | find /i "pinging""') do @echo %q %g %n %i %m %o
</code></pre>
<br />
Create the macro above with doskey:
<br />
<pre class="mycode"><code>
doskey /listsize=1000 /macrofile=c:\util\macros.txt
FU user1
</code></pre>
<br />
<br />
<span style="font-size: 85%;">Wayne's World of IT (WWoIT). </span>
Wayne Martinhttp://www.blogger.com/profile/09719833406577070443noreply@blogger.com0tag:blogger.com,1999:blog-6043156720447404006.post-77105050687649948162020-06-20T10:27:00.000+10:002020-06-20T10:28:29.331+10:00Querying ERE's from the fimservice databaseI occasionally review the EREs floating about the system - the expected rule entries used to put objects in scope of traditional OSR sync rules - either to try and identity and clean-up orphans or just provide some stats.
<br />
<br />
There are two easy ways listed below to get this from the fimservice database - the first is the quick/dirty way, the second is the proper but very slow way.
<br />
<br />
This information is also available in the sync engine, but as they originate from the fim service it seems better to query from there.
<br />
<br />
<pre class="mycode"><code>
/* ERE count from the MIM database, just found some object types and keys that looked correct. SQL takes seconds, PowerShell takes approximately forever with the FIMAutomation snap-in */
SELECT OVS.ValueString, Count(OVS.ValueString)
FROM Fim.Objects OBJ
inner join fim.ObjectValueString OVS on OBJ.ObjectKey = OVS.ObjectKey
WHERE OBJ.ObjectTypeKey = 11
and OVS.AttributeKey = 66
group by OVS.ValueString
</code></pre>
<br />
The slow (but supported) method, using the FIMAutomation snap-in
<br />
<pre class="mycode"><code>
# Add the FIMAutomation snap-in
Add-pssnapin fimautomation
# The URI of your fim service endpoint
$uri = "http://fim01:5725/ResourceManagementService"
# Construct an output file based on today's date
$outputFile = "c:\temp\EREs_$([DateTime]::Now.ToString("yyyyMMdd")).csv"
# All ERE's
$filter = "/ExpectedRuleEntry"
# Filter by a specific starts-with wildcard
#$filter = "/ExpectedRuleEntry[starts-with(DisplayName, 'AD: ')]"
# Filter by a specific sync rule name
#$filter = "/ExpectedRuleEntry[DisplayName = 'AD: CORP Inbound/Outbound User']"
# Export based on the filter
$objects = Export-FIMConfig -uri $URI -onlyBaseResources -customConfig $filter
# Group by displayname for a count per-sync rule
$objects.ResourceManagementObject.ResourceManagementAttributes | where {$_.attributename -eq 'DisplayName'} | select value | group-object -prop value | select count,name | ft -wrap -auto
# Export some details to CSV
$results = foreach ($object in $objects) {
write-output "out" | select @{N='DisplayName';E={($object.ResourceManagementObject.ResourceManagementAttributes | where {$_.attributename -eq 'displayName'}).Value}},
@{N='CreatedTime';E={($object.ResourceManagementObject.ResourceManagementAttributes | where {$_.attributename -eq 'CreatedTime'}).Value}},
@{N='ObjectID';E={($object.ResourceManagementObject.ResourceManagementAttributes | where {$_.attributename -eq 'ObjectID'}).Value}}
}
$results | export-csv -path $outputFile
</code></pre>
<br />
<br />
<span style="font-size: 85%;">Wayne's World of IT (WWoIT). </span>Wayne Martinhttp://www.blogger.com/profile/09719833406577070443noreply@blogger.com2tag:blogger.com,1999:blog-6043156720447404006.post-5048778377216058342020-06-19T23:27:00.000+10:002020-06-19T23:34:17.605+10:00Office 365 licensing through MIM<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="font-family: Arial, sans-serif; font-size: 10pt;">This one is a few years old, but I haven’t seen anything
similar so I thought I may as well share some information on a solution I put
in place with MIM to manage Office 365 license and service plan allocation.</span></p>
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="font-family: Arial, sans-serif; font-size: 10pt;">In summary:</span></p>
<p class="MsoListParagraphCxSpFirst" style="mso-list: l2 level1 lfo3; text-indent: -18.0pt;"></p><ol style="text-align: left;"><li>Create a new object class in MIM for Office 365 service
plans, and an instance for each sku/service plan.</li><li>Add a multi-valued reference attribute to each
user to store which service plans are allocated</li><li>Create a new MV class and attributes and flow
the data from the FIM MA into the metaverse.<span style="mso-spacerun: yes;">
</span>This is only if you need the data in the MV (I exported this data to a
SQL database MA for a script we were using before group-based licensing)</li><li>Create a new tab in the user editing RCDC to select
Service Plans, delegated to whoever manages license allocation</li><li>Create a policy to allocate a default set of
Service Plans during user provisioning</li><li>Create criteria-based groups exported out to AD
and synchronised to AAD to use Azure Group-Based Licensing.</li></ol><!--[if !supportLists]--><o:p></o:p><p></p>
<p class="MsoListParagraphCxSpMiddle" style="mso-list: l2 level1 lfo3; text-indent: -18.0pt;"><o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="mso-list: l2 level1 lfo3; text-indent: -18.0pt;"><o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="mso-list: l2 level1 lfo3; text-indent: -18.0pt;"><o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="mso-list: l2 level1 lfo3; text-indent: -18.0pt;"><o:p></o:p></p>
<p class="MsoListParagraphCxSpLast" style="mso-list: l2 level1 lfo3; text-indent: -18.0pt;"><o:p></o:p></p>
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="font-family: Arial, sans-serif; font-size: 10pt;">This provided a nifty way for us to delegate and
control SKU’s down to the individual service plans.</span><span style="font-family: Arial, sans-serif; font-size: 10pt;"> </span><span style="font-family: Arial, sans-serif; font-size: 10pt;">This fit into our MIM-centric view of the
world and tied in with our MIM reporting and delegation models.</span></p>
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><a name="_Toc358370141"><b><span style="font-family: "Arial",sans-serif; font-size: 13.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Create
FIM Resources, attributes and binding</span></b></a></p>
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="font-family: Arial, sans-serif; font-size: 10pt;">Resource
type to store office 365 license objects:</span></p>
<span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; margin-left: 36.0pt; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-yfti-tbllook: 1184;">
<tbody><tr style="mso-yfti-firstrow: yes; mso-yfti-irow: 0;">
<td style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">System
Name<o:p></o:p></span></span></p>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Office365License<o:p></o:p></span></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 1;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Display
Name<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Office
365 License<o:p></o:p></span></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 2; mso-yfti-lastrow: yes;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Description<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Office
365 and Azure AAD Licenses<o:p></o:p></span></span></p>
</td>
</tr>
</tbody></table>
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="font-family: Arial, sans-serif; font-size: 10pt;">New
attribute for SKU, bound to Office365License</span></p>
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;"><o:p> </o:p></span></span></p>
<span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; margin-left: 36.0pt; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-yfti-tbllook: 1184;">
<tbody><tr style="mso-yfti-firstrow: yes; mso-yfti-irow: 0;">
<td style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Object Type<o:p></o:p></span></b></span></p>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">System/Display Name<o:p></o:p></span></b></span></p>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Type<o:p></o:p></span></b></span></p>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Multi-valued<o:p></o:p></span></b></span></p>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Description<o:p></o:p></span></b></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 1; mso-yfti-lastrow: yes;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Office365License<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">SKU<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Indexed String<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">No<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Office 365 SKU<o:p></o:p></span></span></p>
</td>
</tr>
</tbody></table>
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="font-family: Arial, sans-serif; font-size: 10pt;">Multi-valued
reference property bound to users:</span></p>
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;"><o:p> </o:p></span></span></p>
<span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; margin-left: 36.0pt; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-yfti-tbllook: 1184;">
<tbody><tr style="mso-yfti-firstrow: yes; mso-yfti-irow: 0;">
<td style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Object Type<o:p></o:p></span></b></span></p>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">System Name<o:p></o:p></span></b></span></p>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Display Name<o:p></o:p></span></b></span></p>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Type<o:p></o:p></span></b></span></p>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Multi-valued<o:p></o:p></span></b></span></p>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Description</span></b></span><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><span lang="EN-US" style="color: black; font-family: "Arial",sans-serif; font-size: 10.0pt; mso-ansi-language: EN-US; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><o:p></o:p></span></b></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 1; mso-yfti-lastrow: yes;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Person<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Office365ServicePlans<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Office365 Service Plans<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Reference (DN)<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Yes<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">{None}<o:p></o:p></span></span></p>
</td>
</tr>
</tbody></table>
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"></span><span style="font-family: Arial, sans-serif; font-size: 10pt;">Note
that there is no explicit link between the user bound attribute and the new
resource type – technically any reference ID can be stored in the service plans
attribute.</span><span style="font-family: Arial, sans-serif; font-size: 10pt;"> </span><span style="font-family: Arial, sans-serif; font-size: 10pt;">We are relying on the RCDC
Filter to control which references are stored in this attribute.</span></p>
<p class="MsoNormal" style="line-height: normal; margin-bottom: 3.0pt; margin-left: 0cm; margin-right: 0cm; margin-top: 12.0pt; mso-outline-level: 3; page-break-after: avoid;"><span style="mso-bookmark: _Toc358370141;"><b><span style="font-family: "Arial",sans-serif; font-size: 13.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Add an Office365 licensing tab to the user
editing/creation RCDC<o:p></o:p></span></b></span></p>
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="font-family: Arial, sans-serif; font-size: 10pt;">Add
the following grouping.</span><span style="font-family: Arial, sans-serif; font-size: 10pt;"> </span><span style="font-family: Arial, sans-serif; font-size: 10pt;">Note that the
binding source for the creation RCDC must be schema, rather than object as
below (editing):</span></p>
<blockquote style="border: none; line-height: 0; margin: 0px 0px 0px 40px; padding: 0px; text-align: left;"><p class="MsoNormal" style="line-height: 0; margin-bottom: 0.0001pt;"><span style="font-family: Arial, sans-serif; font-size: 8pt; line-height: 0;"> </span><span style="font-family: Arial, sans-serif; font-size: 8pt; line-height: 0;"><my:Grouping
my:Name="Office365LicensesGroup" my:Caption="Office365"
my:Enabled="true"></span></p><p class="MsoNormal" style="line-height: 0; margin-bottom: 0.0001pt;"><span style="line-height: 0;"><span style="font-family: Arial, sans-serif; font-size: 8pt; line-height: 0;"><span style="line-height: 0;"> </span><my:Control
my:Name="SyncTo365" my:TypeName="UocCheckBox"
my:Caption="{Binding Source=schema, Path=SyncTo365.DisplayName}" my:Description="{Binding
Source=schema, Path=SyncTo365.Description}" my:RightsLevel="{Binding
Source=rights, Path=SyncTo365}"></span></span></p><p class="MsoNormal" style="line-height: 0; margin-bottom: 0.0001pt;"><span style="line-height: 0;"><span style="font-family: Arial, sans-serif; font-size: 8pt; line-height: 0;"><span style="line-height: 0;"> </span><my:Properties></span></span></p><p class="MsoNormal" style="line-height: 0; margin-bottom: 0.0001pt;"><span style="line-height: 0;"><span style="font-family: Arial, sans-serif; font-size: 8pt; line-height: 0;"><span style="line-height: 0;"> </span><my:Property
my:Name="Required" my:Value="{Binding Source=schema,
Path=SyncTo365.Required}"/></span></span></p><p class="MsoNormal" style="line-height: 0; margin-bottom: 0.0001pt;"><span style="line-height: 0;"><span style="font-family: Arial, sans-serif; font-size: 8pt; line-height: 0;"><span style="line-height: 0;"> </span><span style="line-height: 0;">
</span><my:Property my:Name="Text" my:Value="Synchronised to
Office 365"/></span></span></p><p class="MsoNormal" style="line-height: 0; margin-bottom: 0.0001pt;"><span style="line-height: 0;"><span style="font-family: Arial, sans-serif; font-size: 8pt; line-height: 0;"><span style="line-height: 0;"> </span><my:Property
my:Name="Checked" my:Value="{Binding Source=object,
Path=SyncTo365, Mode=TwoWay}"/></span></span></p><p class="MsoNormal" style="line-height: 0; margin-bottom: 0.0001pt;"><span style="line-height: 0;"><span style="font-family: Arial, sans-serif; font-size: 8pt; line-height: 0;"><span style="line-height: 0;"> </span></my:Properties></span></span></p><p class="MsoNormal" style="line-height: 0; margin-bottom: 0.0001pt;"><span style="line-height: 0;"><span style="font-family: Arial, sans-serif; font-size: 8pt; line-height: 0;"><span style="line-height: 0;"> </span></my:Control></span></span></p><p class="MsoNormal" style="line-height: 0; margin-bottom: 0.0001pt;"><span style="line-height: 0;"><span style="font-family: Arial, sans-serif; font-size: 8pt; line-height: 0;"><span style="line-height: 0;"> </span><my:Control
my:Name="Office365Licenses" my:TypeName="UocListView"
my:Caption="Office 365 Licenses" my:Description="Office 365
Licenses." my:RightsLevel="{Binding Source=rights,
Path=Office365ServicePlans}"></span></span></p><p class="MsoNormal" style="line-height: 0; margin-bottom: 0.0001pt;"><span style="line-height: 0;"><span style="font-family: Arial, sans-serif; font-size: 8pt; line-height: 0;"><span style="line-height: 0;"> </span><my:Properties></span></span></p><p class="MsoNormal" style="line-height: 0; margin-bottom: 0.0001pt;"><span style="line-height: 0;"><span style="font-family: Arial, sans-serif; font-size: 8pt; line-height: 0;"><span style="line-height: 0;"> </span><my:Property
my:Name="ColumnsToDisplay"
my:Value="DisplayName,Description,SKU" /></span></span></p><p class="MsoNormal" style="line-height: 0; margin-bottom: 0.0001pt;"><span style="line-height: 0;"><span style="font-family: Arial, sans-serif; font-size: 8pt; line-height: 0;"><span style="line-height: 0;"> </span><span style="line-height: 0;"> </span><my:Property
my:Name="EmptyResultText" my:Value="There are no licenses
available for this person." /></span></span></p><p class="MsoNormal" style="line-height: 0; margin-bottom: 0.0001pt;"><span style="line-height: 0;"><span style="font-family: Arial, sans-serif; font-size: 8pt; line-height: 0;"><span style="line-height: 0;"> </span><my:Property
my:Name="ResultObjectType" my:Value="Office365License"/>
</span></span></p><p class="MsoNormal" style="line-height: 0; margin-bottom: 0.0001pt;"><span style="line-height: 0;"><span style="font-family: Arial, sans-serif; font-size: 8pt; line-height: 0;"><span style="line-height: 0;"> </span><my:Property
my:Name="PageSize" my:Value="10" /></span></span></p><p class="MsoNormal" style="line-height: 0; margin-bottom: 0.0001pt;"><span style="line-height: 0;"><span style="font-family: Arial, sans-serif; font-size: 8pt; line-height: 0;"><span style="line-height: 0;"> </span><span style="line-height: 0;"> </span><my:Property
my:Name="ShowTitleBar" my:Value="false" /></span></span></p><p class="MsoNormal" style="line-height: 0; margin-bottom: 0.0001pt;"><span style="line-height: 0;"><span style="font-family: Arial, sans-serif; font-size: 8pt; line-height: 0;"><span style="line-height: 0;"> </span><my:Property
my:Name="ShowActionBar" my:Value="false" /></span></span></p><p class="MsoNormal" style="line-height: 0; margin-bottom: 0.0001pt;"><span style="line-height: 0;"><span style="font-family: Arial, sans-serif; font-size: 8pt; line-height: 0;"><span style="line-height: 0;"> </span><my:Property
my:Name="ShowPreview" my:Value="false" /></span></span></p><p class="MsoNormal" style="line-height: 0; margin-bottom: 0.0001pt;"><span style="line-height: 0;"><span style="font-family: Arial, sans-serif; font-size: 8pt; line-height: 0;"><span style="line-height: 0;"> </span><my:Property
my:Name="ShowSearchControl" my:Value="false" /></span></span></p><p class="MsoNormal" style="line-height: 0; margin-bottom: 0.0001pt;"><span style="line-height: 0;"><span style="font-family: Arial, sans-serif; font-size: 8pt; line-height: 0;"><span style="line-height: 0;"> </span><my:Property
my:Name="EnableSelection" my:Value="true" /></span></span></p><p class="MsoNormal" style="line-height: 0; margin-bottom: 0.0001pt;"><span style="line-height: 0;"><span style="font-family: Arial, sans-serif; font-size: 8pt; line-height: 0;"><span style="line-height: 0;"> </span><my:Property
my:Name="SingleSelection" my:Value="false" /></span></span></p><p class="MsoNormal" style="line-height: 0; margin-bottom: 0.0001pt;"><span style="line-height: 0;"><span style="font-family: Arial, sans-serif; font-size: 8pt; line-height: 0;"><span style="line-height: 0;"> </span><my:Property my:Name="SelectedValue"
my:Value="{Binding Source=object, Path=Office365ServicePlans, Mode=TwoWay}"/>
</span></span></p><p class="MsoNormal" style="line-height: 0; margin-bottom: 0.0001pt;"><span style="line-height: 0;"><span style="font-family: Arial, sans-serif; font-size: 8pt; line-height: 0;"><span style="line-height: 0;"> </span><my:Property
my:Name="ItemClickBehavior" my:Value="ModelessDialog" /></span></span></p><p class="MsoNormal" style="line-height: 0; margin-bottom: 0.0001pt;"><span style="line-height: 0;"><span style="font-family: Arial, sans-serif; font-size: 8pt; line-height: 0;"><span style="line-height: 0;"> </span><my:Property
my:Name="ReadOnly" my:Value="false" /></span></span></p><p class="MsoNormal" style="line-height: 0; margin-bottom: 0.0001pt;"><span style="line-height: 0;"><span style="font-family: Arial, sans-serif; font-size: 8pt; line-height: 0;"><span style="line-height: 0;"> </span><my:Property my:Name="ListFilter"
my:Value="/Office365License" /></span></span></p><p class="MsoNormal" style="line-height: 0; margin-bottom: 0.0001pt;"><span style="line-height: 0;"><span style="font-family: Arial, sans-serif; font-size: 8pt; line-height: 0;"><span style="line-height: 0;"> </span></my:Properties></span></span></p><p class="MsoNormal" style="line-height: 0; margin-bottom: 0.0001pt;"><span style="line-height: 0;"><span style="font-family: Arial, sans-serif; font-size: 8pt; line-height: 0;"><span style="line-height: 0;"> </span><span style="line-height: 0;"> </span></my:Control><span style="line-height: 0;"> </span></span></span></p></blockquote><blockquote style="border: none; line-height: 0; margin: 0px 0px 0px 40px; padding: 0px; text-align: left;"><p class="MsoNormal" style="line-height: 0; margin-bottom: 0.0001pt;"><span style="line-height: 0;"><span style="font-family: Arial, sans-serif; font-size: 8pt; line-height: 0;"></my:Grouping></span></span></p></blockquote>
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 8.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;"><o:p> </o:p></span></span><span style="font-family: Arial, sans-serif; font-size: 10pt;">For
example, the RCDC results in an ‘Office365’ tab for license allocation (and we
also control synchronisation in this way)</span></p><p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"></p><div class="separator" style="clear: both; text-align: left;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5X_cC7Lra6zK8G87N5o9fMi8j6SOeV7PWWCiT7RISUF21kgGtjP_gDJF8tmlAEoE6GuCQ6oCYYUBmrh0neR3DbDmGxaurV-vLL9gbDTygqiEuGslQYlFcxutL02C8zYDwNsz5sHv4014/s788/WWOIT_Office+365+licensing+through+MIM_01.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="290" data-original-width="788" height="185" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5X_cC7Lra6zK8G87N5o9fMi8j6SOeV7PWWCiT7RISUF21kgGtjP_gDJF8tmlAEoE6GuCQ6oCYYUBmrh0neR3DbDmGxaurV-vLL9gbDTygqiEuGslQYlFcxutL02C8zYDwNsz5sHv4014/w500-h185/WWOIT_Office+365+licensing+through+MIM_01.png" width="500" /></a></div><span style="font-family: Arial, sans-serif; font-size: 10pt;"><br /></span><p></p>
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><b style="text-indent: -18pt;"><i><span style="font-family: Arial, sans-serif;">Recycle the SharePoint app pool</span></i></b></p>
<pre style="line-height: normal; margin-bottom: 0.0001pt; text-align: left;"><span style="font-family: Arial, sans-serif; font-size: 10pt;">$sharepoint
= Get-WMIObject -Computer "mim01 " -Namespace root\MicrosoftIISv2
-Authentication PacketPrivacy</span><span style="font-family: Arial, sans-serif; font-size: 10pt;"> </span><span style="font-family: Arial, sans-serif; font-size: 10pt;">-Query
"SELECT * from IIsApplicationPool where name = 'W3SVC/APPPOOLS/SharePoint
- 80'"<br /></span><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">$sharepoint.recycle()</span></span></pre>
<p class="MsoNormal" style="line-height: normal; margin-bottom: 3.0pt; margin-left: 0cm; margin-right: 0cm; margin-top: 12.0pt; mso-outline-level: 3; page-break-after: avoid;"><span style="mso-bookmark: _Toc358370141;"><b><span style="font-family: "Arial",sans-serif; font-size: 13.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Create Office 365 licensing objects and allow sync
to MV<o:p></o:p></span></b></span></p>
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;"><o:p> </o:p></span></span><span style="font-family: Arial, sans-serif; font-size: 10pt;">Set
for access:</span></p>
<ul style="margin-top: 0cm;" type="disc">
<li class="MsoNormalCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm; mso-add-space: auto; mso-list: l1 level1 lfo1;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">All
Office 365 Licenses<o:p></o:p></span></span></li>
</ul>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-KWgrfIHnCngNkqoA_4uSWLFcAw11V-zH1S1a7wtZBYbK1_476EjCAR6oIHGepW1fxGwZ1BoD89a95SKkL38bIEOQPMvzG38i4xey9ckdWfcJLrPc1uCEzcNRmldu0rk5C3_Zi9JdVPo/s409/WWOIT_Office+365+licensing+through+MIM_02.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="108" data-original-width="409" height="105" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-KWgrfIHnCngNkqoA_4uSWLFcAw11V-zH1S1a7wtZBYbK1_476EjCAR6oIHGepW1fxGwZ1BoD89a95SKkL38bIEOQPMvzG38i4xey9ckdWfcJLrPc1uCEzcNRmldu0rk5C3_Zi9JdVPo/w400-h105/WWOIT_Office+365+licensing+through+MIM_02.png" width="400" /></a></div><p class="MsoNormal" style="line-height: normal; margin-bottom: 3.0pt; margin-left: 18.0pt; margin-right: 0cm; margin-top: 12.0pt; mso-outline-level: 4; page-break-after: avoid; tab-stops: 51.05pt 155.95pt; text-indent: -18.0pt;"><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><i><span style="color: black; font-family: "Arial",sans-serif; mso-fareast-font-family: "Times New Roman"; mso-font-kerning: 16.0pt;"><br /></span></i></b></span></p><p class="MsoNormal" style="line-height: normal; margin-bottom: 3.0pt; margin-left: 18.0pt; margin-right: 0cm; margin-top: 12.0pt; mso-outline-level: 4; page-break-after: avoid; tab-stops: 51.05pt 155.95pt; text-indent: -18.0pt;"><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><i><span style="color: black; font-family: "Arial",sans-serif; mso-fareast-font-family: "Times New Roman"; mso-font-kerning: 16.0pt;"><br /></span></i></b></span></p><p class="MsoNormal" style="line-height: normal; margin-bottom: 3.0pt; margin-left: 18.0pt; margin-right: 0cm; margin-top: 12.0pt; mso-outline-level: 4; page-break-after: avoid; tab-stops: 51.05pt 155.95pt; text-indent: -18.0pt;"><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><i><span style="color: black; font-family: "Arial",sans-serif; mso-fareast-font-family: "Times New Roman"; mso-font-kerning: 16.0pt;"><br /></span></i></b></span></p><p class="MsoNormal" style="line-height: normal; margin-bottom: 3.0pt; margin-left: 18.0pt; margin-right: 0cm; margin-top: 12.0pt; mso-outline-level: 4; page-break-after: avoid; tab-stops: 51.05pt 155.95pt; text-indent: -18.0pt;"><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><i><span style="color: black; font-family: "Arial",sans-serif; mso-fareast-font-family: "Times New Roman"; mso-font-kerning: 16.0pt;"><br /></span></i></b></span></p><p class="MsoNormal" style="line-height: normal; margin-bottom: 3.0pt; margin-left: 18.0pt; margin-right: 0cm; margin-top: 12.0pt; mso-outline-level: 4; page-break-after: avoid; tab-stops: 51.05pt 155.95pt; text-indent: -18.0pt;"><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><i><span style="color: black; font-family: "Arial",sans-serif; mso-fareast-font-family: "Times New Roman"; mso-font-kerning: 16.0pt;">Create FIM MPRs to allow synchronisation<o:p></o:p></span></i></b></span></p>
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;"><o:p> </o:p></span></span></p>
<span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px; text-align: left;"><table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-yfti-tbllook: 1184;">
<tbody><tr style="mso-yfti-firstrow: yes; mso-yfti-irow: 0;">
<td style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">DisplayName<o:p></o:p></span></span></p>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Synchronization:
Synchronization account can read Office365Licenses it synchronizes<o:p></o:p></span></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 1;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Description<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Policy
to allow synchronisation of Office365License objects<o:p></o:p></span></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 2;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Type<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Request<o:p></o:p></span></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 3;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Requestor<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Synchronization
Engine<o:p></o:p></span></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 4;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Operation<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Read<o:p></o:p></span></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 5;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Permissions<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Grant<o:p></o:p></span></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 6;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Target
Resource Set<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">All
Office 365 Licenses<o:p></o:p></span></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 7; mso-yfti-lastrow: yes;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Resource
Attributes<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">All
Attributes<o:p></o:p></span></span></p>
</td>
</tr>
</tbody></table></blockquote>
<blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px; text-align: left;"><p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;"><o:p> </o:p></span></span><span style="font-family: Arial, sans-serif; font-size: 10pt;"> </span></p><table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-yfti-tbllook: 1184;">
<tbody><tr style="mso-yfti-firstrow: yes; mso-yfti-irow: 0;">
<td style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">DisplayName<o:p></o:p></span></span></p>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Synchronization:
Synchronization account controls Office365Licenses it synchronizes<o:p></o:p></span></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 1;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Description<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Policy
to allow synchronisation of Office365License objects<o:p></o:p></span></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 2;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Type<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Request<o:p></o:p></span></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 3;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Requestor<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Synchronization
Engine<o:p></o:p></span></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 4;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Operation<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Modify<o:p></o:p></span></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 5;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Permissions<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Grant<o:p></o:p></span></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 6;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Target
Resource Set<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">All
Office 365 Licenses<o:p></o:p></span></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 7; mso-yfti-lastrow: yes;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Resource
Attributes<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">All
Attributes<o:p></o:p></span></span></p>
</td>
</tr>
</tbody></table></blockquote>
<span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span>
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="font-family: Arial, sans-serif; font-size: 10pt;">Note
that the modify policy above is required otherwise a’ failed-modification-via-web-services
‘ export error will occur: while exporting MVObjectID</span></p>
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Fault
Reason: Policy prohibits the request from completing, Microsoft.ResourceManagement.WebServices.Exceptions.PermissionDeniedException<o:p></o:p></span></span></p>
<p class="MsoNormal" style="line-height: normal; margin-bottom: 3.0pt; margin-left: 18.0pt; margin-right: 0cm; margin-top: 12.0pt; mso-outline-level: 4; page-break-after: avoid; tab-stops: 51.05pt 155.95pt; text-indent: -18.0pt;"><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><i><span style="color: black; font-family: "Arial",sans-serif; mso-fareast-font-family: "Times New Roman"; mso-font-kerning: 16.0pt;">Create FIM MPRs for administrative access<o:p></o:p></span></i></b></span></p>
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="font-family: Arial, sans-serif; font-size: 10pt;">Allow
add/delete grant permissions to the set above:</span></p>
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;"><o:p> </o:p></span></span></p>
<span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; margin-left: 36.0pt; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-yfti-tbllook: 1184; width: 534px;">
<tbody><tr style="mso-yfti-firstrow: yes; mso-yfti-irow: 0;">
<td style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Name<o:p></o:p></span></span></p>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Administration:
Administrators can control Office 365 licenses<o:p></o:p></span></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 1;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Requestors<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Administrators<o:p></o:p></span></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 2;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Operation<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Create,
Delete, Add, Remove, Modify<o:p></o:p></span></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 3;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Grants
Permission<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Yes<o:p></o:p></span></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 4;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Target
Resource Before<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">All
Office 365 Licenses<o:p></o:p></span></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 5;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Target
Resource After<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">All
Office 365 Licenses<o:p></o:p></span></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 6; mso-yfti-lastrow: yes;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Resource
Attributes<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">All
Attributes<o:p></o:p></span></span></p>
</td>
</tr>
</tbody></table>
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;"><o:p> </o:p></span></span></p>
<span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; margin-left: 36.0pt; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-yfti-tbllook: 1184; width: 534px;">
<tbody><tr style="mso-yfti-firstrow: yes; mso-yfti-irow: 0;">
<td style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Name<o:p></o:p></span></span></p>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Administration:
Administrators can read and update Users<o:p></o:p></span></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 1;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Requestors<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;"><No
Change><o:p></o:p></span></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 2;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Operation<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;"><No
Change><o:p></o:p></span></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 3;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Grants
Permission<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;"><No
Change><o:p></o:p></span></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 4;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Target
Resource Before<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;"><No
Change><o:p></o:p></span></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 5;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Target
Resource After<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;"><No
Change><o:p></o:p></span></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 6; mso-yfti-lastrow: yes;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Resource
Attributes<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Add
‘Office 365 Service Plans’<o:p></o:p></span></span></p>
</td>
</tr>
</tbody></table>
<p class="MsoNormal" style="line-height: normal; margin-bottom: 3.0pt; margin-left: 18.0pt; margin-right: 0cm; margin-top: 12.0pt; mso-outline-level: 4; page-break-after: avoid; tab-stops: 51.05pt 155.95pt; text-indent: -18.0pt;"><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><i><span style="color: black; font-family: "Arial",sans-serif; mso-fareast-font-family: "Times New Roman"; mso-font-kerning: 16.0pt;">Add the new object to the sync to the
metaverse<o:p></o:p></span></i></b></span></p>
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="font-family: Arial, sans-serif; font-size: 10pt;">Modify
the All Resource | Synchronization Filter:</span></p>
<span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; margin-left: 36.0pt; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-yfti-tbllook: 1184;">
<tbody><tr style="mso-yfti-firstrow: yes; mso-yfti-irow: 0; mso-yfti-lastrow: yes;">
<td style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Synchronization
Filter <o:p></o:p></span></span></p>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Add
Office365License<o:p></o:p></span></span></p>
</td>
</tr>
</tbody></table>
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="font-family: Arial, sans-serif; font-size: 10pt;">Create
a new PowerShell session – the following error may be returned using an
existing session:</span></p>
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm; margin-left: 36.0pt; margin-right: 0cm; margin-top: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 8.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Error=
System.InvalidOperationException: Operation is not valid due to the current
state of the object.<o:p></o:p></span></span></p>
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="font-family: Arial, sans-serif; font-size: 10pt;">For
example, create some EMS and E1 Service Plans, grouped by SKU:</span></p>
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;"><o:p> </o:p></span></span></p>
<span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><table border="1" cellpadding="0" cellspacing="0" class="MsoNormalTable" style="border-collapse: collapse; border: none; margin-left: 36.0pt; mso-border-alt: solid windowtext .5pt; mso-border-insideh: .5pt solid windowtext; mso-border-insidev: .5pt solid windowtext; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-yfti-tbllook: 1184; width: 412px;">
<tbody><tr style="height: 15.0pt; mso-yfti-firstrow: yes; mso-yfti-irow: 0;">
<td nowrap="" style="border: solid windowtext 1.0pt; height: 15.0pt; mso-border-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 69.6pt;" valign="bottom" width="93">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><span style="color: black; mso-ascii-font-family: Calibri; mso-bidi-font-family: Calibri; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU; mso-hansi-font-family: Calibri;">DisplayName<o:p></o:p></span></b></span></p>
</td>
<td nowrap="" style="border-left: none; border: solid windowtext 1.0pt; height: 15.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 209.0pt;" valign="bottom" width="279">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><span style="color: black; mso-ascii-font-family: Calibri; mso-bidi-font-family: Calibri; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU; mso-hansi-font-family: Calibri;">Description<o:p></o:p></span></b></span></p>
</td>
<td nowrap="" style="border-left: none; border: solid windowtext 1.0pt; height: 15.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 30.65pt;" valign="bottom" width="41">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><span style="color: black; mso-ascii-font-family: Calibri; mso-bidi-font-family: Calibri; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU; mso-hansi-font-family: Calibri;">SKU<o:p></o:p></span></b></span></p>
</td>
</tr>
<tr style="height: 15.0pt; mso-yfti-irow: 1;">
<td nowrap="" style="border-top: none; border: solid windowtext 1.0pt; height: 15.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 69.6pt;" valign="bottom" width="93">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; mso-ascii-font-family: Calibri; mso-bidi-font-family: Calibri; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU; mso-hansi-font-family: Calibri;">MFA<o:p></o:p></span></span></p>
</td>
<td nowrap="" style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 15.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 209.0pt;" valign="bottom" width="279">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; mso-ascii-font-family: Calibri; mso-bidi-font-family: Calibri; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU; mso-hansi-font-family: Calibri;">Azure
Multi-factor authentication<o:p></o:p></span></span></p>
</td>
<td nowrap="" style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 15.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 30.65pt;" valign="bottom" width="41">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; mso-ascii-font-family: Calibri; mso-bidi-font-family: Calibri; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU; mso-hansi-font-family: Calibri;">EMS<o:p></o:p></span></span></p>
</td>
</tr>
<tr style="height: 15.0pt; mso-yfti-irow: 2;">
<td nowrap="" style="border-top: none; border: solid windowtext 1.0pt; height: 15.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 69.6pt;" valign="bottom" width="93">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; mso-ascii-font-family: Calibri; mso-bidi-font-family: Calibri; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU; mso-hansi-font-family: Calibri;">Intune<o:p></o:p></span></span></p>
</td>
<td nowrap="" style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 15.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 209.0pt;" valign="bottom" width="279">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; mso-ascii-font-family: Calibri; mso-bidi-font-family: Calibri; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU; mso-hansi-font-family: Calibri;">Intune<o:p></o:p></span></span></p>
</td>
<td nowrap="" style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 15.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 30.65pt;" valign="bottom" width="41">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; mso-ascii-font-family: Calibri; mso-bidi-font-family: Calibri; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU; mso-hansi-font-family: Calibri;">EMS<o:p></o:p></span></span></p>
</td>
</tr>
<tr style="height: 15.0pt; mso-yfti-irow: 3;">
<td nowrap="" style="border-top: none; border: solid windowtext 1.0pt; height: 15.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 69.6pt;" valign="bottom" width="93">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; mso-ascii-font-family: Calibri; mso-bidi-font-family: Calibri; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU; mso-hansi-font-family: Calibri;">RMS<o:p></o:p></span></span></p>
</td>
<td nowrap="" style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 15.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 209.0pt;" valign="bottom" width="279">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; mso-ascii-font-family: Calibri; mso-bidi-font-family: Calibri; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU; mso-hansi-font-family: Calibri;">Azure
Active Directory Rights Management<o:p></o:p></span></span></p>
</td>
<td nowrap="" style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 15.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 30.65pt;" valign="bottom" width="41">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; mso-ascii-font-family: Calibri; mso-bidi-font-family: Calibri; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU; mso-hansi-font-family: Calibri;">EMS<o:p></o:p></span></span></p>
</td>
</tr>
<tr style="height: 15.0pt; mso-yfti-irow: 4;">
<td nowrap="" style="border-top: none; border: solid windowtext 1.0pt; height: 15.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 69.6pt;" valign="bottom" width="93">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; mso-ascii-font-family: Calibri; mso-bidi-font-family: Calibri; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU; mso-hansi-font-family: Calibri;">Yammer<o:p></o:p></span></span></p>
</td>
<td nowrap="" style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 15.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 209.0pt;" valign="bottom" width="279">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; mso-ascii-font-family: Calibri; mso-bidi-font-family: Calibri; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU; mso-hansi-font-family: Calibri;">Yammer<o:p></o:p></span></span></p>
</td>
<td nowrap="" style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 15.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 30.65pt;" valign="bottom" width="41">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; mso-ascii-font-family: Calibri; mso-bidi-font-family: Calibri; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU; mso-hansi-font-family: Calibri;">E1<o:p></o:p></span></span></p>
</td>
</tr>
<tr style="height: 15.0pt; mso-yfti-irow: 5;">
<td nowrap="" style="border-top: none; border: solid windowtext 1.0pt; height: 15.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 69.6pt;" valign="bottom" width="93">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; mso-ascii-font-family: Calibri; mso-bidi-font-family: Calibri; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU; mso-hansi-font-family: Calibri;">Sway<o:p></o:p></span></span></p>
</td>
<td nowrap="" style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 15.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 209.0pt;" valign="bottom" width="279">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; mso-ascii-font-family: Calibri; mso-bidi-font-family: Calibri; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU; mso-hansi-font-family: Calibri;">Sway<o:p></o:p></span></span></p>
</td>
<td nowrap="" style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 15.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 30.65pt;" valign="bottom" width="41">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; mso-ascii-font-family: Calibri; mso-bidi-font-family: Calibri; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU; mso-hansi-font-family: Calibri;">E1<o:p></o:p></span></span></p>
</td>
</tr>
<tr style="height: 15.0pt; mso-yfti-irow: 6;">
<td nowrap="" style="border-top: none; border: solid windowtext 1.0pt; height: 15.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 69.6pt;" valign="bottom" width="93">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; mso-ascii-font-family: Calibri; mso-bidi-font-family: Calibri; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU; mso-hansi-font-family: Calibri;">Lync<o:p></o:p></span></span></p>
</td>
<td nowrap="" style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 15.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 209.0pt;" valign="bottom" width="279">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; mso-ascii-font-family: Calibri; mso-bidi-font-family: Calibri; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU; mso-hansi-font-family: Calibri;">Lync
Online<o:p></o:p></span></span></p>
</td>
<td nowrap="" style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 15.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 30.65pt;" valign="bottom" width="41">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; mso-ascii-font-family: Calibri; mso-bidi-font-family: Calibri; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU; mso-hansi-font-family: Calibri;">E1<o:p></o:p></span></span></p>
</td>
</tr>
<tr style="height: 15.0pt; mso-yfti-irow: 7;">
<td nowrap="" style="border-top: none; border: solid windowtext 1.0pt; height: 15.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 69.6pt;" valign="bottom" width="93">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; mso-ascii-font-family: Calibri; mso-bidi-font-family: Calibri; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU; mso-hansi-font-family: Calibri;">SharePoint<o:p></o:p></span></span></p>
</td>
<td nowrap="" style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 15.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 209.0pt;" valign="bottom" width="279">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; mso-ascii-font-family: Calibri; mso-bidi-font-family: Calibri; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU; mso-hansi-font-family: Calibri;">SharePoint
Online<o:p></o:p></span></span></p>
</td>
<td nowrap="" style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 15.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 30.65pt;" valign="bottom" width="41">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; mso-ascii-font-family: Calibri; mso-bidi-font-family: Calibri; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU; mso-hansi-font-family: Calibri;">E1<o:p></o:p></span></span></p>
</td>
</tr>
<tr style="height: 15.0pt; mso-yfti-irow: 8; mso-yfti-lastrow: yes;">
<td nowrap="" style="border-top: none; border: solid windowtext 1.0pt; height: 15.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 69.6pt;" valign="bottom" width="93">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; mso-ascii-font-family: Calibri; mso-bidi-font-family: Calibri; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU; mso-hansi-font-family: Calibri;">Exchange<o:p></o:p></span></span></p>
</td>
<td nowrap="" style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 15.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 209.0pt;" valign="bottom" width="279">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; mso-ascii-font-family: Calibri; mso-bidi-font-family: Calibri; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU; mso-hansi-font-family: Calibri;">Exchange
Online<o:p></o:p></span></span></p>
</td>
<td nowrap="" style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 15.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt; width: 30.65pt;" valign="bottom" width="41">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; mso-ascii-font-family: Calibri; mso-bidi-font-family: Calibri; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU; mso-hansi-font-family: Calibri;">E1<o:p></o:p></span></span></p>
</td>
</tr>
</tbody></table>
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;"><o:p> </o:p></span></span><span style="font-family: Arial, sans-serif; font-size: 10pt;">Ensure
a CSV file with the above table exists:</span></p>
<pre style="line-height: normal; margin: 0cm 0cm 0.0001pt 36pt; text-align: left;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 9.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">$licenses =
import-csv -path c:\temp\licenses.csv<br /></span></span><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 9.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;"><o:p> <br /></o:p></span></span><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 9.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">foreach
($license in $licenses) {<span style="mso-spacerun: yes;"> <br /></span></span></span><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 9.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;"><o:p> <br /></o:p></span></span><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 9.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;"><span style="mso-spacerun: yes;"> </span>#write-output "DisplayName:
'$($license.DisplayName)', Description: '$($license.Description)', SKU
'$($license.SKU)'"<br /></span></span><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 9.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;"><span style="mso-spacerun: yes;"> </span>. .\CreateOffice365License.ps1 -displayName
$license.DisplayName -description $license.Description -sku $license.SKU<br /></span></span><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 9.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">}</span></span></pre>
<p class="MsoNormal" style="line-height: normal; margin-bottom: 3.0pt; margin-left: 0cm; margin-right: 0cm; margin-top: 12.0pt; mso-outline-level: 3; page-break-after: avoid;"><span style="mso-bookmark: _Toc358370141;"><b><span style="font-family: "Arial",sans-serif; font-size: 13.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Create metaverse object class<o:p></o:p></span></b></span></p>
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;"><o:p> </o:p></span></span><span style="font-family: Arial, sans-serif; font-size: 10pt;">office365License:</span></p>
<span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; margin-left: 72.0pt; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-yfti-tbllook: 1184;">
<tbody><tr style="mso-yfti-firstrow: yes; mso-yfti-irow: 0;">
<td style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 8.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Object Type<o:p></o:p></span></b></span></p>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 8.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">AttributesName<o:p></o:p></span></b></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 1; mso-yfti-lastrow: yes;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 8.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">office365License<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 8.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">displayName<o:p></o:p></span></span></p>
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 8.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">description<o:p></o:p></span></span></p>
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 8.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">sKU<o:p></o:p></span></span></p>
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 8.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">csObjectID<o:p></o:p></span></span></p>
</td>
</tr>
</tbody></table>
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;"><o:p> </o:p></span></span></p>
<span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; margin-left: 72.0pt; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-yfti-tbllook: 1184;">
<tbody><tr style="mso-yfti-firstrow: yes; mso-yfti-irow: 0;">
<td style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 8.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Object Type<o:p></o:p></span></b></span></p>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 8.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">AttributeName<o:p></o:p></span></b></span></p>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 8.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Type<o:p></o:p></span></b></span></p>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 8.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Multi-valued<o:p></o:p></span></b></span></p>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 8.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Indexed</span></b></span><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><span lang="EN-US" style="color: black; font-family: "Arial",sans-serif; font-size: 8.0pt; mso-ansi-language: EN-US; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><o:p></o:p></span></b></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 1; mso-yfti-lastrow: yes;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 8.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">office365License<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 8.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">sKU<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 8.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">String (indexable)<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 8.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">No<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 8.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">No<o:p></o:p></span></span></p>
</td>
</tr>
</tbody></table>
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;"><o:p> </o:p></span></span><span style="font-family: Arial, sans-serif; font-size: 10pt;">person:</span></p>
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;"><o:p> </o:p></span></span></p>
<span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; margin-left: 72.0pt; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-yfti-tbllook: 1184;">
<tbody><tr style="mso-yfti-firstrow: yes; mso-yfti-irow: 0;">
<td style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 8.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Object Type<o:p></o:p></span></b></span></p>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 8.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">AttributesName<o:p></o:p></span></b></span></p>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 8.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Type<o:p></o:p></span></b></span></p>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 8.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Multi-valued<o:p></o:p></span></b></span></p>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 8.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Indexed</span></b></span><span style="mso-bookmark: _Toc358370141;"><b style="mso-bidi-font-weight: normal;"><span lang="EN-US" style="color: black; font-family: "Arial",sans-serif; font-size: 8.0pt; mso-ansi-language: EN-US; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><o:p></o:p></span></b></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 1; mso-yfti-lastrow: yes;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 8.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">person<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 8.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">office365ServicePlans<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 8.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Reference (DN)<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 8.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Yes<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0cm; mso-line-height-rule: exactly;"><span style="mso-bookmark: _Toc358370141;"><span style="color: black; font-family: "Arial",sans-serif; font-size: 8.0pt; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">No<o:p></o:p></span></span></p>
</td>
</tr>
</tbody></table>
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;"><o:p> </o:p></span></span><span style="font-family: Arial, sans-serif; font-size: 10pt;">FIM
MA:</span></p>
<span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><span style="mso-bookmark: _Toc358370141;"></span><table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; margin-left: 36.0pt; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-yfti-tbllook: 1184;">
<tbody><tr style="mso-yfti-firstrow: yes; mso-yfti-irow: 0;">
<td style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Refresh
Schema<o:p></o:p></span></span></p>
</td>
<td style="border-left: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top"><span style="mso-bookmark: _Toc358370141;"></span>
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;"><o:p> </o:p></span></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 1;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Select
Object Types<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Office365License<o:p></o:p></span></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 2;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Select
Attributes<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">SKU,
Office365ServicePlans<o:p></o:p></span></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 3;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Object
Type Mapping<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Office365License
-> office365License<o:p></o:p></span></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 4;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Attribute
Flow<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">office365License:<br />
Add SKU -> sKU<br />
Add DisplayName -> displayName<br />
Add Description -> description<o:p></o:p></span></span></p>
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Remove
ExpectedRulesList<o:p></o:p></span></span></p>
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Remove
DetectedRulesList<o:p></o:p></span></span></p>
</td>
</tr>
<tr style="mso-yfti-irow: 5; mso-yfti-lastrow: yes;">
<td style="border-top: none; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Attribute
Flow<o:p></o:p></span></span></p>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0cm 5.4pt 0cm 5.4pt;" valign="top">
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Person<o:p></o:p></span></span></p>
<p class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Add
import Office365ServicePlans -> office365ServicePlans<o:p></o:p></span></span></p>
</td>
</tr>
</tbody></table>
<p class="MsoNormal" style="line-height: normal; margin-bottom: 3.0pt; margin-left: 0cm; margin-right: 0cm; margin-top: 12.0pt; mso-outline-level: 3; page-break-after: avoid;"><span style="mso-bookmark: _Toc358370141;"><b><span style="font-family: "Arial",sans-serif; font-size: 13.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Synchronise Office 365 licenses from FIM to the
metaverse<o:p></o:p></span></b></span></p>
<ol start="1" style="margin-top: 0cm;" type="1">
<li class="MsoNormalCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm; mso-add-space: auto; mso-list: l0 level1 lfo2;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">Run
FIM Full Import and Full Sync<o:p></o:p></span></span></li>
<li class="MsoNormalCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm; mso-add-space: auto; mso-list: l0 level1 lfo2;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">FIM
Export<o:p></o:p></span></span></li>
<li class="MsoNormalCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm; mso-add-space: auto; mso-list: l0 level1 lfo2;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;">FIM
Full Import and Full Sync<o:p></o:p></span></span></li>
</ol>
<p class="MsoNormalCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm; mso-add-space: auto;"><span style="mso-bookmark: _Toc358370141;"><span style="font-family: "Arial",sans-serif; font-size: 10.0pt; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Batang; mso-fareast-language: EN-AU;"><o:p> </o:p></span></span></p><br />Wayne Martinhttp://www.blogger.com/profile/09719833406577070443noreply@blogger.com9tag:blogger.com,1999:blog-6043156720447404006.post-10348677816361745292020-06-17T19:57:00.000+10:002020-06-17T19:57:02.469+10:00Useful PowerShell command-lines #2The 185 commands below are a random list of PowerShell one-liners I've taken note of over the years. Some of these commands are approaching 10 years old, so while all of them probably still work there are most likely better ways of achieving the same outcome with current versions of PowerShell and the underlying Operating System.<br />
<br />
Each command-line can be copied and pasted at a PowerShell command prompt, or you can use the commands as part of a PS1 script file if you prefer.<br />
<br />
<pre class="mycode"><code>
<u>Split a string on spaces, removing empty entries</u>
$line.Split(" ", [System.StringSplitOptions]::RemoveEmptyEntries)
<u>Measure how long a commands takes to execute</u>
measure-command -expression {}
<u>List the processes running on a remote machine</u>
$process = [System.Diagnostics.Process]; $process::GetProcesses($server)
<u>Get a process by ID running on a remote machine</u>
$process = [System.Diagnostics.Process]; $proc = $process::GetProcessById(5716,$server)
<u>Set the priority of a process to above normal</u>
$proc.set_PriorityClass([System.Diagnostics.ProcessPriorityClass]::AboveNormal)
<u>Create a new profile with the default profile variable</u>
new-item -type file -force $profile
<u>Create an empty object with the specified properties</u>
$test = "" | Select-Object Name,Speed
<u>Convert a SID to NT account name</u>
$trustee = new-object System.Security.Principal.SecurityIdentifier("S-1-5-21-1234530602-3734247491-3823728601-63426"); $trustee.Translate([System.Security.Principal.NTAccount])
<u>Delete the master account SID attribute from an AD object</u>
$user = [ADSI]$ADsPath ; $user.putex(1,"msExchMasterAccountSid",$null)
<u>Set the execution policy to allow local scripts to run unsigned</u>
Set-ExecutionPolicy RemoteSigned
<u>Set process affinity</u>
$calcSet = Get-Process -ProcessName "calc" ; foreach ($calc in $calcSet) {$calc.ProcessorAffinity=0x1}
<u>List the values of an enumeration</u>
[enum]::GetValues([VMware.VimAutomation.Types.NamingScheme])
<u>Use the WinNT provider to check administrative membership for a remote computer</u>
[ADSI]"WinNT://" + $computerName + "/Administrators,group"; $members = $adminGroup.psbase.invoke("Members") | %{$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)} | sort-object
<u>Export the key/value pairs of a hash table to csv</u>
$test.GetEnumerator() | export-csv -path c:\temp\hashtable.csv
<u>Return the date format using the get-date cmdlet</u>
Get-Date -format "dd/MM/yyyy HH:mm:ss"
<u>Create an associative array / hash table /</u>
$test = @{a=1; b=2}
<u>Sort a hashtable associative array by name or value</u>
$results = @{a=1; b=2;c=0}; $results.GetEnumerator() | sort-object -property Name
<u>Sleep or pause for 10 seconds</u>
Start-Sleep -seconds 10
<u>Find the last win32 exit code (errorlevel)</u>
$lastexitcode
<u>Find the name of the currently running script</u>
$MyInvocation.MyCommand.path
<u>Convert a string into datetime type using the current culture</u>
$test = "17/03/2010 10:00:00 AM"; [datetime]::Parse($test, [System.Threading.Thread]::CurrentThread.CurrentCulture)
<u>Run an infinite loop</u>
for (;;) {write-output "loop"}
<u>Process a list of files, extracting the first group of a repeating set of data</u>
$files = get-item -path .\*; foreach ($file in $files) {$sandata = get-content -path $file; $count=0; foreach ($line in $sandata) {$csv = $line.split(","); if ($csv[0] -like '*textfilter*') {$count+=1}; if ($count -le 1) {if ($csv[0] -notlike '*Object*') {$line | out-file -file c:\temp\DailySANExport.csv -encoding ascii -append}}}}
<u>Query Citrix XenApp server session information</u>
Get-Wmiobject -namespace root\Citrix -class MetaFrame_Session -computer server01 | format-table -wrap -autosize
<u>Query Citrix XenApp server load information</u>
Get-Wmiobject -namespace root\Citrix -class MetaFrame_Server_LoadLevel -computer server01,server02,server03| format-table -wrap -autosize -prop ServerName,LoadLevel
<u>Find the size of a folder and contents (including subdirectories)</u>
Get-ChildItem $dirPath -recurse | Measure-Object -property length -sum
<u>Round a number down</u>
[math]::floor(100.9)
<u>Find the last bootup time of a Windows OS</u>
$lastBootTime = Get-WmiObject win32_operatingsystem -computer server01 -prop LastBootUpTime
<u>Find the uptime of a machine from WMI, converted from CIM datetime to timespan</u>
$computer = 'server01'; $lastBootTime = Get-WmiObject win32_operatingsystem -computer $computer -prop LastBootUpTime; $wbemDateTime = New-Object -ComObject WbemScripting.SWbemDateTime; $wbemDateTime.value = $lastboottime.LastBootUpTime; $lastBoot = $wbemDateTime.GetVarDate(); $now = Get-Date; $uptime = $now - $lastBoot; $uptime
<u>Select a calculated property using a friendly name</u>
Get-WmiObject -class win32_process | Select-Object -prop Name, @{Name="Owner";Expression ={($_.getowner().domain + "\" + $_.getowner().user)}} | format-table -wrap -autosize
<u>List Processes and their owner</u>
Get-WmiObject -class win32_process | Select-Object -prop Name, @{Name="Owner";Expression ={($_.getowner().domain + "\" + $_.getowner().user)}} | format-table -wrap -autosize
<u>Create a PSObject to store name/value note pairs</u>
$output = new-object PSObject; add-member -membertype NoteProperty -inputObject $output -name "Test" -value "value"
<u>Start a command shell with elevated (UAC) privileges</u>
$psi = new-object System.Diagnostics.ProcessStartInfo "cmd.exe"; $psi.Verb = "runas"; [System.Diagnostics.Process]::Start($psi)
<u>Mail-enable an AD contact in an Exchange 2007 environment</u>
get-mailcontact "CN=user1,DC=domain,DC=local" | set-mailcontact
<u>Query the amount of free space available for 2008 R2 disk shrinking</u>
diskpart shrink querymax
<u>Find the local PowerShell version</u>
$PSVersionTable
<u>Read a file, sort it and then return only unique entries</u>
gc $filename | sort | get-unique > $newfileName
<u>Find unique strings filtered from an input file</u>
find /i '"driverName"' PrinterDrivers_20110708.txt | sort | get-unique > c:\temp\PrinterDrivers.txt
<u>Create a security identifier for a well-known security principal</u>
$self = new-object System.Security.Principal.SecurityIdentifier([System.Security.Principal.WellKnownSidType]::SelfSid, $null)
<u>Convert the Exchange 2007 string into readable format (EXCHANGE12ROCKS)</u>
$out = ""; foreach ($char in ([char[]]"FYDIBOHF23SPDLT")) {$out += ([char]([int]$char-1))}; $out
<u>WMI query to find properties is or is not NULL</u>
Get-Wmiobject -namespace root\MicrosoftExchangeV2 -computer "server01" -Query "SELECT MailboxDisplayName,TotalItems,Size from Exchange_Mailbox WHERE MailboxDisplayName='Cartelier, Robbie' AND DateDiscoveredAbsentInDS is null"
<u>Query disk information from a remote server using WMI</u>
$disks = Get-WmiObject -Namespace root\cimv2 -ComputerName server01 -Query "SELECT * from Win32_LogicalDisk WHERE FileSystem='NTFS'"
<u>Find services filtered by string that are running and stop them</u>
get-service | where {$_.displayName -like '*time*' -and $_.status -eq 'Running'} | stop-service -force
<u>Find and delete a local profile from a remote computer</u>
$user = "domain\account"; $computer = "server01"; $trustee = new-object System.Security.Principal.NTAccount($user); $sid = $trustee.Translate([System.Security.Principal.SecurityIdentifier]).value; get-wmiobject -computer $computer -Query "SELECT * from Win32_UserProfile Where SID = '$sid'"; $profile.delete()
<u>Create an array with a single member</u>
$SingleArray = ,1
<u>Store the results of an expression in an array</u>
$test = @(get-service )
<u>Find disk drive statistics from a number of remote computers</u>
$servers = get-content -path servers.txt; $diskStats = $null; foreach ($server in $servers) { $diskStats += Get-Wmiobject -namespace root\cimv2 -computer $server -Query "SELECT SystemName,Name,Size,FreeSpace,VolumeName FROM Win32_LogicalDisk WHERE Size > 0 AND FileSystem='NTFS'" -ErrorAction SilentlyContinue}; $diskstats | select-object SystemName,Name,Size,FreeSpace,@{N="Used";E={$_.Size-$_.FreeSpace}},VolumeName,@{N="SizeGB";E={[math]::round($_.Size/1024/1024/1024)}},@{N="FreeGB";E={[math]::round($_.FreeSpace/1024/1024/1024)}},@{N="UsedGB";E={[math]::round(($_.Size-$_.FreeSpace)/1024/1024/1024)}} | sort -prop SystemName,Name | export-csv -path servers_diskstats.csv
<u>Find USB devices attached to a number of remote computers</u>
$servers = get-content -path servers.txt; foreach ($server in $servers) {[System.Object[]]$USBDevices += Get-Wmiobject -namespace root\cimv2 -computer $server -Query "SELECT * FROM Win32_DiskDrive WHERE InterfaceType = 'USB'" -ErrorAction SilentlyContinue}; $USBDevices| select __server, Caption, @{N="Size (GB)";E={[math]::round($_.Size/1000/1000/1000)}} | ft -wrap -autosize
<u>Use the split operator to split on multiple characters</u>
$user.proxyAddresses -split ";;"
<u>Find the CA eTrust signature version from the agent.xml file</u>
$ver = select-xml -path c:\temp\agent.xml -xpath '//thisProduct[@Name="eTrust Integrated Threat Manager"]/*/*[@Name="Anti-Malware Signatures"]'; $ver.node.version
<u>Test a host connection with ping</u>
if (test-connection -computer "server01" -count 1 -quiet) {write-host "test"}
<u>Read and process an XML file on a list of servers, returning some attributes</u>
$servers = get-content -path servers.txt; foreach ($server in $servers) { if (test-connection -computer $server -count 1 -quiet) { $path = '\\' + $server + '\c$\Program Files\CA\SharedComponents\Agent\Agent.xml'; if (test-path -path $path) { $ver = select-xml -path $path -xpath '//thisProduct[@Name="eTrust Integrated Threat Manager"]/*/*[@Name="Anti-Malware Signatures"]'; if ($ver) {write-output ($server + "," + $ver.node.version.major + '.' + $ver.node.version.minor + '.' + $ver.node.version.build + '.' + $ver.node.version.revision + "," + $ver.node.LastUpdateTime)} } else { Write-Output ($server + "," + "agent.xml not found") } }}
<u>Find the uptime from one or more remote machines</u>
$servers = get-content -path servers.txt; foreach ($computer in $servers) { if (test-connection -computer $computer -count 1 -quiet) { $lastBootTime = Get-WmiObject win32_operatingsystem -computer $computer -prop LastBootUpTime; $wbemDateTime = New-Object -ComObject WbemScripting.SWbemDateTime; $wbemDateTime.value = $lastboottime.LastBootUpTime; $lastBoot = $wbemDateTime.GetVarDate(); $now = Get-Date; $uptime = $now - $lastBoot; Write-Host ($computer + "," + $uptime.days + "," + $lastBoot.ToString("dd/MM/yyyy")); } }
<u>Set the window title of a PowerShell window</u>
$host.UI.rawui.windowtitle = "test"
<u>Kill a remote process with WMI</u>
([WMI]"\\server01\root\cimv2:Win32_Process.Handle='2564'").Terminate()
<u>Convert a SWBEM datetime yyyymmhhdd time to standard datetime</u>
$datetime = [System.Management.ManagementDateTimeConverter]::ToDateTime($installDate)
<u>Find DNS scavenging events from a 2008 R2 server</u>
$DNS = Get-Wmiobject -namespace root\cimv2 -computer "server01" -Query "SELECT * FROM Win32_NTLogEvent WHERE SourceName='Microsoft-Windows-DNS-Server-Service' AND LogFile='DNS Server' AND EventCode=2501" -ErrorAction SilentlyContinue; Write-Host "Time Generated,Visited Zones,Visited Nodes,Scavenged Nodes,Scavenged Records,Elapsed Seconds,Run again in hours" ; foreach ($scavenge in $dns) {write-output ([System.Management.ManagementDateTimeConverter]::ToDateTime($scavenge.timeGenerated).tostring() + "," + [string]::join(",",$scavenge.insertionstrings))}
<u>Check whether the windows Search Service file services role is installed</u>
wmic /node:server01 path Win32_ServerFeature where "ID=107"
<u>Query remote event logs for DFS initial sync replication log entries</u>
get-eventlog -logname 'DFS Replication' -computer server01 -after "15/01/2012 8:00:00" | where {$_.eventID -eq 4104}
<u>Query local network connections (netstat)</u>
[net.NetworkInformation.IPGlobalProperties]::GetIPGlobalProperties().GetActiveTcpConnections()
<u>Find when a number of machines had their NIC disconnected</u>
$vms = get-content -path servers.txt; $events = foreach ($server in $vms) {get-eventlog -logname 'System' -computer $server -after "31/01/2012 17:00:00" | where {$_.eventID -eq 4201 -or $_.eventID -eq 4202}}; $events | select MachineName,EventID,TimeGenerated,Source,{$_.ReplacementStrings} | export-csv -path c:\temp\VM_NetworkDisconnectedEvents.csv
<u>Enumerate arrays and output their contents to CSV</u>
$events | select MachineName,EventID,TimeGenerated,Source,{$_.ReplacementStrings} | export-csv -path c:\temp\VM_NetworkDisconnectedEvents.csv
<u>Search through text logs looking for a string</u>
select-string -pattern a.user@test.com -path .\ExchangeLogs\*.* -SimpleMatch
<u>Compare two sets of objects to identify differences</u>
compare-object -referenceobject $processes_before -differenceobject $processes_after
<u>Find the default domain password policy</u>
Get-ADDefaultDomainPasswordPolicy
<u>Find the available PowerShell modules</u>
get-module -listAvailable
<u>Find the PowerShell modules that are installed in the current session</u>
get-module
<u>Find the commands available in a specific PowerShell module</u>
get-command -module GroupPolicy
<u>Find IPMI WMI recent SEL event information from a number of servers</u>
$servers = get-content -path servers.txt; $IPMIStats = $null ;foreach ($server in $servers) { $IPMIStats += Get-Wmiobject -namespace root\hardware -computer $server -Query "SELECT __server,MessageTimestamp,Description FROM LogRecord WHERE MessageTimestamp > '20120201000000.000000+600'" -ErrorAction SilentlyContinue}; $IPMIstats | select-object __server,MessageTimestamp,Description | sort -prop __server | export-csv -path c:\temp\SEL_20120225.csv
<u>Read and decode the DACL stored in a REG_BINARY object in the registry</u>
$reg = get-itemproperty "HKLM:\System\CurrentControlSet\Services\LanmanServer\DefaultSecurity"; $acl = New-Object Security.AccessControl.RawSecurityDescriptor($($reg.SrvsvcSharePrintInfo), 0); $acl.DiscretionaryAcl; # see http://msdn.microsoft.com/en-us/library/cc244650(PROT.10).aspx for access mask
<u>Convert REG_BINARY filetime stored in reversed byte/word format to date/time</u>
[datetime]::FromFileTime([Convert]::ToInt64("01CD098EBB74AE65", 16))
<u>List the PowerShell profile script path properties</u>
$profile | select *
<u>Read from remote event logs with PowerShell 2.0 or later</u>
Get-WinEvent
<u>Get the event log provider names for the specified log</u>
$log = get-winevent -listlog Security | select providernames; $log.providernames
<u>Find the EventID and descriptions from the specified event log provider</u>
(get-winevent -listprovider 'Microsoft-Windows-Security-Auditing').events | ft ID,Description -autosize
<u>Reverse an array</u>
[array]::Reverse($array)
<u>Join an array and output as a string with the specified delimiter</u>
("test1", "test2") -join ";"
<u>Add a UPN suffix to the local forest</u>
get-adforest -current localcomputer | set-adforest -upnsuffixes @{Add="newsuffix.com"}
<u>Modify the UPN for a user</u>
get-aduser -id user01 | set-aduser -UserPrincipalName user01@newsuffix.com
<u>Extract error information</u>
$error[0].Exception | select * ; $error[0].Exception.InnerException | select *
<u>Export a single property from multiple objects to file</u>
$objects | select -prop prop01 | export-csv -notype -path c:\temp\output.txt -encoding ascii
<u>Export server shares to a csv file</u>
$outputfile = "c:\temp\server01_shares_" + [DateTime]::Now.ToString("yyyyMMddhhmmss") + ".csv"; Get-WmiObject win32_share -computer server01 | select Name,Path,Description,Caption | export-csv -path $outputFile; $outputFile
<u>Check each line of one file for a match in a second file</u>
$inputLines = get-content -path c:\temp\File01.txt; foreach ($line in $inputLines) {$match = select-string -pattern $line -path File02.txt -SimpleMatch; if (!($match)) {$member}}
<u>Join a file in blocks of two lines</u>
$text = get-content -path File.txt; $results = for($i=0; $i -le $text.length; $i = $i+2){Write-Output ($text[$i] + "; " + $text[$i+1])}
<u>Convert a unicode hex-string to human readable string</u>
$converted = for ($i=0; $i -le $string.length-1; $i = $i+4) {write-output ([CHAR][BYTE]([CONVERT]::toint16($string.substring($i, 2),16)))}; [string]::join("",$converted)
<u>Find the snap-ins currently registered</u>
get-PSsnapin -registered
<u>Run FIM 2010 R2 Microsoft Best-practices Configuration Analyser</u>
Import-module "C:\Program Files\Microsoft Baseline Configuration Analyzer 2\Modules\BaselineConfigurationAnalyzer\BaselineConfigurationAnalyzer"; Invoke-MBCAModel -ModelId FIMBPA -SubModel FIMService -computer fimservice
<u>Binary OR of useraccountcontrol to see if an account is enabled/disabled</u>
(514 -bor 2) -eq 514
<u>Convert a date to filetime (64-bit 100-nanosecond since midnight, 01/01/1601)</u>
$date = [datetime]"24 December 2012"; $date.tofiletime()
<u>Regular expression for numbers with spaces or brackets</u>
'^[\d() -]+$'
<u>Remove brackets and spaces from a string</u>
$test -replace('\(|\)|\s','')
<u>Use the Modulus operator as a way of reporting status in a loop every x</u>
$progress = $count % 1000; if ($progress -eq 0) { Write-Output $count} # Report every 1000
<u>Find the current running username in domain\user format</u>
[System.Security.Principal.WindowsIdentity]::GetCurrent().Name
<u>Find the current running username</u>
$env:username
<u>Break a loop if keyboard input is detected</u>
if($host.UI.RawUI.KeyAvailable) {break;}
<u>Loop infintely until the 'Q' key is pressed</u>
$Qkey = 81; for (;;) { start-sleep 5; if($host.UI.RawUI.KeyAvailable) { $key = $host.ui.RawUI.ReadKey("NoEcho,IncludeKeyUp") ; if ($key.VirtualKeyCode -eq $Qkey) ; { break; } } Write-Output "$(get-date)" }
<u>Install IIS on 2008 onwards</u>
Install-WindowsFeature -Name Web-Server -IncludeAllSubFeature
<u>Find installed hotfixes and installation date</u>
$hotfixes = Get-WmiObject -Namespace root\cimv2 -computer Computer -Query "Select HotfixID,ServicePackInEffect,InstallDate,InstalledBy,InstalledOn from win32_quickfixengineering"
<u>Write a System.Byte[] array to a binary file</u>
set-content -value $byteArray -encoding byte -path c:\temp\image.bmp
<u>Convert decimal to hex</u>
'{0:x}' -f 15
<u>Rename an Active Directory object (caters for naming attribute renames)</u>
rename-adobject -id "CN=User1,OU=Users,DC=domain,DC=local" -newname user2 -server 192.168.10.10
<u>Convert yyyymmdd to [datetime]</u>
[datetime]::ParseExact("20130913", "yyyymmdd", [Globalization.CultureInfo]::InvariantCulture)
<u>Match an array of objects against a string using regular expressions</u>
$mailbox = $mailboxes -match "MARTIN Wayne"
<u>Create a generic log file name based on the script name and today's date</u>
$logFile = ".\" + ($MyInvocation.MyCommand.Name.split("."))[0] + "_" + [DateTime]::Now.ToString("yyyyMMdd") + ".log"
<u>Split a string (eg distinguishedName) containing escaped commas</u>
$dn -split "(?<![\\]),"
<u>List the event log providers on a remote computer</u>
get-winevent -computer server01 -listprovider *
<u>Append to the System path environment variable</u>
$path = [environment]::GetEnvironmentVariable("Path","Machine"); [Environment]::SetEnvironmentVariable("Path", "$path;c:\util", "Machine")
<u>Use AD cmdlets to change the samaccountname of a security group</u>
get-group -id oldsamid | set-group -name newsamid -displayName "newdisplayName" -whatif
<u>Connect with remote powershell to a Lync server</u>
$lync = "lync01"; $session = New-PSSession -ConnectionUri "https://$lync/OcsPowershell" -Authentication Negotiate; Import-PsSession $session
<u>Update the SIP address of a Lync user</u>
Set-CsUser -Identity "user01" -SipAddress "sip:user01@domain.local" -whatif; get-csuser -id user01 | select SipAddress
<u>Find Server 2012 firewall profiles</u>
Get-NetFirewallProfile
<u>Set Server 2012 firewall profiles to lock dropped traffic</u>
Get-NetFirewallProfile | Set-NetFirewallProfile -logBlocked "True"
<u>Find the last known SCM message for the specified service starting</u>
get-winevent -computername fim01 -FilterHashTable @{ logname = "System"; providername="Service Control Manager"; ID = 7036; data = "Forefront Identity Manager Synchronization Service","Running"} -MaxEvents 1
<u>Find the process creation date of a remote process</u>
(Get-WmiObject -ComputerName fim01 -Query "Select * from win32_process where name ='miiserver.exe'") | select Name,@{N='Date';E={$_.ConvertToDateTime($_.creationdate)}} | ft -wrap -auto
<u>Find if an AD account is locked out or not</u>
get-aduser -id user01 -server dc01 -prop LockedOut
<u>Start and then stop a network capture trace on server 2012</u>
netsh Trace start capture = yes & pause & Netsh Trace stop
<u>List the classes in a WMI namespace</u>
Get-WmiObject -list -Namespace root\rsop\computer
<u>Query the highest precedence logon as a service right GPO</u>
Get-WmiObject -computer server01 -namespace root\rsop\computer -class RSOP_UserPrivilegeRight | where {$_.UserRight -eq 'SeServiceLogonRight' -and $_.Precedence -eq 1} | select-object -expand AccountList
<u>Show the last 15 errors in the application event log</u>
get-winevent -computername server01 -FilterHashTable @{logname = "Application"; level=2} -MaxEvents 15
<u>Query Server 2012 for scheduled task information</u>
Get-WMIObject -computer server01 -Namespace "root\Microsoft\Windows\TaskScheduler" -Query "SELECT * from MSFT_ScheduledTask"
<u>Query the security descriptor of shares on a server</u>
$shares = Get-WMIObject -Computer "server01" -Namespace root\cimv2 -Query "SELECT * from Win32_LogicalShareSecuritySetting"
<u>Generate a new GUID</u>
[System.Guid]::NewGuid().ToString()
<u>Generate a new GUID and return with braces</u>
[System.Guid]::NewGuid().ToString("B")
<u>Get an empty GUID (all zeroes)</u>
[System.Guid]::Empty
<u>List browser URLs and document titles for IE browser (not edge)</u>
$urls = (New-Object -ComObject Shell.Application).Windows() | Where-Object {$_.LocationUrl -match "(^https?://.+)|(^ftp://)"}; $urls | select locationName,locationUrl | ft -wrap -auto
<u>View ADFS tracing from the debug event log</u>
get-winevent -computername adfs01 -FilterHashTable @{ logname = "AD FS Tracing/Debug"} -oldest
<u>View ADFS auditing for claim information</u>
get-winevent -computername adfs01 -FilterHashTable @{ logname = "Security"; providername="AD FS Auditing"; ID = 500,501} -MaxEvents 10 | select id,machineName,TimeCreated,Message | ft -wrap -auto
<u>View the AD site name associated with the specified computer</u>
dfsutil /sitename:server01
<u>Find the .Net framework version the current PowerShell instance is using</u>
[Runtime.InteropServices.RuntimeEnvironment]::GetRuntimeDirectory()
<u>Store an encrypted password reversable only by the encrypting user</u>
ConvertTo-SecureString -string "password" -asplaintext -force | ConvertFrom-SecureString | out-file -file c:\temp\password.txt
<u>Encode a string to base64</u>
[System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("Testing"))
<u>Decode a base64 string to text string</u>
[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String("VGVzdGluZw=="))
<u>Install the ActiveDirectory module for PowerShell</u>
Install-WindowsFeature -Name RSAT-AD-PowerShell
<u>Export a certificate to binary format</u>
Export-Certificate -FilePath c:\windows\temp\cert.crt -cert cert:localmachine\ca\9A26AAB090E0CD1F39B96731A4B49AAC65E7BEEA -type cert
<u>Convert an octet stored byte array (eg. GUID) to hex string</u>
[System.String]::Join('',( (get-adobject -id "uid=user01,OU=Users,DC=domain,DC=local" -server dc01 -prop objectguid).objectguid | ForEach-Object { $_.ToString('x2') }))
<u>Check if a string is null or empty</u>
if ([string]::IsNullOrEmpty($string) -eq $true){"True"}
<u>List the UPN suffixes from a remote forest</u>
(get-adforest -identity domain.local).upnsuffixes
<u>List the PowerShell remoting endpoints</u>
Get-PSSessionConfiguration
<u>Read a certificate from file</u>
Get-PfxCertificate -FilePath c:\temp\test.cer | fl *
<u>Prevent PowerShell progress bars from displaying</u>
$ProgressPreference = "SilentlyContinue"
<u>Convert the number of seconds to a timespan to show hours/minutes etc</u>
[timespan]::fromseconds(15*60*60)
<u>Find a remote PowerShell session using WinRM</u>
Get-WSManInstance -ConnectionURI http://server01:5985/wsman shell -Enumerate
<u>Remove a remote PowerShell session using WinRM</u>
Remove-WSManInstance -ConnectionURI http://localhost:5985/wsman shell @{ShellID="6CF3C5C6-1954-430F-98B7-2D99E8AADCE3"}
<u>Start an elevated process with PowerShell</u>
start-process -verb RunAs cmd
<u>Find the verbs available for a particular file</u>
$startExe = New-Object System.Diagnostics.ProcessStartInfo -Args PowerShell.exe; $startExe.verbs
<u>Check if a specified time of day has passed</u>
((get-date) -lt ([datetime]::ParseExact("23:00:00", "HH:mm:ss", [System.Globalization.CultureInfo]"en-AU")))
<u>Start an elevated runas process as alternate credentials</u>
Start-Process powershell -Credential $cred -ArgumentList '-noprofile -command &{Start-Process cmd -verb runas}'
<u>Find service terminated unexpectedly (multiple event IDs)</u>
get-winevent -computername server01 -FilterHashTable @{ logname = "System"; startTime = $date; id=7031,7034}
<u>Decrypt a securestring password to text</u>
(New-object System.Net.NetworkCredential("",$Password)).Password
<u>Convert to a nicely formatted JSON message</u>
ConvertFrom-Json $message | ConvertTo-Json
<u>Find hotfixes installed</u>
get-hotfix
<u>URL encode a string</u>
[System.Web.HttpUtility]::UrlEncode($clientID)
<u>Check remote Hyper-V VM migration status</u>
Get-WmiObject -computer server01 -Namespace root\virtualization\v2 -Class Msvm_MigrationJob | ft Name, JobStatus, PercentComplete, VirtualSystemName
<u>Make it so doskey macros and shortcuts work in PS5+</u>
Remove-Module PSReadLine
<u>Find the digital signature of a file</u>
(get-AuthenticodeSignature c:\util\procexp.exe).SignerCertificate | fl *
<u>Convert Unix epoch time in milliseconds to datetime</u>
(Get-Date "1970-01-01 00:00:00.000Z") + ([TimeSpan]::FromMilliSeconds(1539045767455))
<u>Convert a number to binary</u>
[convert]::ToString(512,2)
<u>Convert from win32 filetime</u>
"{0:hh:mm:ss.fff tt dd/MM/yyyy}" -f [datetime]::FromFileTime(131864751713547989)
<u>Find the effective applocker policy</u>
Get-AppLockerPolicy -Effective | Test-AppLockerPolicy -Path "C:\Windows\System32\cscript.EXE"
<u>Determine whether the AD recycle bin is enabled or not (EnabledScopes)</u>
Get-ADOptionalFeature -Filter 'name -like "Recycle Bin Feature"'
<u>Find the Active Directory schema version</u>
Get-ADObject (Get-ADRootDSE).schemaNamingContext -Property objectVersion
<u>Query SCCM for a computer resource</u>
$server = "sccm01";$site = "s01"; $resourceName = "server01"; $resource = Get-WmiObject -ComputerName $server -Namespace "root\sms\site_$site" -Class "SMS_R_System" -Filter "Name = '$resourceName'"
<u>Query SCCM for a the collection membership of a computer resource</u>
$ids = (Get-WmiObject -ComputerName $server -Namespace "root\sms\site_$site" -Class SMS_FullCollectionMembership -filter "ResourceID=`"$($Resource.ResourceId)`"").collectionID
<u>Export DNS zone information from a 2016 DC</u>
Get-DnsServerZone | export-csv -path c:\windows\temp\DNSZones_20190304.csv -encoding ascii -notype
<u>Find Active Directory replication conflict objects</u>
$conflicts = Get-ADObject -LDAPFilter "(|(cn=*\0ACNF:*)(ou=*CNF:*))"
<u>Install RSAT on Windows 10 1809</u>
Get-WindowsCapability -Name RSAT* -Online | Add-WindowsCapability -Online
<u>Find Office 365 Group mailbox folder information</u>
get-mailboxfolderstatistics -id user01@domain.local | select FolderPath
<u>Find events containing the specified string</u>
$filter = @{logname='Security'; starttime=[datetime]::today; data='/adfs/services/trust/2005/windowstransport' }; $events = get-winevent -computername adfs01 -FilterHashTable $filter
<u>Decode a dnsrecord entry in an AD DNSRecord object</u>
$dnsrecord = (get-adobject -id "DC=10.10,DC=168.192.in-addr.arpa,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=local" -prop *).dnsrecord; [System.Text.Encoding]::ASCII.GetString($dnsrecord[0])
<u>Report when a TCP connection was created</u>
Get-NetTCPConnection | Sort-Object LocalPort | Format-Table Local*, Remote*, State, CreationTime
<u>Find any alternate data streams in a file</u>
get-item c:\temp\test.txt -Stream *
<u>View the content of an alternate data stream</u>
get-content c:\temp\test.txt -Stream Stream1
<u>Remove an alternate data stream</u>
Remove-Item -path c:\temp\test.txt -Stream Zone.Identifier
<u>Find the direct reports from the AD manager backlink</u>
(get-aduser -id user01 -prop directreports).directreports
<u>Find the day of week</u>
(get-date).DayOfWeek
<u>Find the number of the current day of the week</u>
[int](get-date).DayOfWeek | (get-date).DayOfWeek.value__
<u>Find the number of the the specified day</u>
[int][DayofWeek]"Sunday"
<u>Format a string as hex</u>
"05bb80f4-5d0b-4358-b173-7a206a924734" | format-hex
<u>Export DNS SRV records</u>
Get-DNSServerResourceRecord -ZoneName domain.local -ComputerName dc01 -RRType SRV | Export-CSV -path c:\temp\srv-export.csv -notypeinformation
<u>Query Domain Controllers in one or more sites</u>
Get-ADDomainController -filter "site -eq 'site1' -or site -eq 'site2' -or site -eq 'site3'" |select name
<u>Show datetime on command prompt</u>
function prompt { "PS $((Get-Date).ToString("hh:mm:ss")) $(get-location)>"}
<u>Find DCs running 2016 OS</u>
Get-ADDomainController -filter "OperatingSystem -eq 'Windows Server 2016 Standard'" | select name
<u>Unblock a file downloaded from the Internet</u>
Unblock-File C:\temp\downloaded.ps1
<u>Find the 5 most recent files from the specific path</u>
Get-ChildItem -Recurse -path c:\admin\scripts\powershell\*.ps1 | sort -prop LastWriteTime -desc | select -first 5 FullName,LastWriteTime
<u>Find the registered event log sources for the specified log</u>
Get-WMIObject -Computer "server01" -Authentication PacketPrivacy -Query "SELECT FileName, Sources from Win32_NTEventLogFile where FileName = 'CustomEventLog'" | select -expand sources
</code></pre>
<br />
<span style="font-size: 85%;">Wayne's World of IT (WWoIT). </span>
Wayne Martinhttp://www.blogger.com/profile/09719833406577070443noreply@blogger.com0tag:blogger.com,1999:blog-6043156720447404006.post-12483674842143137122020-06-14T10:17:00.004+10:002020-08-08T07:32:56.195+10:00More useful command-lines #4<br />
<div style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;">
<span style="font-family: "arial" , sans-serif; font-size: 12.0pt;">While
PowerShell is usually the tool of choice these days, old habits die hard.<span style="mso-spacerun: yes;"> </span>I still record </span></div>
<span style="font-family: "arial" , sans-serif; font-size: 12.0pt;">command-lines
I find useful in the old-fashioned command prompt.<span style="mso-spacerun: yes;"> </span></span><br />
<br />
<div style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;">
<span style="background: white; color: black; font-family: "arial" , sans-serif; font-size: 12.0pt;">This is the fourth edition of useful command
lines, adding another 467 commands. Note that many of the command-line may
require Microsoft utilities (such as dsquery, wmic, dnscmd), or resource kits,
sysinternals or other third-party binaries.</span><span style="color: black; font-family: "arial" , sans-serif; font-size: 12.0pt;"><br style="mso-special-character: line-break;" /></span><span style="-webkit-text-stroke-width: 0px; float: none; orphans: 2; word-spacing: 0px;"><br /></span></div>
<span style="-webkit-text-stroke-width: 0px; float: none; orphans: 2; word-spacing: 0px;">
</span>
<br />
<div style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;">
<span style="-webkit-text-stroke-width: 0px; float: none; orphans: 2; word-spacing: 0px;"><span style="background: white; color: black; font-family: "arial" , sans-serif; font-size: 12.0pt;">Each command-line can be copied and pasted at the
command prompt, if you use a batch file you'll need to reference variables with
double-percent (%%).</span><span style="color: black; font-family: "verdana" , sans-serif;"><br style="-webkit-text-stroke-width: 0px; mso-special-character: line-break; orphans: 2; word-spacing: 0px;" /></span></span><span style="-webkit-text-stroke-width: 0px; float: none; orphans: 2; word-spacing: 0px;"><span style="-webkit-text-stroke-width: 0px; float: none; orphans: 2; word-spacing: 0px;"><br /></span></span></div>
<span style="-webkit-text-stroke-width: 0px; float: none; orphans: 2; word-spacing: 0px;"><span style="-webkit-text-stroke-width: 0px; float: none; orphans: 2; word-spacing: 0px;">
</span></span>
<br />
<div style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;">
<span style="-webkit-text-stroke-width: 0px; float: none; orphans: 2; word-spacing: 0px;"><span style="-webkit-text-stroke-width: 0px; float: none; orphans: 2; word-spacing: 0px;"><span style="font-family: "arial" , sans-serif; font-size: 12.0pt;">I hope this
will help some of the other non-clickers out there.</span></span></span></div>
<span style="-webkit-text-stroke-width: 0px; float: none; orphans: 2; word-spacing: 0px;"><span style="-webkit-text-stroke-width: 0px; float: none; orphans: 2; word-spacing: 0px;">
</span></span>
<br />
<div style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;">
<span style="-webkit-text-stroke-width: 0px; float: none; orphans: 2; word-spacing: 0px;"><span style="-webkit-text-stroke-width: 0px; float: none; orphans: 2; word-spacing: 0px;"><span style="color: black; font-family: "verdana" , sans-serif;"><br />
<span style="background: white;"><span style="-webkit-text-stroke-width: 0px; float: none; orphans: 2; word-spacing: 0px;">See the previous three posts for more command-line
operations:</span></span></span></span></span></div>
<span style="-webkit-text-stroke-width: 0px; float: none; orphans: 2; word-spacing: 0px;"><span style="-webkit-text-stroke-width: 0px; float: none; orphans: 2; word-spacing: 0px;">
</span></span>
<div style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;">
<span style="-webkit-text-stroke-width: 0px; float: none; orphans: 2; word-spacing: 0px;"><span style="-webkit-text-stroke-width: 0px; float: none; orphans: 2; word-spacing: 0px;"><span style="color: #5588aa; font-family: "verdana" , sans-serif;"><a href="http://waynes-world-it.blogspot.com/2010/03/more-useful-command-lines.html"><span style="color: #5588aa;">http://waynes-world-it.blogspot.com/2010/03/more-useful-command-lines.html</span></a></span></span></span></div>
<span style="-webkit-text-stroke-width: 0px; float: none; orphans: 2; word-spacing: 0px;"><span style="-webkit-text-stroke-width: 0px; float: none; orphans: 2; word-spacing: 0px;">
<div style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm;">
<a href="http://waynes-world-it.blogspot.com/2009/09/more-useful-command-lines.html"><span style="color: #5588aa; font-family: "verdana" , sans-serif; text-decoration: none;">http://waynes-world-it.blogspot.com/2009/09/more-useful-command-lines.html</span></a><span style="font-family: "arial" , sans-serif; font-size: 12.0pt;"></span></div>
<div style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm; tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<a href="http://waynes-world-it.blogspot.com/2008/09/useful-command-lines.html"><span style="color: #5588aa; font-family: "verdana" , sans-serif; text-decoration: none;">http://waynes-world-it.blogspot.com/2008/09/useful-command-lines.html</span></a><span style="color: black; font-family: "verdana" , sans-serif;"><br style="-webkit-text-stroke-width: 0px; mso-special-character: line-break; orphans: 2; word-spacing: 0px;" />
<br style="mso-special-character: line-break;" />
</span><u><span style="font-family: "courier new"; font-size: 10.0pt;"></span></u></div>
<span style="-webkit-text-stroke-width: 0px; float: none; orphans: 2; word-spacing: 0px;"><br />
<div style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0cm; tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<pre class="mycode"><code>
<u>Disable IPV6 on Windows Server 2008</u>
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters" /v DisabledComponents /t reg_dword /d 0xFFFFFFFF
<u>Verify a certificate chain</u>
certutil -verify -urlfetch test.cer
<u>Query the roles and features installed on a Windows Server 2008 installation</u>
ServerManagerCmd -query
<u>Create a performance monitor log to gather local counters</u>
logman create counter SystemPerformance -cf c:\temp\counters.txt -b "29/04/2010 0:00:00" -e "29/04/2010 23:59:59" -r -rf 24:00:00 -cnf 24:00:00 -o c:\perflogs\%computername% -f bin -si 00:00:15
<u>Check the access permissions on files/directories/registry keys (sysinternals)</u>
accesschk.exe
<u>GUI View virtual/physical memory maps of processes (sysinternals)</u>
vmmap.exe
<u>View Win32 and Kernel-mode Debug output (sysinternals)</u>
dbgview.exe
<u>Use 2008R2 logman to create a data collector set from a saved XML</u>
logman import -xml c:\admin\Control\Performance.xml -n Performance
<u>Use 2008R2 logman to start a performance data collector set</u>
logman start Performance
<u>Display license/activation details on a KMS client for the current license</u>
cscript c:\windows\system32\slmgr.vbs /dlv
<u>Find 2008 servers in the domain</u>
dsquery * domainroot -filter "(&(objectCategory=Computer)(objectClass=Computer)(operatingSystem=Windows Server 2008*))" -limit 0
<u>Set the KMS server used for activation</u>
cscript slmgr.vbs /skms %kmsServer%
<u>Trigger software activation</u>
cscript slmgr.vbs /ato
<u>Find the owners of all processes on a remote system</u>
wmic /node:%server% PROCESS where "caption like '%'" getowner
<u>Find contacts that are members of distribution groups</u>
dsquery * -filter "(&(objectClass=Contact)(objectCategory=Person)(memberof=*))" -attr distinguishedname memberof -limit 0
<u>Query a group of XenApp/terminal servers for TS logons</u>
wmic /node:server01,server02,server03 path Win32_PerfFormattedData_TermService_TerminalServices Get ActiveSessions,InactiveSessions,TotalSessions
<u>Enable user mode verbose logging</u>
reg add "\\server01\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v UserenvDebugLevel /t reg_dword /d 0x30002
<u>Enable Kerberos debugging</u>
reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters /v LogLevel /t reg_dword /d 1
<u>Enable NTFRS debugging</u>
reg add HKLM\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters /v "Debug Log Severity" /t reg_dword /d 0x4
<u>Enabled Group Policy Client Side Extension (CSE) debugging</u>
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GpExtensions\{827d319e-6eac-11d2-a4ea-00567f79f83a}" /v ExtensionDebugLevel /t reg_dword /d 0x2
<u>Enabled Group Policy foldre redirection debugging</u>
reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics" /v FdeployDebugLevel /d reg_dword /d 0x0000000F
<u>Check whether a user's token size is too large</u>
ntdsutil "group membership evaluation" "run domain user"
<u>Use ntdsutil with escaped double-quotes when the SAMID has spaces</u>
ntdsutil "group membership evaluation" "run domain \"User 01\"" quit quit
<u>2008 server print backup recovery and maintenance, query printers</u>
c:\Windows\System32\spool\tools\printbrm -q
<u>Set the managed by attribute of an object on a particular DC</u>
cscript SetManagedBy.vbs dc01 "CN=GroupName,CN=Users,DC=domain,DC=local" "CN=UserOrGroup,DC=domain,DC=local"
<u>Set the ACE required for the tick-box allowing a manager of an object</u>
dsacls.exe "CN=GroupName,CN=Users,DC=domain,DC=local" /G domain\user:WP;member
<u>Test whether a Domain Controller is responding over LDAPS</u>
adfind -b "dc=domain,dc=local" -h dc01 -ssl
<u>Find AD/DNS registered KMS servers</u>
nslookup -type=srv _VLMCS._tcp.domain.local
<u>Query a number of Citrix/XenApp/Terminal servers for users</u>
for %i in (server01 server02 server03) do @for /f %m in ('"quser /server:%i | find /i "ica" /c"') do @echo %i,%m
<u>Query Citrix farm information</u>
qfarm
<u>Set 2003 page file information</u>
cscript C:\WINDOWS\system32\pagefileconfig.vbs /change /s %server% /I 6144 /M 6144 /VO C:
<u>Set 2008 page file information</u>
wmic pagefileset create name="C:\\pagefile.sys" & wmic pagefileset set InitialSize=614,MaximumSize=6144
<u>View the certificate stores available to the current user</u>
reg query HKCU\Software\Microsoft\SystemCertificates
<u>View the properties of an exported certificate</u>
certutil /dump ExportedCert.pfx
<u>Find the MTU size on a Windows 2003+ server</u>
netsh interface ip show int
<u>Read the registry to find network adapter configuration (MTU jumbo)</u>
reg query \\server01\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318} /s | find /i "reg" | findstr /i /c:DriverDesc /c:ProviderName /c:"jumbo"
<u>Use WMI to find the MTU of a network interface (2008 and later)</u>
wmic /node:%server% path win32_networkadapterconfiguration get MACAddress,MTU,IPAddress
<u>Report drive geometry using WMI</u>
wmic path Win32_DiskDrive Get DeviceID,TotalSectors ,Size
<u>Query Citrix session information</u>
queryds /table:Conn_Sessions
<u>Find the committed bytes in use percentage from a remote computer</u>
wmic /node:%server% path Win32_PerfFormattedData_PerfOS_Memory get PercentCommittedBytesInUse
<u>Find the Citrix XenApp metaframe load level for a Citrix server</u>
wmic /node:%server% /namespace:\\root\Citrix path MetaFrame_Server_LoadLevel
<u>Find the applications running on a Citrix server</u>
wmic /node:server01 /namespace:\\root\Citrix path MetaFrame_ApplicationsRunningOnServer
<u>Find Citrix server information</u>
wmic /node:server01 /namespace:\\root\Citrix path MetaFrame_Server
<u>From a list of computers, find the remote NIC bandwidth / speed</u>
for /f %i in (c:\temp\servers_20100601.txt) do wmic /node:%i path Win32_PerfRawData_Tcpip_NetworkInterface Where "Name!='MS TCP Loopback interface'" Get Name,CurrentBandwidth > %i_bandwidth.txt
<u>Find Exchange Servers from Active Directory</u>
dsquery * "CN=Configuration,DC=domain,DC=local" -filter "(&(objectClass=msExchExchangeServer)(objectCategory=msExchExchangeServer))"
<u>Transfer single-master FSMO roles to the connected DC</u>
ntdsutil roles Connections "Connect to server dc01" quit "Transfer %role%"
<u>Query for the NetBIOS 1B domain master browser and PDC record</u>
nblookup /x 1b DOMAIN
<u>Query for the DNS PDC SRV Service Record</u>
nslookup -type=srv _ldap._tcp.pdc._msdcs.domain.local
<u>Check the role for a domain member</u>
wmic /node:dc01 path win32_computersystem get DomainRole (0 Standalone WS, 1 Member WS, 2 Standalone Server, 3 Member Server, 4 Backup Domain Controller, 5 Primary Domain Controller)
<u>Load performance counters from the specified DLL</u>
lodctr %file%
<u>Find a list of computers sorted by creation date</u>
dsquery * "OU=Workstations,OU=Resources,DC=domain,DC=local" -limit 0 -filter "(&(objectClass=Computer)(objectCategory=Computer))" -attr whenChanged CN | sort
<u>Find the display specifier used when creating new users through the GUI</u>
dsquery * "CN=user-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,DC=domain,DC=local" -attr createDialog
<u>Delete a computer record from SCCM through the WMI provider</u>
wmic /namespace:\\root\sms\site_sc1 /node:"server01" path SMS_R_System WHERE Name='server02' DELETE
<u>Recompile service control manager logs to fix missing SCM event log entries</u>
psexec \\server01 /s mofcomp %windir%\system32\wbem\scm.mof
<u>Export feature/role information using 2008 server manager (shows defaults)</u>
servermanagercmd -query c:\temp\roles.xml
<u>Find trust account metadata for a trusted domain</u>
repadmin /showmeta "CN=DOMTRUST$,CN=Users,DC=domain,DC=local"
<u>Set read-only permissions to the current folder with non-progagated inheritance</u>
icacls . /grant Users:(NP)(R) - in this example adding (NP) is not strictly necessary, just ommitting (OI)(CI) assumes this folder only (NP). The SDDL export of two commands reports the same (with NP and without)
<u>Query system devices and drivers</u>
wmic /node:server01 path win32_systemdriver
<u>Find machines from a specific manufacturer</u>
wmic /node:server01 path win32_computersystem where "Manufacturer like '%Dell%'" get Manufacturer,Model,Name
<u>Run a remote sysinternals utility with psexec specifying accepteula twice</u>
psexec -accepteula \\server01 c:\temp\handle.exe "-accepteula"
<u>Use delayed expansion (cmd /v:on) to parse reg.exe output and produce CSV</u>
for /f "tokens=1,* delims=_" %i in ('dir /b *.txt') do @set test="%~nj"& (@for /f "skip=2 tokens=3" %m in ('"find /i "reg_" %i_%j | findstr /c:AutoReboot /c:CrashDumpEnabled /c:DumpFile /c:LogEvent /c:MinidumpDir /c:Overwrite /c:SendAlert | sort"') do @set test=!test!,"%m")& @echo !test!
<u>Enable the option to generate a STOP error on demand for a USB 2008 server</u>
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters /v CrashOnCtrlScroll /t reg_dword /d 0x1
<u>Generate a STOP error with a sysinternals test faulty app</u>
NotMyFault.exe /crash
<u>Gather file system cache and other memory information from a group of servers</u>
for /f %i in ('dsquery computer -desc *file* -name server* -o rdn') do @for /f "skip=1 tokens=1-8" %m in ('"wmic /node:%i path Win32_PerfFormattedData_PerfOS_Memory get CacheBytes,CacheBytesPeak,SystemCacheResidentBytes,AvailableMBytes,PoolPagedBytes,PoolNonpagedBytes,FreeSystemPageTableEntries,PercentCommittedBytesInUse"') do @echo %i,%m,%n,%o,%p,%q,%r,%s,%t
<u>Analyse Windows memory allocation (sysinternals). Metafile for FS cache</u>
RAMMap and VMMap
<u>Install IIS7 and management tools on 2008</u>
servermanagercmd -install Web-WebServer Web-Mgmt-Tools
<u>Install File services and FSRM on 2008</u>
servermanagercmd -install File-Services FS-FileServer FS-Resource-Manager
<u>Find the cluster size of a disk volume</u>
wmic /node:%server% path win32_volume Get DriveLetter,BlockSize,Label
<u>Find mail enabled users and contacts from an AD and export to CSV</u>
csvde -f c:\temp\mailEnabled_20100816.csv -l samaccountname,cn,givenName,sn,displayname,mail,proxyAddresses,mailnickname,legacyExchangeDN,lastLogonTimestamp -r "(&(|((objectClass=Contact)(objectClass=User)))(objectCategory=Person)(mailnickname=*))"
<u>Find Exchange private mailbox stores from AD</u>
dsquery * "CN=Configuration,DC=domain,DC=local" -filter "(&(objectClass=msExchPrivateMDB)(objectCategory=msExchPrivateMDB))"
<u>Modify security descriptor for access to the application event log</u>
HKLM\System\CurrentControlSet\Services\Eventlog\Application\CustomSD,1,%AppLogSD%,2
<u>Query alternate recipients for Exchange forwarding addresses</u>
dsquery * -filter "(&(objectClass=*)(altRecipient=*))" -attr cn altrecipient
<u>Use IPMI to query the event log of a Dell server BMC</u>
ipmiutil sel -N 192.168.1.10 -U root -P calvin -F lan2
<u>Query a dnsNode object in AD for a reverse lookup zone</u>
dsquery * "DC=10,DC=192.168.1.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=domain,DC=local" -attr *
<u>List Print Drivers on a 2008 R2 server</u>
cscript C:\Windows\System32\Printing_Admin_Scripts\en-US\prndrvr.vbs -l
<u>Install an x64 2008 R2 version 3 printer driver</u>
cscript C:\Windows\System32\Printing_Admin_Scripts\en-US\prndrvr.vbs -a -v 3 -e "Windows x64" -m "RICOH Aficio 3245C PCL 6" -i c:\src\Drivers\Ricoh3245C\r40479en\disk1\OEMSETUP.INF -h c:\src\Drivers\Ricoh3245C\r40479en\disk1
<u>Install an x86 XP version 3 printer driver to a 2008 R2 server</u>
cscript C:\Windows\System32\Printing_Admin_Scripts\en-US\prndrvr.vbs -a -v 3 -e "Windows NT x86" -m "RICOH Aficio 3245C PCL 6" -i c:\src\Drivers\Ricoh3245C\r40485en\disk1\OEMSETUP.INF -h c:\src\Drivers\Ricoh3245C\r40485en\disk1
<u>Create a TCP/IP port using RAW over TCP 9100</u>
cscript prnport.vbs -a -s server01 -r IP_192.168.1.10 -h 192.168.1.20 -o raw -n 9100
<u>Create a printer, using the specified printer and port on a 2008 R2 server</u>
cscript prnmngr.vbs -a -p DJW391 -m "RICOH Aficio 3245C PCL 6" -r IP_192.168.1.10
<u>Share and publish a printer on a 2008 R2 server</u>
cscript prncnfg.vbs -t -p DJW391 -h DJW391 +shared +published
<u>Query IIS virtual directories using WMI</u>
wmic /node:server01 /namespace:\\root\MicrosoftIISv2 path IIsWebVirtualDir
<u>Enumerate 2008 R2 event logs</u>
wevtutil.exe el
<u>Get the configuration of a 2008 R2 event log</u>
wevtutil.exe gl Microsoft-Windows-PrintService/Operational
<u>Enable print information job logging with 10MB log file</u>
wevtutil.exe sl Microsoft-Windows-PrintService/Operational /e /ms:10485760
<u>Set AD acls for full control of computer objects, inherited to sub-objects</u>
dsacls "OU=Workstations,OU=Resources,DC=domain,DC=local" /I:S /G DOMAIN\group01:GA;;computer
<u>Set AD acls for creating/deleting computer objects, inherited to this and sub</u>
dsacls "OU=Workstations,OU=Resources,DC=domain,DC=local" /I:T /G DOMAIN\group01:CCDC;computer
<u>Check whether an executable is x86, WAMD64, W32i64 etc (2003 support.cab)</u>
filever.exe %filename%
<u>LDAP filter to return mail-enabled users that are members of a particular group</u>
dsquery * -filter "(&(objectClass=User)(objectCategory=Person)(mailnickName=*)(memberOf=CN=group01,OU=Groups,DC=domain,DC=local))"
<u>Find dynamic distribution lists in the directory and the LDAP filter used</u>
dsquery * -filter "(objectClass=msExchDynamicDistributionList)" -attr distinguishedName msExchDynamicDLFilter
<u>Find groups a user is a member of using extended match operator for the chain</u>
dsquery * -filter "(&(objectClass=Group)(member:1.2.840.113556.1.4.1941:=CN=user01,DC=domain,DC=local))" -scope subtree
<u>Find foreign security principals and group membership, resolving the name</u>
dsquery * CN=ForeignSecurityPrincipals,DC=domain,DC=local -filter "(&(objectClass=foreignSecurityPrincipal)(memberOf=*))" -attr msDS-PrincipalName memberof
<u>Find constructed token groups for the specified user</u>
dsquery * "CN=user01,DC=domain,DC=local" -attr tokenGroupsGlobalAndUniversal -s dc01 -scope base
<u>Find constructed last modified for the specified object</u>
dsquery * "CN=user01,DC=domain,DC=local" -attr modifyTimeStamp -s dc01
<u>Find the constructed canonincal name for the specified user object</u>
dsquery * -filter (samaccountname=user01) -attr canonicalName -s dc01
<u>Find software that's installed using WMI</u>
wmic path win32_product
<u>Find file/directory information using WMI</u>
wmic path win32_directory where "Name = 'c:\\temp'"
<u>Join a computer to a domain</u>
netdom join %computername% /domain:test.com /userd:administrator /passwordd:password /reb
<u>Find a list of servers from AD and then query them for disk space</u>
for /f %i in ('dsquery computer -name server* -o rdn') do @wmic /node:%i path Win32_LogicalDisk Get Name,Size,FreeSpace,VolumeName /format:csv | find /i /v "a:,," | find /i /v "d:,," | find /i "dv"
<u>Find uptime of a computer and lanman workstation statistics</u>
net stats workstation
<u>Find uptime of a computer and lanmanserver statistics</u>
net stats srv
<u>Find size and free space of logical disks of a remote machine</u>
wmic /node:"server01" path Win32_LogicalDisk WHERE "Size > 0" GET SystemName,Name,Size,FreeSpace,VolumeName /format:csv
<u>ODBC data source administrator on 2008 R2</u>
odbcad32.exe
<u>Create a 64-bit DSN on 2008 R2</u>
odbcconf.exe /Lv c:\admin\logs\SQLNativeClientInstall.log /A {CONFIGSYSDSN "SQL Server Native client 10.0" "DSN=VMware VirtualCenter|Description=Test instance of vCenter|Server=sqlserver01\instance01|Database=VirtualCenter"}
<u>Create a 32-bit DSN on 2008 R2</u>
c:\windows\syswow64\odbcconf.exe /Lv c:\admin\logs\SQLNativeClientInstall.log /A {CONFIGSYSDSN "SQL Server Native client 10.0" "DSN=VMUM|Description=Update Manager Test Instance|Server=sqlserver01\instance01|Database=VMUM"}
<u>Check the NTP announceflags of each DC to find reliable time servers</u>
for /f %i in ('"nltest /dclist: | find /i "[ds]""') do reg query \\%i\hklm\system\currentcontrolset\services\w32time\config /v announceflags
<u>Set the logon as a service right on a remote computer</u>
ntrights -m \\%computer% -u %domain%\%user% +r SeServiceLogonRight
<u>Set a remote service to run as a doman user account (remove interact)</u>
sc \\%computer% config %service% obj= "%domain%\%username%" password= "password" type= own
<u>Find the server holding the PDC single-master operations role</u>
dsquery server -hasfsmo pdc
<u>Add and install a Plug and Play driver package (enough for 2008 to change vga)</u>
pnputil -i -a "c:\program files\common files\vmware\Drivers\wddm_video\vm3d.inf"
<u>Find vCenter alerts</u>
dumpel -s server01 -l application -d 1 -m "Categor01"
<u>Find the latest .Net framework version from a list of computers</u>
for /f %i in (c:\temp\servers_20101020.txt) do @ping -n 1 %i >nul & if errorlevel 0 if not errorlevel 1 @for /f "tokens=*" %m in ('"reg query "\\%i\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP" 2>nul |find /i "hkey" > c:\temp\dotnet.txt & tail -1 c:\temp\dotnet.txt"') do @for /f "tokens=3" %q in ('"reg query "\\%i\%m" /v version 2>nul| find /i "reg_sz" & if errorlevel 1 echo 1 2 NotFound"') do @echo %i,%m,%q
<u>Query Citrix or terminal server session information</u>
qwinsta /server:%computer%
<u>Reset a remote Citrix or terminal server session</u>
rwinsta %sessionname% /server:%computer%
<u>Reset a local Citrix or terminal server session</u>
reset %sessionname%
<u>Find host header bindings from the IIS metabase</u>
findstr /i "^.*:[0-9]*:.*$" \\%server%\c$\windows\system32\inetsrv\metabase.xml
<u>Export events, changing the date from EN-US to EN-AU</u>
for /f "tokens=1-3,* delims=/ " %i in ('"dumpel -s \\server01 -l application -e 3041 -m "MSSQL$DB01" -d 50"') do @echo %j/%i/%k %l
<u>Use IPMI to read sensors on a Dell R900 server</u>
ipmiutil sensor -N 192.168.1.10 -U root -P calvin -F lan2
<u>Find the sector and cluster size for an NTFS volume</u>
fsutil fsinfo ntfsinfo h:\
<u>Enumerate SRV records from the specified location in a DNS zone</u>
dnscmd dc01 /enumrecords domain.local._tcp.dc._msdcs.domain.local. /type SRV
<u>Export an AD-integrated zone to file</u>
dnscmd server01 /ZoneExport domain.local domain.local.dns
<u>Find driver file information for the specified devices</u>
devcon drivernodes *RDP_MOU* & devcon driverfiles *RDP_MOU*
<u>Create a custom Active Directory partition for DNS records</u>
DnsCmd dc01 /CreateDirectoryPartition manualDNS_msdcs.domain.local
<u>Add an additional DC for partition replication</u>
DnsCmd dc01 /EnlistDirectoryPartition manualDNS_msdcs.domain.local
<u>Convert a file-based primary to an AD integrated primary in a custom partition</u>
dnscmd /ZoneResetType _msdcs.domain.local /DsPrimary /OverWrite_Ds /DirectoryPartition manualDNS_msdcs.domain.local
<u>Enumerate the partitions in an Active Directory</u>
DnsCmd /EnumDirectoryPartitions
<u>Find CAs published in AD</u>
dsquery * "cn=enrollment services,cn=public key services,cn=services,cn=configuration,dc=domain,dc=local
<u>Find user accounts with SID history</u>
adsquery * -filter "(&(objectClass=User)(objectCategory=Person)(sidhistory=*))" -attr name sidhistory
<u>Check the local _msdcs records on a Domain Controller</u>
\\%computer%\c$\windows\system32\config\netlogon.dns
<u>Find secure channel information about trusted domains/forests</u>
wmic /namespace:\\root\MicrosoftActiveDirectory path Microsoft_DomainTrustStatus
<u>Find services that are set to automatically start but are currently stopped</u>
wmic /node:server01 path win32_service where "State='Stopped' AND StartMode='Auto'"
<u>Find trusts of type forest</u>
dsquery * "CN=System,DC=domain,dc=local" -filter "(&(objectClass=trustedDomain)(trustAttributes:1.2.840.113556.1.4.803:=8))" -attr stPartner flatName trustAttributes
<u>Add an Active Directory service record for GC lookups</u>
dnscmd dc01 /recordadd _msdcs.domain.local. _ldap._tcp.site01._sites.gc._msdcs.domain.local. SRV 0 100 3268 dc01.domain.local.
<u>Modify the default intra-site change notification for replication</u>
repadmin /notifyopt dc1 dc2 "DC=domain,DC=local" /first:10
<u>Find the options for a site link (1 for change notifications)</u>
dsquery * "CN=SiteLink01,CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=domain,DC=local" -attr Options
<u>Modify a site link to use change notifications</u>
admod -b "CN=SiteLink01,CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=domain,DC=local" options::1
<u>Delete one or more user profiles</u>
delprof /p /c:\\%computer%
<u>Write an ISO image to CD/DVD</u>
isowriter -r e: -e "file.iso"
<u>Find mail-enabled public folders that aren't hidden from the GAL</u>
dsquery * -filter "(&(objectClass=publicFolder)(mailnickName=*))" -attr cn mail msExchHideFromAddressLists -limit 0 | find /i "false"
<u>Query servers from an SMS/SCCM database</u>
wmic /namespace:\\root\sms\site_a01 /node:"server01" path SMS_R_System WHERE "ADSiteName = 'S01' and OperatingSystemNameandVersion like '%server%'" get name,adsitename,IPAddresses,MACAddresses /format:CSV
<u>Find serial numbers from physical servers</u>
wmic /node:@physical.txt path Win32_SystemEnclosure get SerialNumber /format:csv
<u>Find the number of mail-enabled active users who have a home drive on a server</u>
for /f "tokens=*" %i in ('dsquery * -filter "(&(objectClass=User)(objectCategory=Person)(mailnickname=*)(!userAccountControl:1.2.840.113556.1.4.803:=2)(homeDirectory=*%server%*))" -limit 0 ^| find /i /c "cn="') do @echo %i
<u>Find the canonical name (constructed attribute) of a list of users</u>
dsquery * -filter "(&(objectClass=User)(objectCategory=Person)(homeDirectory=*arisrv*))" -attr canonicalName
<u>Query and decode password last set for user accounts, output in csv without DN</u>
adfind -b "DC=domain,DC=local" -f "(&(objectClass=User)(objectCategory=Person)(homeDirectory=*server01*))" canonicalName pwdlastset -tdc -csv -excl -nodn
<u>Find an account and decode all attributes (pwdlastset, useraccountcontrol etc)</u>
adfind -s base -b "CN=user01,OU=Accounts,DC=domain,DC=local" -h dc01 -alldc
<u>Find the canonical name of a filtered list of OUs</u>
dsquery * -filter "(&(objectClass=organizationalUnit)(name=*server*))" -attr canonicalName
<u>Purge Kerberos tickets for the currently running user</u>
klist purge
<u>From a list of computers, report whether they respond to a ping or not</u>
for /f %i in (c:\temp\Servers.csv) do for /f "tokens=3 delims=: " %m in ('ping -n 1 %i ^| find /i "reply from" ^& if errorlevel 1 echo 1:2:NoReply') do echo %i,%m
<u>Query 2008 or later for the OS architecture (x86 or x64)</u>
wmic /node:server01 path Win32_OperatingSystem Get OSArchitecture
<u>Query 2003 or earlier for the OS architecture (x86 or x64)</u>
wmic /node:server01 path Win32_OperatingSystem Get Caption
<u>Delete the policy restriction to run perfmon.msc</u>
reg delete HKEY_CURRENT_USER\Software\Policies\Microsoft\MMC\{C96401CF-0E17-11D3-885B-00C04F72C717}
<u>Update the WINS DHCP Option Value</u>
netsh dhcp server \\server01 scope 192.168.10.0 set optionvalue 044 IPADDRESS 192.168.10.10 192.168.20.10
<u>List Components installed on a 2008 R2 core installation</u>
ocsetup ServerManager-PSH-Cmdlets, Import-Module Servermanager; Get-WindowsFeature
<u>Rename a computer</u>
netdom renamecomputer oldserver01 /newname newserver01 /reboot
<u>Show current firewall rules</u>
netsh advfirewall firewall show rule name=all
<u>Enable DNS logging</u>
dnscmd /config /loglevel 0xffffffff
<u>Disable EDNS0 probes</u>
dnscmd /Config /EnableEDnsProbes 0
<u>Update the master for a secondary DNS zone</u>
dnscmd /zoneresetmasters zone.local 192.168.10.10 192.168.10.11
<u>Disable TCP window size auto-tuning on 2008 servers</u>
netsh interface tcp set global autotuning=disabled
<u>Show global TCP settings on 2008 servers</u>
netsh interface tcp show global
<u>Allow storage of credentials (requirse reboot)</u>
reg add hklm\system\currentcontrolset\control\lsa /v disabledomaincreds /d 0x0 /t reg_dword
<u>Tell Exchange to filter messages sent through authenticated connections (SCL)</u>
reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Exchange\ContentFilter /v CheckAuthSessions /d 0x1 /t reg_dword
<u>Check if Access Based Enumeration (ABE) is enabled on a DFS namspace</u>
dfsutil property abe \\domain.local\shared
<u>Find groups of type distribution</u>
dsquery * -filter "(&(objectClass=Group)(objectCategory=Group)(!groupType:1.2.840.113556.1.4.803:=2147483648))"
<u>Set variables for the current date</u>
for /f "tokens=2-9 delims=/:. " %i in ('echo %date% %time%') do Set DateTime=%k%j%i&Set DateTimeLong=%k%j%i%l%m%n
<u>Find people that have logged on today</u>
for /f "tokens=2-9 delims=/:. " %i in ('echo %date% %time%') do Set Today=%k/%j/%i& adfind -default -f "(&(objectClass=User)(objectCategory=Person))" -csv -noDN -alldc Name lastlogontimestamp | find /i "%today%"
<u>Set the secure list of IPs allowed to transfer a DNS zone</u>
dnscmd dc01 /zoneresetsecondaries domain.local /SecureList 192.168.10.10 192.168.10.11
<u>Use portqry to perform a NetBIOS adapter status request (retrieves MAC)</u>
portqry -n server01 -e 137 -p udp
<u>Find the Exchange schema version</u>
dsquery * CN=ms-Exch-Schema-Version-Pt,cn=schema,cn=configuration,dc=domain,dc=local -scope base -attr rangeUpper
<u>Find the NTDS.DIT file size on Domain Controllers in the local domain</u>
for /f %i in ('dsquery server -o rdn') do @for /f "tokens=1-5" %m in ('"dir \\%i\c$\windows\ntds\ntds.dit | find /i "dit""') do @echo %i,%m,%n %o,"%p",%q
<u>Find Active Directory schema attributes with the specified display Name</u>
dsquery * "CN=Schema,CN=Configuration,DC=domain,DC=local" -filter (lDAPDisplayName=info)
<u>Find groups with the info/comment set</u>
dsquery * -filter "(&(objectClass=Group)(objectCategory=Group)(info=*))" -attr Name Info
<u>Refresh 2008 R2 network configuration after policy changes (eg SearchList)</u>
psexec \\server01 gpupdate
<u>Check the disk timeout value for SCSI Request block storport I/O requests</u>
reg query \\%server%\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Disk /v TimeOutValue
<u>Find a DC in the closest site available by site cost nltest /dsgetdc:domain.</u>
ocal /TRY_NEXT_CLOSEST_SITE
<u>Query the SPF record for a DNS zone from the specified DNS server</u>
nslookup -type=txt server.mail.com 192.168.10.10
<u>Enabled Event log tracing for Windows for nltest.exe processes using DCLocator</u>
reg add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DCLocator\Tracing\nltest.exe"
<u>Start an ETW session for the DCLocator GUID</u>
"C:\WinDDK\7600.16385.1\Tools\tracing\amd64\tracelog.exe" -start "nltest" -guid #cfaa5446-c6c4-4f5c-866f-31c9b55b962d -f c:\temp\nltesttrace1.evt -flag 0x0a024332 -level 0x4
<u>Stop an ETW session</u>
tracelog -stop nltest
<u>Parse ETW data and generate a HTML report</u>
tracerpt nltesttrace.etl -o -report
<u>Use LogParser to parse an ETW DCLocator report</u>
"C:\Program Files (x86)\Log Parser 2.2\LogParser.exe" -i etw -o csv "select * from \temp\nltesttrace.etl"
<u>Query the status of an NBL load balanced cluster</u>
nlb query & cluster.domain.local:clusterhost2
<u>Extract Windows Server 2008 R2 events by source</u>
dumpel -l application -d 1 -m Microsoft-Windows-Defrag
<u>Redirect output to the clipboard (2003 or later binary)</u>
echo test | clip
<u>Find users who will need to reset their password at next logon</u>
dsquery * -filter "(&(objectClass=User)(objectCategory=Person)(pwdLastSet=0))"
<u>Decode Exchange 2003 permissions through msExchMailboxSecurityDescriptor</u>
adfind -b "CN=user01,DC=domain,DC=local" -alldc -sddc+ -resolvesids
<u>Refresh certificates from NTDS store on 2008 Domain Controllers</u>
adfind -h dc01 -sc rsc
<u>Find Exchange servers from Active Directory</u>
dsquery * "CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=ORG,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local" -scope onelevel
<u>Browse directly to a different mailbox with OWA</u>
https://vip.domain.local/owa/user01@domain.local
<u>Find the Operating System from a list of computers</u>
wmic /node:@c:\temp\exchange.txt path win32_operatingsystem get CSName,Name
<u>Export a certificate as Base64 encoded</u>
certutil -split -store my server01.domain.local & certutil -encode Blob0_0.crt server01.domain.local.txt
<u>Create a self-signed root authority on a server (prompts for password)</u>
makecert -r -pe -n "CN=Test Root Authority" -ss my -sr LocalMachine -a sha1 -sky signature TestCA.cer -sv TestCA.pvk
<u>Add a self-signed root to the trusted root CA store</u>
certutil -addstore root TestCA.cer
<u>Create a server authentication cert using the self-signed root for local DC</u>
makecert -pe -n "CN=dc01.test.local" -ss my -sr LocalMachine -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1 -in "Test Root Authority" -is MY -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 dc01.test.local.cer
<u>Create a server authentication cert using the self-signed root for a second DC</u>
makecert -pe -n "CN=dc02.Test.local" -ss my -sr LocalMachine -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1 -in "Test Root Authority" -is MY -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 dc02.Test.local.cer
<u>Export the dc02 cert with private key for transfer to another computer</u>
certutil.exe -privatekey -exportpfx "dc02.test.local" dc02.test.local.pfx
<u>On dc02, install the root trusted cert and the server cert</u>
certutil -addstore root TestCA.cer & certutil -importPFX dc02.test.local.pfx
<u>Delete certificates from the personal store on the local computer</u>
certutil -delstore my dc02.test.local & certutil -delstore my TestVCA
<u>Shows DHCP reserved IPs from a DHCP scope</u>
netsh dhcp server \\server01 scope 192.168.10.0 show reservedip
<u>Find users that are listed in the managedBy field of one or more groups</u>
dsquery * -filter "(&(objectClass=User)(objectCategory=Person)(managedObjects=*))" -attr name managedobjects
<u>Find Collections from SMS using WMIC</u>
wmic /namespace:\\root\sms\site_org path sms_collection where "Name like '%OSD%'"
<u>Deny a user the right to view another user in AD</u>
dsacls "CN=user01,DC=domain,DC=local" /d domain\user02:GR;;
<u>Find groups and decode the group type</u>
adfind -b "dc=domain,dc=local" -f "(&(objectClass=Group)(mailnickname=*))" -h dc01 name groupType -alldc -csv
<u>Find the token size and groups a user is a member of</u>
tokensz /compute_tokensize /dump_groups
<u>From a resource server, find the token size and group membership (SIDHistory)</u>
tokensz /compute_tokensize /user:user01 /domain:domain /password:Password1 /dump_groups
<u>Using OWA for Exchange 2003, view/recover deleted items in any folder</u>
http://exchange01/exchange/user@domain.local/?cmd=showdeleted
<u>Find group and their group type (security, distribution, universal etc)</u>
adfind -b "dc=domain,dc=local" -f "(&(objectClass=Group)(objectCategory=Group))" -h dc01 name groupType -alldc -csv > c:\temp\quest\SecurityGroupTypes_20110826.csv
<u>Find groups of type security in the directory</u>
adfind -b "dc=domain,dc=local" -f "(&(objectClass=Group)(objectCategory=Group)(name=@*)(groupType:1.2.840.113556.1.4.803:=-2147483648))" grouptype -alldc
<u>Find tables in the specified SQL database</u>
sqlcmd -S server01\QMMINSTANCE -d MMEXProject -W -s "," -Q "SELECT * from sys.tables"
<u>Query a Quest QMM 8,7 database for collections and members</u>
sqlcmd -S server01\QMMINSTANCE -d MMEXProject -W -s "," -Q "SELECT COL.CollectionName,srv.Name,MO.DisplayName from MEMBERSOFCOLLECTION MO inner join collections COL on COL.ID = MO.CollectionID inner join server srv on srv.ID = MO.ServerID Where MO.CollectionID != 0"
<u>Find accounts in the directory created today</u>
for /f "tokens=1-8 delims=/:. " %i in ('echo %date% %time%') do Set Today=%l%k%j000000 & adfind -b dc=domain,dc=local -f "(&(objectClass=User)(objectCategory=Person)(whenCreated>=%today%.0Z))" -csv
<u>View a DFS namespace on 2008 R2</u>
dfscmd /view \\domain.local\shared /full
<u>Find the Outlook mail control panel CPL file</u>
reg query "HKEY_CURRENT_USER\Control Panel\MMCPL"
<u>Mount a shadow copy volume through the filesystem (vssadmin list shadows)</u>
mklink /d c:\shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy242\ (the trailing back-slash is important)
<u>From a list of computers, find the srvcomment</u>
for /f %i in (servers.txt) do @for /f "tokens=1,2,*" %m in ('"reg query \\%i\hklm\system\currentcontrolset\services\lanmanserver\parameters /v srvcomment 2>nul| find /i "srvcom" & if errorlevel 1 echo 1 2 {None}"') do @echo %i,%o
<u>From a list of computers, find the AD computer account description</u>
for /f %i in (servers.txt) do adfind -b "dc=domain,dc=local" -f "(&(objectClass=Computer)(objectCategory=Computer)(name=%i))" -csv -nocsvheader -nodn Name,description
<u>Find an immediate but not very accurate way to count of files on a volume</u>
fsutil fsinfo ntfsinfo C: & echo Divide Mft Valid Data Length / Bytes Per FileRecord Segment
<u>Export a mailbox from 2003 Exchange that's greater than 2GB</u>
cscript ExMBspanPst.vbs user01
<u>Install Active Directory Administration tools for 2008 R2</u>
servermanagercmd -install RSAT-ADDS
<u>Robocopy in restartable mode (this slows down copy 10-20x)</u>
robocopy . c:\dest /z
<u>Mailbox-enable an AD user account in Exchange 2003</u>
exchmbx -b "%userDN%,OU=domain,DC=local" -cr Exchange01:sg1:db1
<u>Add to an SMS/SCCM collection</u>
cscript c:\data\scripts\sms\AddDirectMembership.wsf server01 /c:"Collection01" /s:server01
<u>Find a list of files and their size and date modified</u>
for /f "tokens=*" %i in ('dir /s /a-d /b *.*') do echo "%i","%~zi","%~ti">> C:\Admin\Logs\DirList.txt
<u>Parse a number of robocopy log files, showing the filename and total size/files</u>
for %i in (\\server\c$\logs\robocopy*.log) do for /f "tokens=*" %m in ('"tail "%i" | findstr /i /c:" files :" /c:" bytes :""') do echo %i %m
<u>From a list of users, return which groups they have managedBy set for</u>
adfind -b "DC=domain,DC=local" -f "(&(objectClass=User)(objectCategory=Person)(managedObjects=*))" managedObjects -list
<u>Save ACLs in SDDL format</u>
icacls g: /save ACLs.txt /t /c
<u>Find msExchMasterAccountSid and decode to readable SID</u>
adfind -b dc=domain,dc=local -f "(&(objectCategory=user)(msExchUserAccountControl=0)(msExchMasterAccountSid=*))" msExchMasterAccountSid distinguishedName -alldc -csv -nodn
<u>View the DFS referral cache on the DFS client</u>
dfsutil cache referral
<u>Check Windows Server 2008 hardware installation/device/driver log files</u>
C:\WINDOWS\INF\setupapi.dev.log
<u>Remove the 'Authentication' tab from ncpa.cpl properties (kb950725)</u>
sc \\%server% stop dot3svc
<u>Check which .Net framework edition an assembly has been compiled for</u>
c:\Program Files\Microsoft SDKs\Windows\v7.0\Bin\x64\ildasm.exe
<u>Use back-quoted for loops including special characters with ^ as escape for |</u>
for %i in (*.xml) do for /f "tokens=* usebackq skip=1" %m in (`find /i "<Result" %i ^| find /i /v "ErrorCode=""0""" ^| find /i /v "ErrorCount=""0""" ^| find /i "<"`) do echo %i,%m
<u>Install the telnet client on a Windows 2008 R2 server</u>
servermanagercmd -install Telnet-Client
<u>Enumerate DFS targets</u>
wmic /node:server01 path win32_dfstarget get ServerName,LinkName,ShareName
<u>View DFS referrals for XP/2003 clients</u>
dfsutil /PKTINFO
<u>Find DNS scavenging events from a 2008 R2 server</u>
wmic /node:"server01" path Win32_NTLogEvent WHERE "SourceName='Microsoft-Windows-DNS-Server-Service' AND LogFile='DNS Server' AND EventCode=2501"
<u>Check whether AD Bridge All Site Links is enabled or not (0x2)</u>
dsquery * "CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,dc=domain,dc=local" -attr options -scope base
<u>Check whether Domain Controllers are responding on LDAPS</u>
for /f %i in ('dsquery server -o rdn') do adfind -h %i:636 -default -s base
<u>Display a tree-like structure using the canonical name of OUs</u>
dsquery * -filter "(&(objectClass=OrganizationalUnit)(objectCategory=OrganizationalUnit))" -attr canonicalName | sort
<u>Quickly count the number of files on a drive</u>
c:\util\ndff.exe c:
<u>Query information from the Dell WMI namespace (doesn't show disk status though)</u>
wmic /node:%server% /namespace:\\root\cimv2\dell path dell_cmdevice
<u>Check the firewall status for the domain profile from a number of servers</u>
for /f %i in (Servers_20120117.txt) do @for /f "tokens=3" %m in ('"reg query \\%i\hklm\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile /v EnableFirewall | find /i "enablefire" & if errorlevel 1 echo 1,2,NotFound"') do @echo %i,%m
<u>Report directory usage of a directory and subdirectories</u>
du -c -v c:\temp
<u>Dump loaded DLLs and versoin information</u>
listdlls -v
<u>Find TCP network connections on a remote machine using SNMP</u>
snmputil walk localhost public .1.3.6.1.2.1.6.13.1.1
<u>Query events from a 2008 event log</u>
wevtutil qe System /q:"*[System[Provider[@Name='EventLog']]]" /e:events > events.xml
<u>Create an eventlog entry</u>
eventcreate /T ERROR /ID 1000 /L APPLICATION /D "Test"
<u>Find proxy addresses filtered by SMTP type from a user account</u>
adfind -b %i name mail displayName proxyaddresses -list -nocsvheader -mvfilter proxyaddresses=smtp
<u>Query the SCP used by Autodiscover in Exchange 2007</u>
dsquery * "CN=domain.local,CN=Microsoft Exchange Autodiscover,CN=Services,CN=Configuration,DC=domain,DC=local" -attr *
<u>Parse IIS logs for OWA connections</u>
findstr "SEARCH.\/exchange/.*\/Inbox" ex120130.log
<u>Query SCCM sites and site servers</u>
wmic /namespace:\\root\sms\site_S01 /node:server01 path SMS_Site
<u>Query SCCM folders</u>
wmic /namespace:\\root\sms\site_S01 /node:"server01" path SMS_ObjectContainerNode
<u>Query the IPMI WMI classes for Baseboard Management Controller (BMC) info</u>
wmic /node:server01 /namespace:\\root\hardware path NumericSensor
<u>Query the IPMI WMI classes for recent SEL events</u>
wmic /node:server01 /namespace:\\root\hardware path LogRecord Where "MessageTimestamp > '20120110144951.000000+600'" Get MessageTimestamp,Description
<u>Run Dell omreport to check disk status information from remote servers</u>
for /f %i in (c:\temp\servers.txt) do psexec \\%i "C:\Program Files (x86)\Dell\SysMgt\oma\bin\omreport.exe" storage pdisk controller=0 > %i_physicaldisk.txt
<u>Query IPMI for drive information (sometimes can tell disk failure)</u>
wmic /node:server01 /namespace:\\root\hardware path Sensor Where "Name like 'Drive%'" Get Name,Description,CurrentState
<u>Query a number of workstations for cross-forest logons</u>
for /f %i in (c:\temp\servers.txt) do @dumpel -s %i -l application -m Userenv -e 1109 >> WorkstationCrossForestLogons.txt
<u>Delete shadow copies (allows deleting backup shadows)</u>
diskshadow delete shadows ID {shadowID}
<u>Delete Internet Explorer policy restrictions prevending showing option tabs</u>
reg delete "hku\S-1-5-21-3554533865-731492840-16770200-2139\software\policies\microsoft\internet explorer\control panel"
<u>Find the Exchange 2007 AutoDiscover binding URL</u>
dsquery * "CN=server01,CN=Autodiscover,CN=Protocols,CN=server01,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=ORG,CN=Microsoft Exchange,CN=Services,CN=Configuration,dc=domain,dc=local" -attr *
<u>Find the owner of an AD object</u>
dsacls "CN={9596758E-5ADC-4639-A3A4-812835D92F6F},CN=Policies,CN=System,dc=domain,dc=local" /A
<u>Find the default security descriptor applied to OU objects</u>
adfind -b "CN=Organizational-Unit,CN=Schema,CN=Configuration,dc=domain,dc=local" defaultSecurityDescriptor
<u>Automatic analysis of a memory dump created from a bugcheck/stop error</u>
C:\Program Files\Debugging Tools for Windows (x64)\dumpchk.exe SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols memory.dmp
<u>Use SCCM Remote Control (requires rc.exe and rdpencom.dll)</u>
rc 1 server01 \\sccm01
<u>IIS logs on 2008 R2 IIS7 servers</u>
\\%server%\c$\inetpub\logs\logfiles\W3SVC1\u_ex120317.log
<u>Query IIS logs for OWA activity</u>
logparser "SELECT cs-username, Count(*) AS OWAHits from c:\temp\u_ex120317.log WHERE cs-uri-stem LIKE '%OWA%' AND cs-username IS NOT NULL GROUP BY cs-username ORDER BY OWAHits Desc" -rtp:-1
<u>Use LogParser to read event logs</u>
"c:\Program Files\Log Parser 2.2\logparser" -i:evt "Select * from \\server01\system Where EventID = 1"
<u>Use LogPartser to parse IIS logs for OWA statistics</u>
logparser "SELECT cs-username, Count(*) AS OWAHits from \\server01\C$\INETPUB\LOGS\LOGFILES\W3SVC1\u_ex12031*.log WHERE cs-uri-stem LIKE '/owa/%' AND cs-username IS NOT NULL GROUP BY cs-username ORDER BY OWAHits Desc" -rtp:-1
<u>Export local security policy with rights merged with domain policy</u>
secedit /export /cfg security_domain.txt /mergedpolicy /areas user_rights
<u>Export local security policy, including local and domain policy settings</u>
secedit /export /cfg security.txt /areas user_rights
<u>List all DFSR replication groups</u>
dfsradmin rg list /attr:all
<u>List all DFSR replication group memberships</u>
dfsradmin Membership list /rgname:domain\share\dfs01 /attr:all
<u>List all DFSR replication connections</u>
dfsradmin conn list /rgname:domain\share\dfs01
<u>Forcefully take ownership of files</u>
takeown /f *.* /A /R
<u>Query FEP forefront endpoint protection infection status</u>
wmic /namespace:\\root\Microsoft\SecurityClient path AntimalwareInfectionStatus
<u>Query the local anti-virus product</u>
wmic /namespace:\\root\SecurityCenter path AntiVirusProduct
<u>Query the local firewall product</u>
wmic /namespace:\\root\SecurityCenter path FirewallProduct
<u>Query an SCCM client for console user information</u>
wmic /namespace:\\root\cimv2\sms path sms_systemconsoleuser
<u>Query an SCCM client for top console user</u>
wmic /namespace:\\root\cimv2\sms path sms_systemconsoleusage
<u>Query profile last login information</u>
wmic /node:server01 path Win32_NetworkLoginProfile get Name,LastLogon
<u>Show the SDDL string for an ACL (redirect to console)</u>
icacls \\server\share\directory /save con
<u>Export ETL files to CSV</u>
tracerpt MPTrace-04162012-125657.bin -o test.csv -of csv
<u>Find the primary SMTP address and samaccountname from all mail-enabled users</u>
adfind -b DC=domain,DC=local -f "(&(objectclass=User)(objectCategory=Person)(mailnickname=*))" samaccountname proxyaddresses -csv -nodn -mvfilter proxyaddresses=SMTP -mvfiltercs > mailPrimary_20120310.txt
<u>Use the SQL stored procedure to return column name and data type information</u>
Sp_help TableName
<u>Install the PowerShell Active Directory module on a 2008 R2 server</u>
servermanagercmd -install RSAT-AD-PowerShell
<u>Query the MX records for the specified domain</u>
nslookup -type=mx domain.com 192.168.10.10
<u>Query the managedObjects (managedBy back) to show managed groups</u>
dsquery * "CN=user01,DC=domain,DC=local" -attr managedObjects
<u>ADLDS LDAP debugging (logged to event viewer)</u>
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM_Test\Diagnostics /v "15 Field Engineering" /d 0x5 /t reg_dword & reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM_Test\Parameters" /v "Expensive Search Results Threshold" /d 0x1 /t reg_dword
<u>Produce a sorted lits of OUs</u>
adfind -b dc=domain,dc=local -f "(&(objectClass=OrganizationalUnit)(objectCategory=OrganizationalUnit))" canonicalName description -csv -nocsvheader -nodn | sort > OU_ORG_20120614.csv
<u>View all settings from a single window</u>
md c:\temp\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
<u>Anonymous bind to AD to query an object (operations error?)</u>
adfind -b DC=domain,DC=local -h dc01 -f "(&(objectClass=User)(objectCategory=Person)(samaccountname=user01))" -u -simple
<u>Check whether SID filter (SID History) will be allowed across forest trusts</u>
Netdom trust domain.local /domain domain.local /EnableSIDHistory
<u>Query SCCM site information from Active Directory</u>
dsquery * "CN=System Management,CN=System,DC=domain,DC=local" -filter (objectClass=mSSMSSite) -attr mSSMSSiteCode mSSMSAssignmentSiteCode mSSMSRoamingBoundaries
<u>Query SCCM management point information from Active Directory</u>
dsquery * "CN=System Management,CN=System,DC=domain,DC=local" -filter (objectClass=mSSMSManagementPoint) -attr mSSMSSiteCode mSSMSMPName
<u>Query SCCM Service Locator Points (stored as SCPs) from Active Directory</u>
dsquery * "CN=System Management,CN=System,DC=domain,DC=local" -filter (objectClass=mSSMSServerLocatorPoint) -attr mSSMSSiteCode mSSMSMPName
<u>Find disabled user accounts without msExchMasterAccountSid set</u>
adfind -b dc=domain,dc=local -f "(&(objectClass=User)(objectCategory=Person)(msExchUserAccountControl=2)(!(msExchMasterAccountSid=*)))" msExchMasterAccountSid distinguishedName -alldc -csv -nodn
<u>Find enabled user accounts that have msExchMasterAccountSid set</u>
adfind -b dc=domain,dc=local -f "(&(objectClass=User)(objectCategory=Person)(msExchUserAccountControl=0)(msExchMasterAccountSid=*))" msExchMasterAccountSid distinguishedName -alldc -csv -nodn
<u>Restore the default domain controllers and default domain policy</u>
dcgpofix /target:both
<u>Query token groups for a resource forest access</u>
ntdsutil "group membership evaluation" "set account dc dc01" "set resource dc rdc01" "run domain user01"
<u>Query token suze for a resource forest access request (run on resource server)</u>
tokensz /compute_tokensize /user:usetest /domain:dom /password:Passw0rd /dump_groups
<u>Query group membership for the current access token</u>
whoami /groups
<u>Query SCCM packages and export to a CSV file</u>
wmic /namespace:\\root\sms\site_org /node:"sccm01" path SMS_package get * /format:csv > sms_packages.csv
<u>Use netdom to query the local FSMO role holders</u>
netdom query fsmo
<u>Query IIS logs to find Exchange OWA connections</u>
echo SELECT cs-username, Date INTO STDOUT FROM \\server01\c$\inetpub\logs\LogFiles\W3SVC1\*,\\server02\c$\inetpub\logs\LogFiles\W3SVC1\* WHERE (cs-username IS NOT NULL) AND (sc-status = 200) AND (cs-uri-stem = '/owa/') AND (c-ip like '10.6%') GROUP BY Date, cs-username > c:\temp\WebAccess.sql & "c:\Program Files\Log Parser 2.2\LogParser.exe" file:c:\temp\WebAccess.sql -i:IISW3C -o:CSV > OWA_ExternalAccess_20120828.csv
<u>Reset the EV client</u>
cd "C:\Program Files\Microsoft Office\Office14" & "c:\Program Files\Enterprise Vault\EVClient\ResetEVClient.exe
<u>Query SCCM Asset Intelligence user last logon information</u>
sqlcmd -S sql01\sccm -d sccm -W -s "," -Q "SET NOCOUNT ON;Select distinct v_R_System.Netbios_Name0 AS 'Computer', v_R_System.AD_Site_Name0 AS 'AD Site', v_GS_SYSTEM_CONSOLE_USER.SystemConsoleUser0 AS 'Console User',v_GS_SYSTEM_CONSOLE_USER.NumberOfConsoleLogons0 AS 'Console Logons',v_GS_SYSTEM_CONSOLE_USER.TotalUserConsoleMinutes0 AS 'Total Minutes on Console',v_GS_SYSTEM_CONSOLE_USER.LastConsoleUse0 AS 'Last Console Use' from v_R_System INNER JOIN v_GS_SYSTEM_CONSOLE_USER ON v_GS_SYSTEM_CONSOLE_USER.ResourceID = v_R_System.ResourceID" > c:\temp\SCCM_AI_ConsoleUsers_20121030.txt
<u>Find the FIM 2010 Service/Portal database server and name</u>
reg query \\fimservice\hklm\System\CurrentControlSet\Services\FIMService | find /i "database"
<u>Find the FIM 2010 Synchronisation Service database informtaion</u>
reg query \\fimsync\hklm\System\CurrentControlSet\Services\FIMSynchronizationService\Parameters
<u>Find the database recovery model for SQL databases on the specified server</u>
sqlcmd -S sql01\db01 -d master -W -s "," -Q "SELECT name AS [Database Name], recovery_model_desc AS [Recovery Model] FROM sys.databases"
<u>Performance Collector and viewer for ETW/ETL files</u>
PerfView.exe
<u>Clear DNS server cache</u>
dnscmd dc01 /clearcache
<u>Reset a locked user account</u>
dsmod user -disabled no "CN=user1,OU=Users,DC=domain,dc=local"
<u>Find DNS unconditional forwarders for a DNS server</u>
dnscmd /info
<u>Find full access and send-as mailbox rights for Exchange 2003</u>
adfind -b "CN=user1,OU=Users,DC=domain,dc=local" msExchMailboxSecurityDescriptor ntsecuritydescriptor -alldc -sddc++ -resolvesids -mvfilter msExchMailboxSecurityDescriptor="FULL MBX";ntsecuritydescriptor="Send As"
<u>Grant the AD right to poll for directory changes</u>
dsacls "DC=domain,dc=local" /G "domain\group:CA;Replicating Directory Changes"
<u>Find PCNS targets in Active Directory</u>
dsquery * "CN=System,DC=domain,DC=local" -filter "(objectclass=mS-MIIS-PCNS-Target)" -attr *
<u>Regular expression for numbers with spaces or brackets</u>
'^[\d() -]+$'
<u>Dump PCNS successfull password change logs</u>
dumpel -s fimsync -l application -e 6902 -d 2 -m FIMSynchronizationService > c:\temp\PCNS_SuccessfulChanges.txt
<u>Access terminal services shared drives</u>
\\tsclient\c\temp
<u>Query the logical names from a file backup set</u>
RESTORE FILELISTONLY FROM disk='e:\temp\DB1.BAK'
<u>Restore a SQL database, moving the files to new locations</u>
RESTORE DATABASE "DB1" FROM DISK='e:\temp\DB1.BAK' WITH MOVE 'DB1' TO 'e:\MSSSQL\Data\db1.mdf', MOVE 'DB1_log' TO 'f:\MSSSQL\Log\DB1_log.ldf'; GO
<u>Create a scheduled task that runs every day between 6am-6pm</u>
SCHTASKS /Create /S fimservice /RU domain\user /RP Password /SC DAILY /MO 1 /TN "Repeated task" /TR ".\task.bat" /ST 06:00 /DU 12:00
<u>Audit mailbox folder permissions (works on Ex2007 to mailbox servers)</u>
PFDAVAdmin.exe
<u>Custom pfdavadmin filter to only export calendar permissions</u>
(&(0x3001001E=Calendar))
<u>Parse IIS logs on Exchange 2007 for OWA access</u>
"c:\Program Files\Log Parser 2.2\LogParser.exe" file:c:\temp\WebAccess.sql -i:IISW3C -o:CSV > OWA_InternalAccess_20120828.csv (sql: SELECT cs-username, Date INTO STDOUT FROM \\server01\c$\inetpub\logs\LogFiles\W3SVC1\*,\\server02\c$\inetpub\logs\LogFiles\W3SVC1\* WHERE (cs-username IS NOT NULL) AND (sc-status = 200) AND (cs-uri-stem = '/owa/') AND (c-ip like '10.6%') GROUP BY Date, cs-username)
<u>View FIM trace logs</u>
svcTraceViewer.exe (win 7 sdk)
<u>Boot disk to reset the local administrator password</u>
cd080802.zip
<u>Start Outlook with RPC diagnostics</u>
"C:\Program Files\Microsoft Office\Office14\outlook.exe" /rpcdiag
<u>Reset the protected flag on an AD ACL</u>
dsacls "CN=user01,DC=domain,DC=local" /P:N
<u>Find the Exchange autodiscover SRV record from DNS</u>
nslookup -type=srv _autodiscover._tcp.domain.local
<u>Verify a certificate's validity and CRL check</u>
certutil -v -f -urlfetch -verify certificate.cer
<u>Display the certificate URL cache entries</u>
certutil /urlcache
<u>Delete all certificate URL cache entries</u>
certutil /urlcache * delete
<u>Start the GUI to access the stored usernames (manage passwords) applet</u>
control userpasswords2 (then click on 'manage passwords')
<u>Add a stored credential for a SQL instance to use with trused windows auth</u>
cmdkey /add:sql01.domain.com:49709 /user:domain\user01 /pass
<u>Enable Internet Explorer add-on management (if disabled by policy)</u>
reg add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions" /v NoExtensionManagement /d 0x0
<u>tracert with increased buffer size and higher timeout</u>
c:\util\ftrace.exe -l 2048 -d -w 5000 host.domain
<u>tracert with increased buffer size and lower timeout with 10 pings per hop</u>
c:\util\ftrace.exe -l 2048 -d -w 500 -i 10 host.domain
<u>Use outlook.exe to remove connected calendars and hidden messages (migration)</u>
outlook.exe /resetnavpane
<u>Find the domain/forest functinoal levels</u>
adfind -sc modes
<u>Find the major revision of the forest</u>
dsquery * CN=ActiveDirectoryUpdate,CN=ForestUpdates,CN=Configuration,dc=domain,dc=local -attr revision
<u>Find the ADDS Domain Controller capabilities from the directory</u>
for /f "tokens=*" %i in ('dsquery server') do @adfind -b "CN=NTDS Settings,%~i" msDS-Behavior-Version -s base -csv -alldc -nocsvheader
<u>Unlock a user account</u>
dsmod user "CN=user01,DC=domain,DC=local" -disabled no
<u>Check FIM performance counters and re-enable</u>
lodctr.exe /q:FIMSynchronizationService && lodctr.exe /e:FIMSynchronizationService
<u>Find the CLR version used by all processes running on the local computer</u>
clrver -all
<u>List the assemblies in the Global Assembly Cache on the local computer</u>
gacutil -l
<u>Query for global security groups</u>
dsquery * -filter "(&(objectClass=Group)(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=-2147483646))" -limit 0
<u>Query for local security groups</u>
dsquery * -filter "(&(objectClass=Group)(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=-2147483644))" -limit 0
<u>Query for universal security groups</u>
dsquery * -filter "(&(objectClass=Group)(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=-2147483640))" -limit 0
<u>Query Exchange 2010 EAS informatino from AD objects</u>
dsquery * "CN=ExchangeActiveSyncDevices,CN=user01,OU=Users,DC=domain,DC=local" -filter (objectClass=msExchActiveSyncDevice) -attr msExchDeviceUserAgent msExchFirstSyncTime msExchDeviceModel msExchDeviceFriendlyName
<u>VSS administration on 2003 (VSS 7.2 SDK)</u>
vshadow.exe
<u>Resynchronise performance counters with WMI</u>
WINMGMT.EXE /RESYNCPERF
<u>Query for an AD object using Ambiguous Name Resolution (ANR)</u>
set dsquery * -filter (anr=martin)
<u>Find attributes in the Partial Attribute Set replicated to Global Catalog DCs</u>
adfind -b "CN=Schema,CN=Configuration,DC=domain,DC=local" -f "(&(objectclass=attributeSchema)(isMemberOfPartialAttributeSet=TRUE))" -csv > gc_pas.txt
<u>Check the telephone number attribute for index information (searchFlags)</u>
adfind -b "CN=Telephone-Number,CN=Schema,CN=Configuration,DC=domain,DC=local" -alldc
<u>Open a specific folder with OWA (still requires full access to the mailbox)</u>
https://owa.domain.local:443/owa/default.aspx?cmd=contents&module=calendar
<u>Query AD with LDAP server controls</u>
adfind -b CN=group1,OU=Groups,DC=domain,DC=local whenchanged -h 192.168.10.10 -alldc -srvctls 1.2.840.113556.1.4.417;1.2.840.113556.1.4.529;1.2.840.113556.1.4.2065 (LDAP_SERVER_SHOW_DELETED_OID, LDAP_SERVER_EXTENDED_DN_OID, LDAP_SERVER_SHOW_DEACTIVATED_LINK_OID)
<u>Install the system.web.security.singlesignon.dll class on 2008 R2 for claims</u>
servermanagercmd -install ADFS-Claims
<u>Show cached/stored credentials GUI</u>
rundll32.exe keymgr.dll, KRShowKeyMgr
<u>Start a system command prompt interacting with the specified RDP session</u>
psexec \\server01 /s /i 2 /d cmd
<u>Parse Exchange IIS logs to find ActiveSync connections</u>
"c:\Program Files\Log Parser 2.2\LogParser.exe" "SELECT cs-username, Count(*) AS EASHits from \\cas01\c$\inetpub\logs\LogFiles\W3SVC1\u_ex130919.log,\\cas02\c$\inetpub\logs\LogFiles\W3SVC1\u_ex130919.log WHERE cs-uri-stem LIKE '%Microsoft-Server-ActiveSync%' AND cs-username IS NOT NULL GROUP BY cs-username ORDER BY EASHits Desc" -i:IISW3C -o:CSV > c:\temp\2010_EAS2_20130919.csv
<u>Parse Exchange IIS logs to find ActiveSync connections per device</u>
"c:\Program Files\Log Parser 2.2\LogParser.exe" "SELECT cs-username AS UserID, cs(User-Agent) AS DeviceType, count (*) FROM \\cas01\c$\inetpub\logs\LogFiles\W3SVC1\u_ex130919.log,\\cas02\c$\inetpub\logs\LogFiles\W3SVC1\u_ex130919.log WHERE cs-uri-stem LIKE '%Microsoft-Server-ActiveSync%' AND cs-username IS NOT NULL GROUP BY UserID, DeviceType ORDER BY UserID" -i:IISW3C -o:CSV > c:\temp\2010_EAS2ByDevice_20130919.csv
<u>Show the replication metadata for the specified AD object</u>
repadmin /showobjmeta dc01 "CN=group1,OU=Groups,DC=lands,DC=domain,DC=local"
<u>Show pending file rename operations</u>
reg query "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager" /v PendingFileRenameOperations
<u>Use the LDAP in chain matching rule to recursively find members of a group</u>
dsquery * -filter "(memberOf:1.2.840.113556.1.4.1941:=CN=group1,OU=Groups,DC=lands,DC=domain,DC=local)" -s dc01
<u>Open the 'choose profile' dialog box</u>
start outlook /profiles
<u>Use mfcmapi to view the message class and details of items</u>
mfcmapi | Session | Logon and Display Store Table
<u>Exchange 2010 exfolders (pfdavadmin replacement)</u>
"\\cas01\c$\Program Files\Microsoft\Exchange Server\V14\Bin\ExFolders.exe"
<u>Query for Exchange 2010 user mailboxes</u>
adfind -b "OU=Shared Mailboxes,DC=domain,DC=local" -s onelevel -f "(&(objectClass=User)(objectCategory=Person)(msExchVersion=44220983382016))" samaccountname useraccountcontrol msexchmasteraccountsid -alldc -csv > SharedMailboxes_20131205.csv
<u>Query lastlogon from every Domain Controller</u>
repadmin /showattr * "CN=user01,OU=Users,DC=domain,DC=local" /attrs:lastLogon
<u>Set the unconditional DNS forwarders for a server</u>
dnscmd dns01 /ResetForwarders 192.168.10.1 192.168.10.2
<u>Query NTFS journal USN (buggy)</u>
usnjournalproject.exe
<u>Query the fine-grained password policy settings from AD</u>
dsquery * "CN=Password Settings Container,CN=System,DC=domain,DC=local"
<u>Download symbols for windbg debugging</u>
symchk /r c:\windows\system32\*.dll SRV*c:\windows\temp\symbols*http://msdl.microsoft.com/download/symbols
<u>Find Outlook Auto Mapping attributes for links/backlinks</u>
dsquery * -filter "(&(objectclass=user)(objectcategory=person)(|(msexchdelegatelistbl=*)(msexchdelegatelistlink=*))(extensionattribute5=DSITIA-Science))" -attr displayname msexchdelegatelistbl msexchdelegatelistlink
<u>Access a shadow copy using a previous versions token pathname extension</u>
dir \\server01\data\@GMT-2014.06.29-23.00.07\dir1
<u>Extract an ISO file with 7ZIP</u>
"C:\Program Files\7-Zip\7z.exe" x -y -oC:\temp\ISOFiles c:\downloads\cd1.iso
<u>Modify the current power configuration to disable standby for AC power</u>
powercfg -x -standby-timeout-ac 0
<u>Query tombstoned AD objects</u>
adfind -b dc=domain,dc=local -showdel -f isdeleted=TRUE > deletedObjects_20141014.txt
<u>Query the current credential providers (gina/winlogon notification replacement)</u>
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication" /s
<u>Show a list of supported scenarios for netsh ETL tracing</u>
netsh trace show scenarios
<u>Query SCOM Audit Collection Services (ACS) database for 2008 creation events</u>
select top 10 * from adtserver.dvall5 where EventId = 4720
<u>Purge kerberos tickets from the system login ID</u>
klist -li 0x3e7 purge
<u>Disable hybrid sleep in the balanced power plan</u>
powercfg -SETACVALUEINDEX 381b4222-f694-41f0-9685-ff5bb260df2e 238c9fa8-0aad-41ed-83f4-97be242c8f20 94ac6d29-73ce-41a6-809f-6363ba21b47e 0
<u>Disable sleep in the balanced power plan</u>
powercfg -SETACVALUEINDEX 381b4222-f694-41f0-9685-ff5bb260df2e 238c9fa8-0aad-41ed-83f4-97be242c8f20 29f6c1db-86da-48c5-9fdb-f2b67b1f44da 0
<u>Disable hibernate in the balanced power plan</u>
powercfg -SETACVALUEINDEX 381b4222-f694-41f0-9685-ff5bb260df2e 238c9fa8-0aad-41ed-83f4-97be242c8f20 9d7815a6-7ee4-497e-8888-515a05f02364 0
<u>Disable NLA in an .RDP file for remote desktop/terminal services</u>
enablecredsspsupport:i:0
<u>Rename an AD object</u>
dsmove "CN=user1,OU=Users,DC=domain,DC=local" -newname user2 -s dc01
<u>Query an entire SQL database and all tables for the specified string</u>
c:\util\QuerySQLDatabase.sql
<u>Access a SharePoint server using a non-standard port using UNC</u>
\\teamsite@5001\folder1\folder2\folder3
<u>Perform a network capture on a Server 2012 server</u>
Netsh Trace start capture = yes (followed by: Netsh Trace stop)
<u>Show the domain-wide password policy</u>
net accounts /domain
<u>Check if pending reboot required prevents software installation (eg SQL 2008)</u>
reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired
<u>Find the SharePoint content databases and server</u>
stsadm -o enumcontentdbs -url http://localhost
<u>Query virtual directories on an IIS 7.x server (web or FTP)</u>
appcmd list vdir & appcmd list site
<u>Add an alternate computer name to AD</u>
netdom COMPUTERNAME servernew /add serverold.domain.local
<u>List the audit policy categories available</u>
auditpol /list /category /v
<u>List the audit policy subcategories available for the specifid category</u>
auditpol /list /subcategory:"Object Access"
<u>Modify the LM compatibility level to NTLMv2 only for RDP 8.1 (no reboot req.)</u>
reg add HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA /v LMCompatibilityLevel /d 0x3 /t reg_dword
<u>Show process permissions and token information</u>
accesschk -p explorer.exe -f
<u>Query the volume shadow copies available</u>
volrest \\server01\Test1_20151007
<u>List the certificate enrolment policy templates</u>
certutil -template
<u>Add a firewall rule to allow TCP:8080 inbound</u>
netsh advfirewall firewall add rule name="Allow Tomcat In" dir=in protocol=TCP localport=8080 action=allow
<u>Run a manual sync with ADConnect</u>
"C:\Program Files\Microsoft Azure AD Sync\Bin\DirectorySyncClientCmd.exe"
<u>MIISClient console for ADConnect</u>
"C:\Program Files\Microsoft Azure AD Sync\UIShell\miisclient.exe"
<u>Enable logging dropped local firewall connections</u>
netsh advfirewall set domainprofile logging droppedconnections enable
<u>Create a virtual RAM disk (not accessible through VIclient)</u>
imdisk -a -s 536870912 -m R: -o rem -p "/fs:ntfs /q /y"
<u>Create a virtual floppy disk backed by file (flp can be mounted through vi)</u>
imdisk -a -s 1440K -f c:\temp\test1.flp -m R: -o fd -o shared -p "/fs:fat /q /y"
<u>Return AD search index information on a query</u>
adfind -b dc=domain,dc=local -f "(&(objectClass=User)(objectCategory=Person)(extensionattribute2=test))" samaccountname -stats+only
<u>Extract cabinet files from patches (MSP)</u>
msix patch.msp /out .
<u>Find the supported SASL mechanisms of a directory</u>
adfind -rootdse -s dc01
<u>LDAP client tracing</u>
reg add HKLM\System\CurrentControlSet\Services\ldap\tracing\Microsoft.IdentityServer.ServiceHost.exe & logman create trace ldap -p {099614a5-5dd7-4788-8bc9-e29f43db28fc} 0x1FFFDFF3 -o .\ldap.etl & logman start ldap & pause & logman stop ldap & tracerpt.exe ldap.etl -o ldap2.csv -of CSV
<u>Evalute SID count and token size for a user</u>
dsmgmt "group membership evaluation" "run lands user01" quit quit
<u>Run AdminSDHolder / SDProp process on PDC emulator</u>
admod -sc runpag -h dc01.domain.local
<u>Change the owner of a database to a SQL login</u>
ALTER AUTHORIZATION ON DATABASE::Orchestrator TO [sa];
<u>Enable RDP remotely</u>
reg add "\\pc\HKEY_LOCAL_MACHINE\software\policies\microsoft\Windows NT\Terminal Services" /v fDenyTSConnections /d 0x0 /t reg_dword & sc \\pc stop termservice & sc \\pc start termservice
<u>Find attributes marked as confidential</u>
dsquery * CN=Schema,CN=Configuration,DC=domain,DC=local -filter "(searchFlags:1.2.840.113556.1.4.803:=128)
<u>Query LAPS password and expiration</u>
dsquery * -filter "(&(objectClass=Computer)(objectCategory=Computer)(ms-mcs-admpwd=*))" -s dc01 -attr name ms-mcs-admpwd ms-Mcs-AdmPwdExpirationTime
<u>Query global and universal groups an account is a memberof</u>
adfind -b "CN=user01,OU=Users,DC=domain,DC=local" -s base TokenGroupsGlobalAndUniversal
<u>Query for expiring user accounts</u>
adfind -b "OU=Users,DC=domain,DC=local" -f "(&(objectClass=User)(objectCategory=Person)(!(|(accountExpires=9223372036854775807)(accountExpires=0))))" samaccountName accountexpires -alldc -csv > ExpiringAccounts_20170410.csv
<u>Show current SQL server processes and blocks/locks</u>
EXEC sp_who2
<u>Start a process as the 'Network Service' account on an RDP session</u>
psexec \\pc /i 3 /u "nt authority\network service" cmd.exe
<u>Decrypt a bitlocked encrypted volume</u>
manage-bde -off c:
<u>Find the per-service SID for a service</u>
sc showsid dnscache
<u>Apply permissions to a per-service SID</u>
icacls file.txt /grant *S-1-5-80-1458370022-919992539-2723553652-3559830572-560683627:(D,WDAC)
<u>Export a task to XML</u>
schtasks /query /xml /tn "daily delta sync" > "c:\temp\Daily.xml"
<u>Create a task from XML</u>
schtasks /create /xml "c:\temp\Daily.xml" /ru domain\svc_account /rp * /tn "Daily Delta Sync"
<u>Upgrade from standard to datacentre 2008 R2 using KMS datacentre key</u>
dism /online /set-edition:ServerDatacenter /productkey:74YFP-3QFB3-KQT8W-PMXWJ-7M648 /AcceptEula
<u>Find the .Net Framework 3.5 version installed</u>
reg query "\\server01\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.5
<u>Find the .Net 2.0 CLR version (used by .Net 3.5)</u>
filever \\server01\c$\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
<u>check the HTTP listener session status</u>
netsh http show servicestate view="session"
<u>Enable http.sys verbose ETW tracing</u>
logman start httptrace -p Microsoft-Windows-HttpService 0xFFFF -o c:\temp\httptrace.etl -ets
<u>Kill a TCP connection</u>
wkillcx.exe 192.168.10.10:5725
<u>Modify the default TTL you seen when pinging a machine (default 128)</u>
netsh int ipv4 set glob defaultcurhoplimit=63
<u>Wait for a crashdump for the specified process and write a full dump</u>
Procdump.exe -t -ma -o Microsoft.ResourceManagement.Service.exe C:\CrashDumps
<u>Enable SCHANNEL informational logging</u>
reg add \\server01\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL /v EventLogging /d 0x7 /t reg_dword
<u>Show the current firewall profile</u>
netsh advfirewall show currentprofile
<u>Show Win 10 Azure device registration status</u>
dsregcmd.exe /status
<u>Disable NetBIOS over TCP/IP</u>
wmic nicconfig get caption,index,TcpipNetbiosOptions & wmic nicconfig where index=7 call SetTcpipNetbios 2
<u>Query stored credentials</u>
vaultcmd /listcreds:"Windows Credentials" /all
<u>Find registry hives loaded</u>
reg query \\server01\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\hivelist
<u>Query ETL providers</u>
logman query providers
<u>Find the certificate a host is using for https</u>
nmap.exe -n -Pn -p443 outlook.office.com --script ssl-cert
<u>Query DNS Conditional fowarders</u>
reg query "\\dc01\hklm\software\microsoft\windows nt\currentversion\DNS Server\Zones\domain.local"
<u>Temporarily disable policy and allow basic auth for WinRM</u>
reg add "HKLM\Software\Policies\Microsoft\Windows\WinRM\client" /v AllowBasic /d 0x1 /t reg_dword & winrm set winrm/config/service/auth '@{Basic="true"}'
<u>Find the public key token of a DLL</u>
"c:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.6 Tools\sn" -T c:\temp\MicrosoftServices.IdentityManagement.WorkflowActivityLibrary.dll
<u>Grant permissions to the private keys of a certificate using RK tools</u>
WinHttpCertCfg.exe -g -c LOCAL_MACHINE\My -s "Server Data Encryption" -a "domain\svc_service"
<u>Start an elevated command prompt as another user</u>
runas /user:domain\user01 "powershell.exe -command \"start-process -verb runas cmd\""
<u>Find tokenGroups to show SIDs of groups a person is a member of</u>
adfind -b "CN=user01,OU=Users,DC=domain,DC=local" -s base tokengroups
<u>Find the SDDL for the specified event log on a remote computer</u>
wevtutil gl /r:dc01 security
<u>Update the SDDL for the specified event log on a remote computer</u>
psexec \\dc01 wevtutil sl Security /ca:O:BAG:SYD:(A;;CCLCSDRCWDWO;;;SY)(A;;CCLC;;;BA)(A;;CC;;;ER)(A;;CC;;;NS)
<u>Show the ephemeral dynamic RPC port range currently configured</u>
netsh int ipv4 show dynamicport tcp
<u>Show the Windows Firewall filters matching run-time IDs in event logs</u>
Netsh.exe WFP Show State
<u>Query BitLocker recovery information confidential attribute from AD</u>
dsquery * -filter "(&(objectClass=msFVE-RecoveryInformation))"
<u>Check the schema to see if an attribute is confidential (searhcFlags=0x128)</u>
adfind -b "CN=ms-FVE-RecoveryPassword,CN=Schema,CN=Configuration,DC=domain,DC=local" -alldc searchflags
<u>Redirect the output of a command to the clipboard</u>
dsquery user -samid user01 | clip
<u>sysinternals TCP network connectivity check</u>
psping fimservice:5725
<u>Query the triggers for a service (ie stop when not domain joined)</u>
sc qtriggerinfo w32time
<u>View SharePoint log files, and Outlook trace files</u>
ulsviewer.exe
<u>List the certificate templates from a CA</u>
certutil -CATemplates -config "CA1.domain.local\Internal Issuing CA 1 SHA256"
<u>View the alternate data streams in a file</u>
streams
<u>Query the DNS block list</u>
dnscmd dc1.domain.local /info /globalqueryblocklist
<u>Export security policy on a 2016 Core DC</u>
secedit /export /cfg c:\windows\temp\security.inf /log c:\windows\temp\sec.log
<u>Query accounts configured with unconstrained delegation</u>
dsquery * -filter "(&(objectCategory=Person)(objectClass=User)(userAccountControl:1.2.840.113556.1.4.803:=524288))"
<u>Query for people who don't have domain users as primary group</u>
adfind -b "OU=Users,DC=domain,DC=local" -f "(&(objectClass=User)(objectCategory=Person)(!primarygroupID=513))" samaccountname -csv
<u>Revert Windows 10 to the old Alt+Tab experience</u>
reg add HKEY_USERS\S-1-5-21-123660284-1234560955-123430997-1234\Software\Microsoft\Windows\CurrentVersion\Explorer /v AltTabSettings /t reg_dword /d 0x1
<u>Set the number of explorer thumbnails to 1 so they're stacked with 2+ instances</u>
reg add HKEY_USERS\S-1-5-21-123660284-1234560955-123430997-1234\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband /v NumThumbnails /t reg_dword /d 0x1
</code></pre>
</div>
</span></span></span>
<br />
<span style="font-size: 85%;">Wayne's World of IT (WWoIT). </span>
Wayne Martinhttp://www.blogger.com/profile/09719833406577070443noreply@blogger.com0tag:blogger.com,1999:blog-6043156720447404006.post-42979465236705197952020-06-14T08:36:00.002+10:002020-07-31T16:18:28.747+10:00Exchange PowerShell Commands #2Well it's 2020, and instead of flying around in a hovercar I'm *still* doing IT. Trying to get back in the swing of things – and following on from the last post seven year ago (!?), here's an additional 64 Exchange commands circa Exchange 2013/2016.
<br />
<br />
Each command can be copied and pasted into a PowerShell command line running with an Exchange PSSession, although at the time I made notes on a couple of them about running locally on the server due to cmdlet or type casting limitations.
<br />
<br />
<pre class="mycode"><code>
<u>Remove an existing Exchange 2010 move request (to allow subsequent moves)</u>
Remove-MoveRequest -id user01
<u>Initiate an Exchange 2010 intra-org move request</u>
new-moverequest -id user01 -TargetDatabase db02
<u>Output semi-colon delimited list of email addresses for a mailbox</u>
[string]::Join(';',$mailbox.emailaddresses)
<u>Convert a mailbox to a standard user mailbox</u>
get-mailbox user01 | set-mailbox -type regular -whatif
<u>Modify permissions to allow modifying apply policy attributes of user objects</u>
Add-ADPermission -Identity "OU=Resources,DC=domain,DC=local" -InheritanceType Descendents -InheritedObjectType user -AccessRights ReadProperty, WriteProperty -Properties msExchPoliciesIncluded, msExchPoliciesExcluded -User "domain\group1" -domaincontroller dc01
<u>Disable an Exchange 2007 mailbox - leaving the user account in AD</u>
Disable-Mailbox -id user01
<u>Reapply the mandantory properties on a mailbox (changing from linked to normal)</u>
set-mailbox -id $account -applymandatoryproperties #Clearing AEA and master account SID resets the isLinked property of the mailbox, but RecipientTypeDetails / RecipientDisplayType is not automatically updated. Re-applying mandatory properties corrects this issue and sets the mailbox back to being a user mailbox instead of a linked mailbox
<u>Find Exchange 2010 DAG status</u>
Get-DatabaseAvailabilityGroup -status | fl *
<u>Find Exchange 2010 DAG replication status</u>
$servers = Get-MailboxServer; foreach ($server in $servers) { Get-MailboxDatabaseCopyStatus -server $server.name}
<u>Find the mailbox activation preference for an Exchange 2010 mailbox database</u>
(Get-MailboxDatabase -id MBXDB1).ActivationPreference
<u>Report the last 1000 commands executed</u>
Get-history -count 1000
<u>Reseed the content index catalog for the database copy</u>
Update-MailboxDatabaseCopy "DB\SERVER" -CatalogOnly
<u>Get the mailbox database copy status</u>
Get-MailboxServer | Get-MailboxDatabaseCopyStatus -ExtendedErrorInfo | sort-object ContentIndexState | fl Name,ContentIndexState,ContentIndexErrorMessage
<u>Convert a user mailbox to a linked mailbox without disabling</u>
Set-User -id user01 -LinkedMasterAccount domainb\user01 -LinkedDomainController dc01.domainb.com -LinkedCredential $domainbcred # may need get-mailbox -id user01 | set-mailbox -type regular; get-mailbox -id user01 | set-mailbox -ApplyMandatoryProperties
<u>Find the current owner of Exchange 2010 mailbox databases</u>
dsquery * "CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Dept,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local" -filter (objectclass=msExchMDB) -attr Name msExchOwningServer -s dc2
<u>Mount an Exchange 2010 public folder database</u>
Get-PublicFolderDatabase -id 'Public Folder Database 1' | mount-database
<u>Find an Exchange 2010 Primary Active Manager for the specified DAG</u>
Get-DatabaseAvailabilityGroup -Status | fl PrimaryActiveManager
<u>Configure the Exchange 2010 postamaster address</u>
Get-TransportConfig | fl -ExternalPostmasterAddress; Set-TransportConfig -ExternalPostmasterAddress postmaster@domain.com
<u>Enumerate outlook profiles to find connected mailboxes and calendars</u>
EnumOutlookProfiles.ps1
<u>Find if an Exchange 2010 mailbox is enabled for ActiveSync</u>
get-casmailbox -id user1
<u>Set Exchange 2010 calendar processing to anyone can book and autoaccept</u>
Set-CalendarProcessing -Identity room01 -AutomateProcessing AutoAccept -AllBookInPolicy $true
<u>Get Exchange 2010 mailbox calendar configuration</u>
Get-MailboxCalendarConfiguration -id room01 | fl *
<u>Force an update of the offline address book</u>
Update-OfflineAddressBook -id 'Default Offline Address List'
<u>Exchange query for Global Security groups</u>
get-group -filter "GroupType -eq $([Microsoft.Exchange.Data.Directory.Recipient.GroupTypeFlags]::SecurityEnabled.value__ + [Microsoft.Exchange.Data.Directory.Recipient.GroupTypeFlags]::Global.value__)"; #get-group -filter {GroupType -eq '-2147483646'}
<u>Exchange query for Domain Local Security groups</u>
get-group -filter "GroupType -eq $([Microsoft.Exchange.Data.Directory.Recipient.GroupTypeFlags]::SecurityEnabled.value__ + [Microsoft.Exchange.Data.Directory.Recipient.GroupTypeFlags]::DomainLocal.value__)"; #get-group -filter {GroupType -eq '-2147483644'}
<u>Exchange query for Universal Security groups</u>
get-group -filter "GroupType -eq $([Microsoft.Exchange.Data.Directory.Recipient.GroupTypeFlags]::SecurityEnabled.value__ + [Microsoft.Exchange.Data.Directory.Recipient.GroupTypeFlags]::Universal.value__)"; #get-group -filter {GroupType -eq '-2147483640'}
<u>Set Out Of Office on a mailbox</u>
Set-MailboxAutoReplyConfiguration 'user1' -AutoReplyState enabled -ExternalAudience all -InternalMessage "Internal not Here" -ExternalMessage "External not here"
<u>Get a role group from the root of the forest</u>
Get-RoleGroup -id Exchange-Lvl1Support -DomainController dc1.forest.root
<u>Get a role group and the roles and role assignments</u>
$rg = Get-RoleGroup -id Exchange-Lvl1Support -DomainController dc1.forest.root; $rg.roles; $rg.roleassignments
<u>Get a management scope to show the recipient root and filter</u>
Get-ManagementScope -id MS-Exchange_Distribution-Groups | fl *
<u>Get the management role assignments for the specified assignee</u>
Get-ManagementRoleAssignment | where {$_.RoleAssigneeName -like '*Exchange-Lvl1Support*'} | ft -wrap -auto
<u>Get the management role assignment to confirm the CustomRecipientWriteScope</u>
Get-ManagementRoleAssignment -id Distribution-GroupCreation | fl *
<u>Expand the e-mail addresses of a mailbox to one per line</u>
get-mailbox -id user1 | select -expand emailaddresses
<u>Find Distribution List expansion</u>
$expandDL = foreach ($server in Get-TransportServer) {Get-MessageTrackingLog -EventID EXPAND -resultsize unlimited -server $server | select "Timestamp","ServerHostname","EventId",{$_.RelatedRecipientAddress},{$_.Sender},"MessageSubject"}
<u>Convert a mailbox from linked to resource</u>
$ADsPath = "LDAP://CN=user1,OU=Shared Mailboxes,DC=domain,DC=local"; $user = [ADSI]$ADsPath ; $user.putex(1,"msExchMasterAccountSid",$null); $user.setinfo(); get-mailbox -id user1 | set-mailbox -ApplyMandatoryProperties; get-mailbox -id user1 | set-mailbox -type shared
<u>Find mailboxes on a specific version of exchange (2010)</u>
$mailboxes = get-mailbox -filter {ExchangeVersion -eq 44220983382016} -resultsize unlimited
<u>Find the Exchange 2010 SP1+ Address Book RPC port</u>
reg query \\cas1\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSExchangeAB\ParametersSystem /v RpcTcpPort
<u>Find the Exchange 2010 RPC port</u>
reg query \\cas1\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSExchangeRPC\ParametersSystem /v "TCP/IP Port"
<u>Mail-enable an existing AD contact</u>
Enable-MailContact -id "CN=User 01,OU=Contacts,DC=domain,DC=local" -ExternalEmailAddress user@somewhere.com
<u>Modify the MRS mailbox replication for move requests</u>
notepad "\\cas1\c$\Program Files\Microsoft\Exchange Server\V14\Bin\MSExchangeMailboxReplication.exe.config" (MaxActiveMoves* and MaxTotalMovesPerMRS)
<u>Find Exchange 2010 recoverable deleted items</u>
Get-MailboxFolderStatistics -Identity "user@domain.com" -FolderScope RecoverableItems | ft -wrap -auto
<u>Export mailbox to PST in EX2010 (requires Exchange Trusted Subsystem ACLs)</u>
New-MailboxExportRequest -Mailbox user@domaincom -FilePath \\cas1\d$\martinwa.pst
<u>Check the move history of a mailbox</u>
get-mailboxstatistics -id "CN=user1,DC=domain,DC=local" -includemovehist | fl Identity,MoveHistory
<u>Check Exchange 2010 logon statistics to see who is logging on to a mailbox</u>
get-mailbox -id user1 | get-logonstatistics | ft UserName,ServerName,LogonTime,LastAccessTime,Windows2000Account -wrap -auto
<u>Set mailbox delivery restrictions to only allow accepting messages from (ndr)</u>
Set-Mailbox -Identity user1 -AcceptMessagesOnlyFrom @{add="user2"} -whatif
<u>Use Exchange 2010 cmdlets to change the CN/DisplayName of a security group</u>
get-adgroup -id oldsamid | set-adgroup -SamAccountName newsamid -whatif
<u>Find safe and blocked senders configured through Outlook for each mailbox</u>
$mailboxes | Get-MailboxJunkEmailConfiguration | export-csv -path c:\temp\JunkEmailConfiguration_20140625.csv
<u>Delete all the items from an Exchange 2010 mailbox</u>
Search-Mailbox -id user@domain.com -DeleteContent -confirm:$false -force
<u>restore specific folders from a disconnect mailbox data to a recovery mailbox</u>
New-MailboxRestoreRequest -BatchName Recovery -Name Test.User -SourceDatabase 'MBXDB5' -SourceStoreMailbox "2e94ffc9-9dad-42b1-92ec-5767d11051e4" -excludedumpster -includeFolders "Contacts/Misc", "Contacts/MISC/SHOPPING", "Contacts/MISC/Work Related" -TargetMailbox "recovery1" -AllowLegacyDNMismatch -whatif
<u>Find Exchange 2010 RBAC management role entries for the specified role</u>
Get-ManagementRole -id RecipientCreationUserMailboxes | select -expand roleentries; $entries = (Get-ManagementRole -id RecipientCreationMailUser).RoleEntries; $entries | %{$_.split()[1]}
<u>Find Exchange 2010 RBAC management scope OU and filter for the specified scope</u>
Get-ManagementScope -id Managed-Users_UserMailboxes | fl Identity,RecipientFilter,RecipientRoot
<u>Search Exchange 2010 Admin Audit log for changes made by Exchange</u>
Search-AdminAuditLog | ft -wrap -auto
<u>export Exchange 2010 Admin Audit Log for new-mailbox requests and callers</u>
$newUsers = Search-AdminAuditLog -cmdlets New-Mailbox,New-MailUser; $newUsers | select RunDate,ObjectModified,CmdletName,Caller,OriginatingServer | export-csv -path c:\temp\ExchangeUsers_20141020.csv -encoding ascii
<u>Get Exchange mail queues on the specified server</u>
get-queue -Server mail02
<u>Get Exchange mail queue information</u>
get-queue -Identity MAIL02\281950 | fl DeliveryType,NextHopDomain,Status,MessageCount,LastError
<u>Find disconnected mailboxes (run on console of exchange server, not session)</u>
get-mailboxdatabase | Get-MailboxStatistics | where {$_.displayName -eq 'User 01' -and $_.DisconnectDate -ne $null}
<u>Report AD permissions through Exchange cmdlets</u>
Get-ADPermission -id "OU=Distribution Lists,OU=Resources,DC=domain,DC=local" |ft Identity,User,InheritedObjectType,ExtendedRights,Properties,ChildObjectTypes,AccessRights -wrap -auto
<u>Add an address to an exchange 2010 object</u>
Set-MailUser -id "user1" -EmailAddresses (((Get-MailUser -id "user1").EmailAddresses)+="smtp:usernew@domain.com") -whatif
<u>Remove an address from an exchange 2010 object</u>
$recipient = "user1"; $remove = "smtp:usernew@domain.com"; Set-MailUser -id $recipient -EmailAddresses ((Get-MailUser -id $recipient).EmailAddresses | where {$_ -ne $remove}) -whatif
<u>Remove an address from an exchange 2010 object with AD cmdlets</u>
$recipient = "user1"; $remove = "smtp:usernew@domain.com"; Set-ADUser -id $recipient -replace @{proxyAddresses=([system.object[]](Get-ADUser -id $recipient -prop proxyAddresses | Update-List -Property proxyAddresses -Remove $remove).proxyaddresses)} -whatif
<u>Find Outlook Auto Mapping attributes for links/backlinks</u>
get-adobject -LDAPFilter "(&(objectclass=user)(objectcategory=person)(|(msexchdelegatelistbl=*)(msexchdelegatelistlink=*)))" -prop displayname,msexchdelegatelistbl,msexchdelegatelistlink | select displayname,msexchdelegatelistbl,msexchdelegatelistlink | ft -wrap -auto
<u>Exchange cmdlet to query the UPN suffix list</u>
Get-UserPrincipalNamesSuffix
<u>Find people that have upgrated to iOS 7.0 on EAS connected devices</u>
get-adobject -ldapfilter "(&(objectClass=msExchActiveSyncDevice)(objectCategory=msExchActiveSyncDevice)(msExchDeviceOS=ios*7.0*))" -prop msExchDeviceOS,canonicalName -server dc1
<u>Apply a throttling policy association to a standard user or MEU</u>
Set-ThrottlingPolicyAssociation -Identity svc_mw -ThrottlingPolicy Office365MigrationWiz
</code></pre>
<br />
<span style="font-size: 85%;">Wayne's World of IT (WWoIT). </span>
Wayne Martinhttp://www.blogger.com/profile/09719833406577070443noreply@blogger.com0tag:blogger.com,1999:blog-6043156720447404006.post-80737964633068996762013-04-02T22:32:00.001+10:002020-07-31T13:35:07.240+10:00Exchange PowerShell Commands<span style="font-family: Verdana, sans-serif;">It's been a long time between drinks...</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">However, I have still been quietly squirreling away useful command lines, with the following 166 commands used for Exchange 2007/2010 information gathering, automating configuration management, troubleshooting and many bits in between.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Each command can be copied and pasted into a PowerShell command line running the Exchange snap-in loaded with the default prefix, although you may need to adjust input such as distinguished names, server names, mailbox names etc.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Let me know if you find them useful.
</span><br />
<pre class="mycode"><code>
<u>Get mailboxes that have a space in the displayName</u>
get-mailbox -filter "(displayname -like '* *')" | ft identity,database -wrap -auto
<u>Find Exchange transport rules</u>
Get-TransportRule | ft Name,Priority,{$_.Conditions | select Name,{$_.Words}},{$_.Actions | select Name,Rank,SclValue},Comments -wrap -auto
<u>Find Exchange 2007 mailbox servers in the local organisation</u>
get-mailboxserver
<u>Get mailbox statistics for mailbox servers with the specified name</u>
get-mailboxserver | where {$_.Name -like 'server*'} | Get-MailboxStatistics | Sort-Object TotalItemSize -Descending | select-object -prop DisplayName,LastLogonTime,StorageLimitStatus,TotalItemSize,TotalDeletedItemSize,@{N="Size (MB)";E={$_.TotalItemSize.Value.ToMB()}},@{N="Deleted Item Size (MB)";E={$_.TotalDeletedItemSize.Value.ToMB()}},ItemCount,ServerName,StorageGroupName,DatabaseName.LegacyDN | export-csv -path c:\temp\MailboxStatistics.csv
<u>Get mailbox database size limit/quota settings on malibox stores</u>
get-mailboxdatabase | select-object -prop Name,ServerName,StorageGroup,ProhibitSendReceiveQuota,ProhibitSendQuota,IssueWarningQuota | ft -wrap -autosize
<u>Find the number of mail-enabled contacts in the organisation</u>
get-mailcontact -ResultSize 'unlimited' | measure
<u>Export the IP addressed allowed to relay through the specified connector</u>
$rc = Get-ReceiveConnector -id 'server01\connector01'; $rc.RemoteIPRanges | export-csv -path c:\temp\rc1.csv
<u>Exchange 2007 global transport size limits</u>
get-transportconfig | ft -prop MaxReceiveSize,MaxSendSize -wrap -autosize
<u>Exchange 2007 transport server sizelimits</u>
get-transportserver | ft -prop Name,OriginatingServer,InternalDsnMaxMessageAttachSize,ExternalDsnMaxMessageAttachSize -wrap -autosize
<u>Exchange 2007 send connector size limits</u>
get-sendconnector | ft -prop Identity,AddressSpaces,MaxMessageSize -wrap -autosize
<u>Exchange 2007 receive connector size limits</u>
get-receiveconnector | ft -prop Identity,AddressSpaces,MaxMessageSize -wrap -autosize
<u>Exchange 2007 mailbox limits other than unlimited</u>
get-mailbox |where {$_.MaxSendSize -ne 'unlimited' -or $_.MaxReceiveSize -ne 'unlimited'} | ft -prop Identity,MaxSendSize,MaxReceiveSize -wrap -autosize
<u>Get the storage group copy status (CCR/LCR/SCR) for mailbox stores </u>
get-mailboxserver | where {$_.Name -like 'server*'} | Get-StorageGroupCopyStatus | ft -wrap -autosize
<u>Get storage groups and their SCR stand-by machine</u>
Get-StorageGroup | ft -prop Name,Server,StandbyMachines -wrap -autosize
<u>Get the storage group copy status (SCR) for the first target on all SGs</u>
Get-StorageGroup | %{Get-StorageGroupCopyStatus -id $_.Identity -StandbyMachine $_.StandbyMachines[0].NodeName} | sort -prop LastReplayedLogTime | select -prop Identity,SummaryCopyStatus,ServiceDown,CopyQueueLength,ReplayQueueLength,LatestAvailableLogTime,LastCopyNotificationedLogTime,LastCopiedLogTime,LastInspectedLogTime,LastReplayedLogTime,LatestFullBackupTime | export-csv -path c:\temp\SCR_Status.csv
<u>Get the storage group copy status (SCR) for the specified server/target</u>
Get-StorageGroupCopyStatus -Server server01 -standbymachine server01 | ft -wrap -autosize
<u>Find the backup status and whether VSS was used for the backup</u>
Get-StorageGroup | %{Get-StorageGroupCopyStatus -id $_.Identity -StandbyMachine $_.StandbyMachines[0].NodeName} | sort -prop LatestFullBackupTime | select -prop Identity,SummaryCopyStatus,ServiceDown,LatestFullBackupTime,SnapshotBackup | export-csv -path c:\temp\MailboxBackup_Status.csv
<u>Change an Exchange 2007 mailbox type to equipment (or room)</u>
Set-Mailbox MailboxName -Type Equipment
<u>Add full access mailbox permissoins for an Exchange 2007 mailbox</u>
Add-MailboxPermission -Id MailboxName -User:'DOMAIN\group' -AccessRights:FullAccess
<u>Add send as rights to the AD security of a mail-enabled user</u>
Add-ADPermission -Id MailboxName -User:'DOMAIN\group' -ExtendedRights:Send-As
<u>Find mailboxes that are not standard user mailboxes (Room, Equipment)</u>
get-mailbox | where {$_.RecipientTypeDetails -ne 'UserMailbox'} | fl -prop Name,RecipientTypeDetails
<u>Remove mailbox permissions for the specified user</u>
Remove-MailboxPermission MailboxUser -User DOMAIN\User -AccessRight FullAccess
<u>Find exchange mailbox statistics including per-user mailbox and DB limits </u>
. C:\data\scripts\PowerShell\Exchange\FindMailboxSizes.ps1 | out-file -file c:\temp\MailboxStats.txt -encoding ascii
<u>Find the AutomateProcessing setting for a resource mailbox</u>
Get-MailboxCalendarSettings -id mailboxID
<u>Modify a resource mailbox to automatically accept in-policy requests</u>
Set-MailboxCalendarSettings -id mailboxID -AllBookInPolicy:$true
<u>Find the mailbox type of one or more mailboxes</u>
get-mailbox -id mailboxes* | fl -prop IsResource,RecipientType,RecipientTypeDetails,ResourceType
<u>Find the debug event logging levels set on an Exchange 2007 server</u>
Get-EventLoglevel -server ExchangeServer01
<u>Set the equipment mailbox to auto-accept and allow anyone to automatically book</u>
Set-MailboxCalendarSettings -Identity "mailbox01" -AutomateProcessing AutoAccept -AllBookInPolicy $true
<u>Turn on high logging for the booking attendant</u>
Set-EventLogLevel "server01\MSExchangeMailboxAssistants\Resource Booking Attendant" -Level High
<u>Find all resource mailboxes of type equipment</u>
get-mailbox |where {$_.resourcetype -eq 'Equipment'}
<u>Read Exchange 2007 event logs for the MSExchangeMailboxAssistants (resources)</u>
get-eventlog -logname application -computer server01 -source msexchangemailboxassistants
<u>Check Exchange Message Tracking Logs based on message ID</u>
Get-MessageTrackingLog -MessageId 'FBE264977E286848971C4C15BDD7F5FE439245C5EF@mx.company.com.au' -Start "05/07/2011 00:00:00" -End "07/07/2011 06:00:00" -server server01
<u>Check Exchange Message Tracking Logs based on mail subject</u>
Get-MessageTrackingLog -MessageSubject "RE: Subject" -Start "06/07/2011 00:00:00" -End "07/07/2011 00:00:00" -server server01
<u>Find Exchange server version, edition and roles</u>
Get-ExchangeServer | sort | select-object -prop Name,Role,Edition,ServerRole,Site,ExchangeVersion,AdminDisplayVersion | export-csv -path c:\temp\ExchangeServers.csv
<u>Find the mailbox sizes in Exchange 2007 looking at the filesystem</u>
Get-MailboxDatabase | foreach-object {add-member -inputobject $_ -membertype noteproperty -name mailboxdbsizeinGB -value ([math]::Round(([int64](get-wmiobject cim_datafile -computername $_.server -filter ('name=''' + $_.edbfilepath.pathname.replace("\","\\") + '''')).filesize / 1GB),2)) -passthru} | Sort-Object mailboxdbsizeinGB -Descending | format-table identity,mailboxdbsizeinGB
<u>Update the allowed IP addresses for an Exchange 2007 receive connector</u>
$connector = Get-ReceiveConnector -id 'server01\connector01'; $connector.RemoteIPRanges += "192.168.20.10-196.168.20.20"; Set-ReceiveConnector 'server01\connector01' -RemoteIPRanges $connector.RemoteIPRanges
<u>Move a mailbox to a new database</u>
Move-Mailbox -id user01 -targetdatabase 'server01\sg01\db01'
<u>View the original warning quota message</u>
Get-SystemMessage -original | where {$_.Identity -like 'en\warn*'}
<u>Add a new warning quota message</u>
New-SystemMessage -QuotaMessageType WarningMailbox -Language EN -Text "Please reduce your mailbox size! Delete any items you don't need from your mailbox and empty your Deleted Items folder."
<u>Hide a mailbox from the GAL</u>
get-mailbox -id user01 | set-mailbox -HiddenFromAddressListsEnabled:$true
<u>Remove SID History from a user</u>
get-aduser -id 'user01' -prop sIDHistory | foreach {set-aduser $_ -remove @{sIDHistory=$_.sIDHistory.value}}
<u>Remove SID history from one or more groups</u>
Import-Module ActiveDirectory; $groups = get-content -path groups_sAMAccountName.txt; foreach ($group in $groups) {get-adgroup -id $group -prop sIDHistory | foreach {set-adgroup $_ -remove @{sIDHistory=$_.sIDHistory.value}}}
<u>Remove multiple attributes from an AD account</u>
$user = get-aduser -id 'user01' -prop HomeDrive,HomeDirectory,ProfilePath; set-aduser $user -HomeDrive $null -HomeDirectory $null -ProfilePath $null
<u>Enumerate public folders</u>
Get-PublicFolder -server server01 -Recurse | ft -wrap -autosize
<u>Restore a deleted user account using AD recycle bin</u>
$deletedaccount = get-adobject -filter 'samaccountname -eq "user01"' -IncludeDeletedObjects -properties *; $deletedaccount | restore-adobject
<u>Reconnect a mailbox to an AD user account </u>
$user = Get-MailboxStatistics -server server01 | where {$_.displayName -eq 'User01, Test' -and $_.DisconnectDate -ne $null}; Connect-Mailbox -Identity $user.Identity -Database $user.database -User DOMAIN\user01
<u>Group and list the mailboxes on each mailbox store </u>
get-mailboxdatabase -server server01 | get-mailbox | Group-Object -prop database | ft -wrap -autosize
<u>Create new mail contacts from CSV input in Exchange 2007</u>
$dataSet = Import-Csv -path contacts.csv; foreach ($contact in $dataset) { New-MailContact -ExternalEmailAddress $contact.targetaddress -Name $contact.cn -DisplayName $contact.displayName -FirstName $contact.givenName -LastName $contact.sn -OrganizationalUnit domain.local/Contacts -PrimarySmtpAddress $contact.mail}
<u>Set the primary mail AD attribute of a newly created Exchange 2007 contact</u>
$contacts = get-mailcontact -OrganizationalUnit 'domain.local/Contacts' | where {$_.Name -like 'test*'} ; foreach ($contact in $contacts) { set-mailcontact -id $contact.identity -WindowsEmailAddress $contact.PrimarySmtpAddress; $contact.HiddenFromAddressListsEnabled = $true; }
<u>Create a new basic authenticated send connector in Exchange 2007</u>
$pass = Read-Host "Password?" -assecurestring; $credential = new-object System.Management.Automation.PSCredential("domain\username",$pass); $cred = get-credential -Credential $credential; New-SendConnector -Name "send01" -AddressSpaces * -AuthenticationCredential $cred -SmartHostAuthMechanism BasicAuth -DNSRoutingEnabled:$false -SmartHosts smtp.local
<u>Find users who have been delegated send on behalf of rights to a mailbox</u>
$delegates = Get-Mailbox 'room01' | select-object GrantSendOnBehalfTo; $delegates.GrantSendOnBehalfTo.toarray()
<u>Find NDR 5.1.4 duplicate mail addresses from Exchange application event logs </u>
get-eventlog -logname 'Application' -computer server01 -after "28/10/2011 8:00:00" | where {$_.eventID -eq 3029}
<u>Replace the primary SMTP email address </u>
Get-Mailbox -id 'user01' | Set-mailbox -EmailAddressPolicyEnabled $false; Get-Mailbox -id 'user01' | Update-List -Property EmailAddresses -Add "SMTP:user01@domain.local" | Set-Mailbox; Get-Mailbox -id 'user01' | Set-mailbox -EmailAddressPolicyEnabled $true
<u>Add a new secondary SMTP address </u>
Get-Mailbox -id 'user01' | Update-List -Property EmailAddresses -Add "smtp:user01@domain.local" | Set-Mailbox
<u>Check Exchange 2007 queues</u>
Get-Queue -server server01 | ft -wrap -autosize
<u>Find the public delegates for a mailbox and then reset to a new list</u>
Get-Mailbox -id user01 | select -expand GrantSendOnBehalfTo; Get-Mailbox -id user01 | Set-Mailbox -grantSendOnBehalfto User02,User03,User04
<u>Export Exchange client connection statistics (online/cached mode, client ver) </u>
$dateshort = [DateTime]::Now.ToString("yyyyMMddhhmmss"); get-mailboxserver | get-logonstatistics | select * | export-csv -path ("c:\temp\ExchangeLogonStats_" + $dateshort + ".csv"); write-host ("c:\temp\ExchangeLogonStats_" + $dateshort + ".csv")
<u>Get a mailbox from the domain sAMAccountName </u>
get-mailbox -id 'domain\username' | fl *
<u>Change the sAMAccountName of a mailbox-enabled user account</u>
get-mailbox -id 'domain\user001' | set-mailbox -samaccountname user01
<u>Change the Name/CN/DN of a mailbox-enabled user account</u>
get-mailbox -id 'domain\user' | set-mailbox -DisplayName "User, Test" -Name "User, Test"
<u>Change the alias of a mailbox object</u>
get-mailbox -id 'domain\user' | set-mailbox -alias user01
<u>Check if a mailbox exists</u>
if (get-mailbox -id user01 -ErrorAction SilentlyContinue) {write-host "test"}
<u>Find the oldest and newest dates of mailbox folders</u>
get-mailboxfolderstatistics -id user01 -FolderScope Inbox -IncludeOldestAndNewestItems
<u>Find Exchange logs for messages that failed to deliver</u>
Get-MessageTrackingLog -Start "21/12/2011 6:00:00" -server server01 | where {$_.eventId -eq 'Fail'} | ft * -wrap -autosize
<u>Find messages where delivery failed </u>
Get-MessageTrackingLog -EventId FAIL -Start "20/12/2011 6:00:00" -server server01 | ft TimeStamp,Source,EventID,Recipients,Sender,RecipientStatus -wrap -autosize
<u>See which mailboxes a user has direct permissions to access</u>
get-mailbox -OrganizationalUnit 'domain.local/Mailboxes/Shared' | get-mailboxpermission | where {$_.user -like 'domain\user01'}
<u>Find mailboxes that have a specified ACE set</u>
get-mailbox -OrganizationalUnit 'domain.local/Mailboxes/Shared' | get-adpermission | where {$_.AccessRights -contains 'WriteProperty' -and $_.Properties -like 'Personal-Information'} | ft -wrap -autosize
<u>Find active sync utilisation for mailboxes</u>
Get-Mailbox -ResultSize:Unlimited |ForEach {Get-ActiveSyncDeviceStatistics -Mailbox:$_.Identity} |ft identity,devicemodel,LastSuccessSync,LastPolicyUpdateTime,DeviceType,DeviceID,DeviceUserAgent,LastPingHeartbeat,DeviceFriendlyName,DeviceOS,DeviceIMEI,DevicePhoneNumber
<u>Find SMTP mail delivery failures</u>
foreach ($server in Get-TransportServer) {Get-MessageTrackingLog -EventId FAIL -Start "01/01/2012 6:00:00" -server $server.name | where {$_.recipients -like '*@*' -and $_.recipients -notlike '*@local.com' -and $_.recipients -notlike 'IMCEAEX*'} | ft EventId,Source,Sender,Recipients -wrap -autosize}
<u>Find the owner of one or more mailboxes</u>
get-mailbox -id user01 | get-adpermission -owner | ft -wrap -autosize
<u>Get the Exchange 2007 organisation config</u>
Get-OrganizationConfig
<u>Find the Exchange 2007 accepted domains (authoritative and relay)</u>
Get-AcceptedDomain
<u>Find logs for distribution list expansion</u>
foreach ($server in Get-TransportServer) {Get-MessageTrackingLog -EventId EXPAND -Start "29/02/2012 17:28:00" -server $server.name | ft Timestamp,Sender,RelatedRecipientAddress,Recipients,RecipientStatus -wrap -autosize}
<u>Find logs for e-mail from a specific address</u>
foreach ($server in Get-TransportServer) {Get-MessageTrackingLog -Sender "user01@external.com" -Start "29/02/2012 17:28:00" -server $server.name | ft Timestamp,Recipients,RecipientStatus,Sender -wrap -autosize}
<u>Find logs for failed messages</u>
foreach ($server in Get-TransportServer) {Get-MessageTrackingLog -EventId FAIL -Start "29/02/2012 17:28:00" -server $server.name | ft Timestamp,Recipients,RecipientStatus,Sender -wrap -autosize}
<u>Find logs for messages from the last minute</u>
foreach ($server in Get-TransportServer) {Get-MessageTrackingLog -start (Get-Date).AddMinutes(-1) -server $server.name | ft Timestamp,Sender,RelatedRecipientAddress,Recipients,RecipientStatus -wrap -autosize}
<u>Find mail attributes for a public folder</u>
get-mailpublicfolder -id "\Folder01\SubFolder01" | fl *
<u>Find Exchange 2007 Web Services</u>
Get-WebServicesVirtualDirectory | fl *
<u>Find Exchange Message Tracking messages from a particular client IP</u>
foreach ($server in Get-TransportServer) {Get-MessageTrackingLog -resultsize unlimited -start (Get-Date).AddMinutes(-15) -server $server.name | where {$_.ClientIp -eq '192.168.1.10'} | ft * -wrap -autosize}
<u>Report explicit OU security for OUs in the domain</u>
$ous = dsquery ou "dc=domain,dc=local" -limit 0; $permissions = foreach ($ou in $ous) {Get-ADPermission -id $ou.replace('"','') | where {$_.IsInherited -eq $False -and $_.User -like 'DOMAIN\*'}}; $permissions | select Identity,User,Deny,{$_.ChildObjectTypes},{$_.AccessRights},{$_.Properties},{$_.InheritedObjectType} | export-csv -path c:\temp\OU_Permission_20120309.csv
<u>Find OWA Internal/External URL configuration</u>
Get-OwaVirtualDirectory | where {$_.name -eq 'owa (Default Web Site)'} | ft Server,Name,InternalUrl,ExternalUrl -wrap -autosize
<u>Find transport server message tracking configuraiton </u>
Get-TransportServer | fl Name,messagetra*
<u>List the available event logs from a remote server</u>
Get-EventLog -computer server01 -list
<u>List the Exchange 2007 diagnostic logging configuration</u>
Get-EventLogLevel -server server01 | ft -wrap -autosize
<u>Enable connectivity logging for Exchange 2007 Edge/Hub transport servers</u>
get-TransportServer -id server01 | set-transportserver -ConnectivityLogEnabled:$true
<u>View messages in the queue</u>
get-queue -server server01 | get-message -IncludeRecipientInfo | fl *
<u>Find recipients with a filter based on department</u>
get-recipient -filter '((Department -eq "DEPT") -and (Alias -ne $null))'
<u>Find users that do not have the specified primary SMTP address domain</u>
get-recipient -filter '(ObjectClass -eq "User")' -resultsize:unlimited | where {$_.PrimarySmtpAddress -notlike "*@domain.local"} | ft Identity,PrimarySmtpAddress -wrap -autosize
<u>Export to CSV users that don't have the specified primary SMTP domain</u>
get-recipient -filter '(ObjectClass -eq "User")' -resultsize:unlimited | where {$_.PrimarySmtpAddress -notlike "*@domain.local"} | select Identity,PrimarySmtpAddress,Department | export-csv -path c:\temp\PrimarySMTP.csv
<u>Expand a nested distribution group, counting all mail recipients</u>
. C:\data\scripts\PowerShell\Exchange\ExpandDL.ps1 "CN=DL01,OU=Groups,dc=domain,dc=local"
<u>Find the user and SID on mailbox permissions (useful when sidhistory is used)</u>
get-mailboxpermission -id user01 | ft User,{$_.user.securityidentifier} -wrap -auto
<u>Find mailbox enabled users with a first/last name using ActiveDirectory</u>
$users = get-aduser -filter {givenName -like '*' -and sn -like '*' -and mailnickname -like '*'}
<u>Find user mailbox recipients that have a first and last name set</u>
$mailboxes = get-recipient -resultsize unlimited -filter "(firstName -like '*' -and lastname -like '*' -and Alias -like '*' -and RecipientType -eq 'UserMailbox')"; foreach ($mailbox in $mailboxes) { $firstName = $mailbox.firstname.replace(" ", ""); $lastName = $mailbox.lastname.replace(" ", ""); $primary = $mailbox.EmailAddresses | where {$_.IsPrimaryAddress -eq $true -and $_.PrefixString -eq "SMTP"} ; $mailSplit = $primary.SmtpAddress.split(".@"); if ($firstName -ne $mailSplit[0] -or $lastName -ne $mailSplit[1]) { Write-Host $primary.SmtpAddress; }}
<u>Find mail recipients that don't have a first or last name (shared mailboxes)</u>
$mailboxes = get-recipient -resultsize unlimited -filter {firstName -eq $null -and lastname -eq $null -and Alias -like '*' -and RecipientType -eq 'UserMailbox'}
<u>Find mailboxes with the specified domain name</u>
get-mailbox -filter {emailaddresses -like '*@domain.local'}
<u>Find mailboxes with the specified domain name as their primary address</u>
get-mailbox -filter {emailaddresses -like '*@domain.local'} | get-mailbox | where {$_.primarysmtpaddress -like '*@domain.local'}
<u>Find distribution lists that can be emailed externally</u>
$dls = get-distributiongroup -resultsize unlimited -filter {Alias -ne $null -and RequireAllSendersAreAuthenticated -eq $true}
<u>Update the accept from for a DL with a list of users</u>
$users = "User01, Test", "User02, Test"; foreach ($user in $users) {$user = get-mailbox -id $user; if ($user) {Get-DistributionGroup -id "DL01" | Update-List -Property AcceptMessagesOnlyFrom -Add $user.distinguishedName | Set-DistributionGroup }}
<u>Update a distribution list to allow sending only from another DL</u>
set-distributiongroup -id dl01 -AcceptMessagesOnlyFromDLMembers dl02
<u>Find the user accounts for mailbox recipients with first and last name </u>
$mail = get-user -filter {(FirstName -ne $null -and LastName -ne $null)} -RecipientTypeDetails UserMailbox,LinkedMailbox -resultsize unlimited -OrganizationalUnit "OU=Mailboxes,dc=domain,dc=local" | select FirstName,LastName,windowsemailaddress
<u>Find users that don't conform to first.last@ email addresses</u>
$mail = get-user -filter {(FirstName -ne $null -and LastName -ne $null)} -RecipientTypeDetails UserMailbox,LinkedMailbox -resultsize unlimited -OrganizationalUnit "OU=Mailboxes,dc=domain,dc=local" | select FirstName,LastName,windowsemailaddress
<u>Create a new transport rule setting SCL based on subject or body text</u>
$condition = Get-TransportRulePredicate SubjectOrBodyContains; $condition.words = "SCL=9"; $action = Get-TransportRuleAction SetSCL; $action.sclvalue = 9; New-TransportRule -name "Filter01" -Condition $condition -Action $action
<u>Find mailboxes configured to forward and report details</u>
$outputFile = "c:\temp\EmailForward_" + ([DateTime]::Now.ToString("yyyyMMddhhmmss")) + ".csv"; get-mailbox -filter {forwardingaddress -ne $null} | sort -prop whenChanged -descending | select whenChanged,SamAccountName,Identity,DeliverToMailboxAndForward,ForwardingAddress, @{N='ForwarderPrimarySMTPAddress';E={$recipient = get-recipient -id $_.ForwardingAddress; if ($recipient.recipienttype -eq 'MailContact') {write-output $recipient.externalemailaddress.tostring().replace("SMTP:","")} else {write-output $recipient.primarysmtpaddress}}},@{N='RecipientType';E={$recipient = get-recipient -id $_.ForwardingAddress; write-output $recipient.recipienttype.tostring()}} | export-csv -path $outputFile; write-host $outputFile
<u>Turn on send connector verbose logging</u>
get-sendconnector -id 'SendConnect01' | set-sendconnector -ProtocolLogginglevel verbose
<u>Find NDR 5.4.6 routing loops in the last day from all transport servers</u>
foreach ($server in Get-TransportServer) {Get-MessageTrackingLog -resultsize unlimited -EventId FAIL -Start (Get-Date).AddDays(-1) -server $server.name | where {$_.RecipientStatus -like '*5.4.6*'} | ft Timestamp,Recipients,RecipientStatus,Sender -wrap -autosize}
<u>Find email addresses that aren't using first.last</u>
foreach ($user in $mail) { if (!($user.windowsemailaddress.tostring().tolower().contains($user.firstname.tolower().replace(' ', '') + '.' + $user.lastName.tolower().replace(' ', '') + '@'))) { write-host $user.windowsemailaddress} }
<u>Export a mailbox to PST</u>
export-mailbox -id user01 -PSTFolderPath c:\temp\user01.pst
<u>Find the Exchange 2003 global restrictions in AD for envelope recipients</u>
Get-ADObject -id "CN=Message Delivery,CN=Global Settings,CN=ORG,CN=Microsoft Exchange,CN=Services,CN=Configuration,dc=domain,dc=local" -prop msExchRecipLimit
<u>Find the Exchange 2007/2010 global restrictions in AD for envelope recipients</u>
Get-ADObject -id "CN=Transport Settings,CN=ORG,CN=Microsoft Exchange,CN=Services,CN=Configuration,dc=domain,dc=local" -prop msExchRecipLimit
<u>Find the Exchange 2007 transport settings for max enveople recipients</u>
Get-TransportConfig | fl MaxRecipientEnvelopeLimit
<u>Update managedBy for a distribution group</u>
get-distributiongroup -id DL01 | Set-DistributionGroup -ManagedBy "CN=user01,OU=Mailboxes,dc=domain,dc=local"
<u>Get the offline address book update schedule </u>
$oab = Get-OfflineAddressBook; $oab.schedule | ft -wrap -auto
<u>Find the offline address book server, PF database and web distribution point</u>
Get-OfflineAddressBook | fl Server,PublicFolderDatabase,VirtualDirectories
<u>Find the Offline Address Book virtual directory</u>
Get-OabVirtualDirectory | ft -wrap -auto
<u>Find the custom resource schema configuration for custom resource properties</u>
Get-ResourceConfig
<u>Gather public folder statistics</u>
$pfstats = Get-PublicFolderStatistics -server server01
<u>Start the Exchange Management Shell from a standard powershell instance</u>
add-pssnapin Microsoft.Exchange.Management.PowerShell.Admin; . "C:\Program Files\Microsoft\Exchange Server\bin\Exchange.ps1"
<u>Send an SMTP e-mail with PowerShell 2.0 or later</u>
send-mailmessage -from $sendfrom -to $sendto -subject $subject -body $body -BodyAsHtml -smtpServer $smtpserver
<u>Add an availability address space to access local public folder schedule+ FB</u>
Add-AvailabilityAddressSpace -ForestName remote.address.space -AccessMethod PublicFolder
<u>Query free/busy schedule+ public folder replica information</u>
get-publicfolder -Identity "\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY" -Recurse | ft Name,OriginatingServer,Replicas -wrap -auto
<u>Query free/busy schedule+ public folder information on Exchange 2007/2010</u>
get-publicfolder -Identity "\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY" -Recurse | Get-PublicFolderItemStatistics | ft PublicFolderName,Subject -wrap -auto
<u>Show the e-mail addresses for the specified user in list format</u>
((Get-Mailbox user01).EmailAddresses)
<u>Add a secondary e-mail address in Exchange 2010 to a mailbox user</u>
Set-Mailbox user01 -EmailAddresses (((Get-Mailbox user01).EmailAddresses)+="smtp:user01@test.com")
<u>Add a secondary e-mail address in Exchange 2010 to a MEU</u>
Set-MailUser testuser01 -EmailAddresses (((Get-MaiLUser testuser01).EmailAddresses)+="smtp:testuser01@new.domain.com") -whatif
<u>Update the targetAddress attribute for an ADSI object</u>
$user = [adsi]"LDAP://CN=testuser01,OU=Migrated,DC=domain,DC=local"; $user.put("targetAddress","smtp:testuser01.User@new.domain.com")
<u>List the client-side public folder permissions for all public folders</u>
$pfperms = Get-PublicFolder -recurse | Get-PublicFolderClientPermission
<u>Get the report from a Exchange 2010 new-moverequest operation</u>
$MoveReport = (Get-MailboxStatistics -Identity user01 -IncludeMoveReport).MoveHistory
<u>Add to the managedBy property of a distribution list</u>
set-distributiongroup -id $group -managedby (((get-distributiongroup -id $group).managedby) += $user.identity.distinguishedName)
<u>Find the current management roles that have distribution in the name</u>
Get-ManagementRoleAssignment | where {$_.name -like '*recipient*'} -warningaction silentlycontinue | ft -wrap -auto
<u>Find CAS array information for an Exchange 2010 installation</u>
get-clientaccessarray
<u>Find delegate access to a mailbox with Exchange 2010 SP1</u>
adfind -b "DC=domain,DC=local" -f "(&(objectClass=User)(objectCategory=Person)(msExchDelegateListLink=*))" -h dc01.domain.local samaccountname msExchDelegateListLink
<u>Find delegate access to a mailbox with Exchange 2010 SP1 through backlink</u>
adfind -b "DC=domain,DC=local" -f "(&(objectClass=User)(objectCategory=Person)(MsExchDelegateListBL=*))" -h dc01.domain.local samaccountname MsExchDelegateListBL
<u>Convert legacy global distribution groups to universal</u>
Get-Group -ResultSize Unlimited -RecipientTypeDetails NonUniversalGroup -OrganizationalUnit "OU=Distribution Lists,OU=Resources,DC=domain,DC=local" | Where-Object {$_.GroupType -match 'global'} | Set-Group -Universal
<u>Mail-enable legacy global DLs that have been converted to universal</u>
Get-Group -ResultSize Unlimited -RecipientTypeDetails UniversalDistributionGroup -OrganizationalUnit "OU=Distribution Lists,OU=Resources,DC=domain,DC=local" | enable-distributiongroup
<u>Change group scope for non-universal groups to universal</u>
Get-DistributionGroup -ResultSize Unlimited -RecipientTypeDetails MailNonUniversalGroup | Set-Group -Universal
<u>Upgrade Exchange 2010 legacy groups</u>
Get-DistributionGroup -ResultSize Unlimited | Set-DistributionGroup -ForceUpgrade
<u>Extract all properties of one or more users and save to CSV</u>
get-aduser -ldapfilter "(&(objectClass=User)(objectCategory=Person)(samaccountname=*.exchtest*))" -prop * | export-csv -path c:\temp\TestUsers.csv
<u>Create a new display name with surname in UPPER and first in Title case</u>
$newName = $user.LastName.toUpper() + ' ' + (Get-Culture).textinfo.totitlecase($user.FirstName)
<u>Start a remote powershell session to an exchange 2010 namespace</u>
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://cas01.domain.local/PowerShell/ -Authentication Kerberos; Import-PSSession $Session
<u>Start a remote powershell session to an exchange 2010 namespace using prefix</u>
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://cas01.domain.local/PowerShell/ -Authentication Kerberos; Import-PSSession $Session -prefix ResForest
<u>Bitwise OR to whether whether grouptype is distribution or security</u>
if (14 -bor 2147483648 -eq 14) {write-output "Distribution} else {write-output "Security"}
<u>Find mailbox folder permissions in Exchange 2010</u>
$mailbox = get-mailbox -id user01; get-mailboxfolderpermission -id ($mailbox.primarysmtpaddress.tostring() + ":\Calendar")
<u>Find the Exchange 2010 autodiscover URL (then stored in SCP)</u>
Get-ClientAccessServer | fl *autodisc*
<u>Find Exchange 2010 RBAC management roles</u>
Get-ManagementRole -id 'Distribution Groups' | fl *
<u>Find Exchange 2010 RBAC management role assignments</u>
Get-ManagementRoleAssignment |where {$_.role -eq 'Distribution Groups'} | ft -wrap -auto
<u>Select the value of a property as an array of strings rather noteproperty</u>
$members = get-adgroup "CN=group,DC=domain,DC=local" -server $dc | get-adgroupmember -server $dc | %{write-output $_.SamAccountName.ToString()}
<u>Convert a group from security to distribution</u>
get-adgroup -id migtestdl3 | set-adgroup -GroupCategory 0
<u>Find recipient info from multiple forests and group by primary SMTP domain</u>
$recipients = get-recipient -domaincontroller dc01.domain.local -OrganizationalUnit "OU=People,DC=domain,DC=local" -filter {(firstName -ne $null -and LastName -ne $null) -and (RecipientType -eq 'UserMailbox')} -resultsize unlimited ; $recipients += get-recipient -domaincontroller targetdc.target.domain -OrganizationalUnit "OU=People,DC=target,DC=domain" -filter {(firstName -ne $null -and LastName -ne $null) -and (RecipientType -eq 'UserMailbox')} -resultsize unlimited ; $recipients | select @{N='EmailDomain';e={$_.primarysmtpAddress.tostring().split("@")[1]}} | group-object -prop EmailDomain | sort -prop Count | ft -wrap -auto
<u>Find mailboxes from multiple forest and info on e-mail domain and islinked</u>
$mailboxes = get-recipient -domaincontroller dc01.domain.local -OrganizationalUnit "OU=People,DC=domain,DC=local" -filter {(firstName -ne $null -and LastName -ne $null) -and (RecipientType -eq 'UserMailbox')} -resultsize unlimited | get-mailbox -domaincontroller dc01.domain.local; $mailboxes += get-recipient -domaincontroller dc01.taret.domain -OrganizationalUnit "OU=People,DC=target,DC=domain" -filter {(firstName -ne $null -and LastName -ne $null) -and (RecipientType -eq 'UserMailbox')} -resultsize unlimited | get-mailbox -domaincontroller dc01.target.domain; $mailboxes | select OriginatingServer,@{N='EmailDomain';e={$_.primarysmtpAddress.tostring().split("@")[1]}},IsLinked | group-object -prop OriginatingServer,EmailDomain,IsLinked | sort -prop Count | ft Count,Name -wrap -auto
<u>Find mailboxes with an ActiveSync device partnership</u>
get-casmailbox -resultsize unlimited | where {$_.HasActiveSyncDevicePartnership -eq 'true'}
<u>Find the preferred domain controllers for the current Exchange 2010 session</u>
Get-ADServerSettings | fl *
<u>Set domain controller configuration for an exchange server</u>
Set-ExchangeServer -StaticConfigDomainController dc01 StaticDomainControllers dc01,dc02 -StaticExcludedDomainControllers dc03 -StaticGlobalCatalogs gc01
<u>Link an Exchange 2010 mailbox to a cross-forest security principal</u>
get-mailbox user01 | set-mailbox -LinkedMasterAccount domain\user01 -linkeddomaincontroller dc01.domain.local
<u>Get Exchange 2010 IMAP settings</u>
Get-IMAPSettings -Server cas01
<u>Disable policy and update the primary SMTP address of a 2010 mailbox </u>
get-mailbox -id "CN=user01,OU=People,DC=domain,DC=local" | set-mailbox -EmailAddressPolicyEnabled $false -PrimarySmtpAddress user01@domain.local
<u>Find the server generating the Offline Address Book</u>
Get-OfflineAddressBook | ft server,guid,AddressLists -wrap -auto (files stored in C:\Program Files\Microsoft\Exchange Server\V14\ExchangeOAB\)
<u>Prepare an Exchange 2010 cross-forest move (create MEU and merge contact)</u>
.\Prepare-MoveRequest.ps1 -Identity $username -RemoteForestCredential $cred -RemoteForestDomainController dc01.domain.local -LinkedMailUser -MailboxDeliveryDomain domain.local -TargetMailUserOU "OU=Resource Forest Accounts,DC=domain,DC=local" -UseLocalObject
<u>Initiate an Exchange 2010 cross-forest move request</u>
New-MoveRequest -Identity $username -RemoteLegacy -RemoteGlobalCatalog dc01.domain.local -TargetDatabase 'DB01' -RemoteCredential $cred -TargetDeliveryDomain 'domain.local' ?Verbose
<u>Get an Exchange 2010 move request report</u>
$moverequest = Get-MoveRequestStatistics -id user01 -IncludeReport; $moverequest.report
<u>Get all the mailbox users in an OU and set a user property</u>
get-mailbox -org "OU=Resource Forest Accounts,DC=domain,DC=local" | set-user -company 'Company01'
<u>Check Exchange 2010 CAS RPC Client Access stats for online mode</u>
$matches = select-string -pattern "2013-03" -simple -path "\\cas01\c$\Program Files\Microsoft\Exchange Server\V14\Logging\RPC Client Access\RCA_201303*"; $results = foreach ($match in $matches) {$line = $match.line; write-output $line }; $results | out-file -file c:\temp\rpcusage.txt -encoding ascii; $rpc = import-csv -path c:\temp\rpcusage.txt -header date-time,session-id,seq-number,client-name,organization-info,client-software,client-software-version,client-mode,client-ip,server-ip,protocol,application-id,operation,rpc-status,processing-time,operation-specific,failures; $classic = $rpc | where {$_.'client-mode' -eq 'Classic' -and $_.'client-software' -eq 'outlook.exe'}; $classic | select client-name | group-object -prop client-name | ft -wrap -auto Count,Name
<u>Find Exchange 2007/2010 mailbox statistics in MB (not with remote powershell)</u>
get-mailbox -id user* | get-mailbox | get-mailboxstatistics | select DisplayName,ItemCount,@{n='SizeMB';e={$_.TotalItemSize.value.tomb()}} | ft -wrap -autosize
</code></pre>
<span style="font-size: 85%;"><br /></span>
<span style="font-size: 85%;">Wayne's World of IT (WWoIT), Copyright 2010 Wayne Martin. </span>
Wayne Martinhttp://www.blogger.com/profile/09719833406577070443noreply@blogger.com3tag:blogger.com,1999:blog-6043156720447404006.post-75794581842624440782010-08-15T21:11:00.000+10:002010-08-15T21:11:58.194+10:00vSphere Storage vMotion trafficThis post provides information on storage vMotion in VMware vSphere 4 with ESXi 4.0 U2 hosts. While using storage vMotion to move data between unconnected storage, I conducted some simple testing to identify the networks and ports used for vMotion.<br />
<br />
I’ve never seen an explanation of how storage vMotion works, and while it seems kind of obvious in retrospect, I thought some people might find this interesting.<br />
<br />
<br />
Summary<br />
<br />
<ol><li>The scope of a storage vMotion operation is datacenter wide, not limited to clusters or which host can see which storage.</li>
<li>In the testing conducted, storage vMotion relies upon the management network to transfer the disk data between the two ESXi hosts</li>
<li>If this method was used to import a large number of VMs from foreign storage then the limitation would typically be the 1GB vmnic used for the management network.</li>
<li>To allow the migration between datastores not visible by a single host, the VM would also be migrated between hosts.</li>
</ol><br />
Scenario<br />
<br />
Two hosts managed by single vCenter instance, vc01:<br />
<ol type="disc"><li>esx01 part of the CLUS1 cluster</li>
<li>esx02 not in a cluster</li>
<li>esx01, connected only to the iSCSI SAN 1</li>
<li>esx02, connected only to the iSCSI SAN 2</li>
</ol><br />
Management network on vmk0 using two GbE interfaces on both hosts. Vmk0 on the management network with load balancing based on the virtual port ID.<br />
<br />
Test<br />
<br />
The test conducted was using storage vmotion to move a virtual machine through VirtualCenter on vc01 from a datastore visible only to esx02 to a datastore visible only to esx01. <br />
<ol type="disc"><li>The source datastore was LUN02 (visible only to esx02) and the destination datastore was LUN01 (visible only to esx01). </li>
<li>vMotion was used to automatically migrate the VM from esx02 to esx01 (as the VM had moved storage)</li>
</ol><br />
Traffic and network usage observed<br />
<br />
<ol type="disc"><li>On esx02 unsupported console, vmk0 source 192.168.0.12.60504 (esx02), destination 192.168.0.11.902 (esx01). </li>
<li>Command: /bin/tcpdump-uw -I vmk0 -nn</li>
</ol><br />
esx02<br />
<ol type="disc"><li>MbRx 190Mb/sec on software iSCSI NIC – Reading the disk information from iSCSI SAN 2 for the VM</li>
<li>MbTx 136Mb/sec – Transmit the information across the management network to esx01.</li>
<li>Command: resxtop --server esx02 (‘n’ for network information)</li>
</ol><br />
esx01<br />
<ol type="disc"><li>MbRx 120Mb/sec – receiving the disk data from esx02 across the management network</li>
<li>MbTx 200Mb/sec on software iSCSI NIC – writing the data to the SAN across the iSCSI network</li>
<li>Command: resxtop --server esx01 (‘n’ for network information)</li>
</ol><br />
The following diagram shows the traffic flow of storage vMotion on an iSCSI network:<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxFiiP-R4a05e2kj2cbcMOFXIxHKClhYE6e2tn_GosBxNfcpNjOdfvhZXwa9OT2yHbYG1GNcT_IjcKp9aTDesfZyHhM8P7eeo9FIJJ9P0v-U7h7CLOqOElFgfToE5UfZrcB68GOS6YLIQ/s1600/Blog137_Storage+vMotion+generic.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" ox="true" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxFiiP-R4a05e2kj2cbcMOFXIxHKClhYE6e2tn_GosBxNfcpNjOdfvhZXwa9OT2yHbYG1GNcT_IjcKp9aTDesfZyHhM8P7eeo9FIJJ9P0v-U7h7CLOqOElFgfToE5UfZrcB68GOS6YLIQ/s320/Blog137_Storage+vMotion+generic.jpg" width="303" /></a></div>Wayne Martinhttp://www.blogger.com/profile/09719833406577070443noreply@blogger.com8tag:blogger.com,1999:blog-6043156720447404006.post-19580198421861102242010-08-14T20:17:00.000+10:002010-08-14T20:17:52.597+10:00Resizing a VM's Windows system OS with Set-HardDiskWith vSphere PowerCLI Update 1 there is now an automated method of increasing the system disk of a virtual machine. This essentially performs the same thing as I’ve been doing manually for a while now - the disk is resized and mounted to a ‘helper vm’ and diskpart extends the disk, the helper VM is then shutdown and the risk removed, and when the resized VM starts up the OS prompts for a final reboot after detecting the disk change.<br />
<br />
Note that both the target and helper VM must be powered off, and credentials must be passed or the helpervm argument is ignored. The guest credentials are used on the Windows helper VM to authenticate using the VMtools mechanism to invoke a command inside a VM.<br />
<br />
<span><pre class='mycode'><code>
$guetsusername = "domain\username"
$guestpass = Read-Host "Guest password (administrator of the server)?" -assecurestring
$hostusername = "root"
$hostpass = Read-Host "Host Password (VI SDK access to the ESX host)?" -assecurestring
$hostcredential = new-object System.Management.Automation.PSCredential($hostusername, $hostpass)
$guestcredential = new-object System.Management.Automation.PSCredential($guetsusername, $guestpass)
$sizeGB = 30
$sizeKB = $sizeGB *1024*1024
$harddisk = Get-HardDisk -vm vm01
Set-HardDisk -HardDisk $harddisk[0] -capacityKB $sizeKB -hostcredential $hostcredential -guestcredential $guestcredential -helpervm $vm
</code></pre></span><br />
<br />
An error occurred when trying to use domain credentials to pass to the vCenter SDK – host credentials are required, not credentials to vCenter (which seems odd).<br />
<span><pre class='mycode'><code>
Set-HardDisk -HardDisk $harddisk[0] -capacityKB 31457280 -hostcredential $hostcredential -guestcredential $guestcredential -helpervm helpervm
Set-HardDisk : 4/02/2010 1:25:04 PM Set-HardDisk 919835D1-AD13-41DF-ABDE-D630E96FE722 While performing operation 'Connect to host service 'https://esx01/sdk' at port 902' the following error occured: 'Insufficient permissions in host operating system'
At line:1 char:13
+ Set-HardDisk <<<< -HardDisk $harddisk[0] -capacityKB 31457280 -hostcredential $hostcredential -guestcredential $guestcredential -helpervm helpervm
</code></pre></span><br />
<br />
<span><pre class='mycode'><code>
Another error occurred when trying to resize a VM, the script used failed. Note that I tried this manually and it also failed (must have been something particular to that VM). It was interesting to see that from this it looks like the cmdlet uses the invoke-vmscript to run a remote script through the VMtools interface that calls the diskpart commands.
Set-HardDisk : 4/02/2010 11:22:11 AM Set-HardDisk 919835D1-AD13-41DF-ABDE-D630E96FE722 Execution of the script in guest OS on VM 'helpervm' failed: '
Microsoft DiskPart version 5.2.3790.3959
Copyright (C) 1999-2001 Microsoft Corporation.
On computer: HELPERVM
Disk 1 is now the selected disk.
Volume 2 is the selected volume.
The volume you have selected may not be extended.
Please select another volume and try again.
'
At line:1 char:13
+ Set-HardDisk <<<< -HardDisk $harddisk[0] -capacityKB 31457280 -hostcredential $hostcredential -guestcredential $guestcredential -helpervm $vm
</code></pre></span><br />
<br />
<span style="font-size: 85%;">Wayne's World of IT (WWoIT), Copyright 2010 Wayne Martin. </span>Wayne Martinhttp://www.blogger.com/profile/09719833406577070443noreply@blogger.com4tag:blogger.com,1999:blog-6043156720447404006.post-74359381685425062832010-05-09T17:40:00.001+10:002010-05-09T17:41:30.753+10:00Keeping Citrix sessions alive with sendkeysI use the following script as a way of keeping my Citrix session alive to thwart security guys and their over-aggressive timeouts.<br />
<br />
Normally I don't like to use sendkeys, but this seemed like the perfect way to trick ica into thinking keys were being pressed...<br />
<br />
PowerShell and VBScript versions below.<br />
<br />
<span><pre class='mycode'><code>
#
# Find the wfica.exe process and poke keystrokes at it, preventing a Citrix session from timing out
# Be careful what you have open and what keystrokes you poke
[System.Object[]]$processes = get-process | where {$_.ProcessName -eq "wfica32.exe"}
if ($processes.count -ge 1) { $process = $processes[0] }
if ($process -is [System.Diagnostics.Process])
{
$processes | format-list -property *
for (;;)
{
[void] [System.Reflection.Assembly]::LoadWithPartialName("'Microsoft.VisualBasic")
[Microsoft.VisualBasic.Interaction]::AppActivate($process.Id)
start-sleep -seconds 1
[void] [System.Reflection.Assembly]::LoadWithPartialName("'System.Windows.Forms")
[System.Windows.Forms.SendKeys]::SendWait("1")
start-sleep -seconds 240
}
}
</code></pre></span><br />
<br />
<span><pre class='mycode'><code>
Set objWshShell = CreateObject("Wscript.Shell")
strProcessName = "wfica32.exe"
intProcessID = 0
Call FindProcessID(strProcessName, intProcessID)
if (intProcessID > 0) Then
wscript.echo "Found process ID: " & intProcessID
Do
objWshShell.AppActivate(intProcessID)
WScript.Sleep 1000
objWshShell.SendKeys "1"
WScript.Sleep 240000
Loop
End If
Function FindProcessID(ByRef strProcessName, ByRef intProcessID)
strQuery = "Select * from Win32_Process Where Name = '" & strProcessName & "'" ' WQL query string looking for the specified process
Set objNameSpace = GetObject("winmgmts://./root/cimv2") ' The cimv2 namespace of the local machine
FindProcessID = vbFalse
Set objProcessSet = objNameSpace.ExecQuery(strQuery) ' Execute the query
For Each objProcess in objProcessSet ' For each process in the set, ordered by oldest to newest
intProcessID = objProcess.ProcessID
WScript.Echo "Found process, ID: " & intProcessID
WScript.Echo objProcess.Name & ", " & intProcessID & ", " & objProcess.CreationDate & ", " & objProcess.CommandLine & ", " & objProcess.Priority & ", " & objProcess.WorkingSetSize & ", " & objProcess.PageFileUsage
FindProcessID = vbTrue
Next
Set objNameSpace = Nothing : Set objProcessSet = Nothing : Set objProcess = Nothing
End Function
</code></pre></span><br />
<span style="font-size: 85%;">Wayne's World of IT (WWoIT), Copyright 2010 Wayne Martin. </span>Wayne Martinhttp://www.blogger.com/profile/09719833406577070443noreply@blogger.com6tag:blogger.com,1999:blog-6043156720447404006.post-18837510028564451892010-03-27T21:33:00.002+10:002010-03-27T21:33:53.147+10:00More useful command-linesThis is the third edition of useful command lines, adding another 95 commands that I've found useful. Note that many of the command-line calls may require Microsoft utilities (such as dsquery, wmic, dnscmd).<br />
<br />
Most of the commands are for the windows-based command interpreter, with a few PowerShell and ESX service console commands creeping in. They range from diagnostics, troubleshooting and simply automating recurring tasks.<br />
<br />
Each command-line can be copied and pasted at the command prompt, if you use a batch file you'll need to reference variables with double-percent (%%).<br />
<br />
See the previous two posts for more command-line operations:<br />
<a href="http://waynes-world-it.blogspot.com/2008/09/useful-command-lines.html">http://waynes-world-it.blogspot.com/2008/09/useful-command-lines.html</a><br />
<a href="http://waynes-world-it.blogspot.com/2009/09/more-useful-command-lines.html">http://waynes-world-it.blogspot.com/2009/09/more-useful-command-lines.html</a><br />
<br />
<span><pre class='mycode'><code>
<b>Given an IP and mask, return the subet the IP belongs to</b>
for /f "tokens=1-8 delims=.- " %i in ('echo 192.168.5.200 255.255.255.0') do set /a Octet1="%i & %m" >nul & set /a Octet2="%j & %n" >nul & set /a Octet3="%k & %o" >nul & set /a Octet4="%l & %p" >nul & Echo %i.%j.%k.%l,!Octet1!.!Octet2!.!Octet3!.!Octet4!,%m.%n.%o.%p
<b>Disable the internal speaker beep</b>
sc config beep start= demand & net stop beep
<b>List the Volume Shadow Copy Sets</b>
vssadmin list shadows
<b>List the volume Shadow Copy storage associations and sizes</b>
vssadmin list shadowstorage
<b>Create an FSRM storage report to check duplicate files</b>
Storrept Reports Add /Report:DuplicateFiles /Task:FSRM-DuplicateFiles /Scope:"E:\Data" /Name:"Duplicate Files" /Format:CSV /MailTo:user@somewhere.com
<b>Create a scheduled task prior to creating a 2003 FSRM report </b>
schtasks /create /sc MONTHLY /D 1 /tn FSRM-DuplicateFiles /tr "storrept reports generate /scheduled /task:FSRM-DuplicateFiles" /st 19:00:00 /ru system
<b>Find the number of mailboxes on the specified msExchHomeServerName</b>
dsquery * -filter "(&(objectClass=User)(objectCategory=Person)(mailnickname=*)(msExchHomeServerName=*servername*))" -limit 0 | find /i /c "cn"
<b>Join text copied from the command-line to a single line when pasting</b>
Hold down the shift key when copying the text
<b>Query the current control set, last known good and failed hives </b>
reg query HKLM\system\select
<b>Make persistent changes to service control dependencies</b>
sc \\%server% config snmp depend= EventLog/
<b>Assign a drive letter to a recently created partition/volume</b>
diskpart assign letter=e
<b>Convert a group from type distribution to type security</b>
dsmod group %groupDN% -secgrp Yes
<b>Query for global security or distribution groups</b>
dsquery * -filter "(&(groupType:1.2.840.113556.1.4.803:=2))"
<b>Query for global security groups</b>
dsquery * -filter "(&(groupType:1.2.840.113556.1.4.803:=-2147483646))"
<b>Given a list of group DNs, find if those groups are a member of other groups </b>
for /f "tokens=*" %i in (groups.txt) do @for /f "tokens=*" %m in ('"dsget group -memberof %i | find /i "cn" & if errorlevel 1 Echo Not a member of any groups"') do @echo %i,%m
<b>Find the domain controller GUID of the specified DC </b>
dsquery * "CN=dcname,OU=Domain Controllers,DC=domainRoot" -scope base -attr objectguid
<b>Find the domain GUID </b>
dsquery * "domainRoot" -scope base -attr objectGUID
<b>Display the local WLBS Microsoft Network Load Balancing configuration</b>
nlb display
<b>Perform an LDAP ping against rootDSE to get the DC NETLOGON_SAM_LOGON_RESPONSE</b>
adfind -rootDSE -f "(&(DnsDomain=domainFQDN)(Host=%computer%)(User=%computer%$)(DomainGuid=\30\FA\03\19\36\4F\47\1D\35\8F\C4\96\72\74\69\B3)(NtVer=\06\00\00\00))" netLogon
<b>Find the master browser for the subnet from NetBIOS browser</b>
browstat getmaster \Device\NetBT_Tcpip_{3393FDD1-0D42-4DA4-8E53-36D9E00195F5} NETBIOS_DOMAIN_NAME
<b>List the databases on an MSSQL 2005 server</b>
sqlcmd -S %server% -d master -W -s "," -Q "SELECT NAME FROM sysdatabases Order By Name"
<b>List the Service Control Manager security descriptor</b>
sc sdshow SCMANAGER
<b>Update the Service Control Manager SD on 2003 to allow non-admin access</b>
sc sdset SCMANAGER D:(A;;CCLCRPRC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)
<b>Update the DACL for a service to allow a user to query and interrogate the svc</b>
subinacl /service \\%server%\SysmonLog /grant=domain\user=QSI
<b>Find DFS roots from Active Directory</b>
dsquery * "CN=Dfs-Configuration,CN=System,domainRoot" -filter "(objectClass=fTDfs)"
<b>List the DFS trust domain SPC cache</b>
dfsutil /spcinfo
<b>Find the SQL Server version</b>
sqlcmd -S %server% -d master -W -s "," -Q "SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY ('productlevel'), SERVERPROPERTY ('edition')"
<b>Find the SQL Server 2000 affinity mask </b>
sqlcmd -S %server% -d master -W -s "," -Q "select c.value from master..sysconfigures c, master..spt_values v, master..syscurconfigs r where v.type = 'C' and v.number = c.config and v.number >= 0 and v.number = r.config and v.name ='affinity mask'"
<b>Find the SQL Server 2005 affinity mask</b>
sqlcmd -S %server% -d master -W -s "," -Q "SELECT Name, Value, Minimum, Maximum, Value_in_use, is_dynamic, is_advanced from SYS.Configurations Where Name = 'affinity mask'"
<b>Find SQL Server 2005 configuration options</b>
sqlcmd -S %server% -d master -W -s "," -Q "SELECT Name, Value, Minimum, Maximum, Value_in_use, is_dynamic, is_advanced from SYS.Configurations Order By Name"
<b>Find SQL Server 2000 license information, Mode 0x0 per-seat, 0x2 per-proc</b>
reg query "\\%server%\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\80\MSSQLLicenseInfo\MSSQL8.00
<b>Find SQL Server 2000/2005 instances</b>
reg query "\\%server%\hklm\software\microsoft\Microsoft SQL Server" /v InstalledInstances
<b>Set environment variables for YYYYMMDD and YYYYMMDDHHMMSS</b>
for /f "tokens=1-8 delims=/:. " %i in ('echo %date% %time%') do Set DateTime=%l%k%j&Set DateTimeLong=%l%k%j%m%n%o
<b>Microsoft iSCSI, list sessions</b>
iscsicli SessionList
<b>Microsoft iSCSI, Report iSCSI and MPIO version information</b>
iscsicli VersionInfo
<b>Show disk usage by username (Windows Resource Kit)</b>
diskuse c:\
<b>Check whether external or forest trusts have SID filter qurantining enabled</b>
nltest /domain_trusts /v
<b>From a list of computers, run a command if the machine responds to a ping</b>
for /f %i in (computers.txt) do @ping -n 1 %i >nul & if errorlevel 0 if not errorlevel 1 echo %i
<b>Extract performance counters from a perfmon binary file and save as csv </b>
relog.exe -f csv Perfmon.blg -o perfmon.csv
<b>Make a bootable CD using the specified boot sector file and source files</b>
oscdimg /m /n /h -bc:\temp\bootsector.bin "c:\temp\source" install.iso
<b>Find the Exchange storage groups known to AD</b>
dsquery * "CN=Configuration,domainRoot" -filter "(&(objectClass=msExchStorageGroup))" -attr name msExchESEParamCircularLog msExchESEParamEventSource msExchESEParamLogFilePath msExchESEParamLogFileSize msExchESEParamSystemPath msExchESEParamZeroDatabaseDuringBackup msExchRecovery msExchESEParamEnableOnlineDefrag msExchESEParamEnableIndexChecking msExchESEParamBaseName msExchESEParamCommitDefault msExchESEParamDbExtensionSize msExchESEParamPageTempDBMin msExchESEParamPageFragment msExchESEParamCheckpointDepthMax
<b>Check if an executable is large address aware (confirms support)</b>
dumpbin /headers sqlservr.exe
<b>Find all file/registry/thread/event details for a remote machine</b>
psexec \\%server% -c handle.exe -a > c:\temp\handle.txt
<b>Dump configuration with netsh that can be used to import</b>
netsh interface ip dump > IPConfig.txt
<b>Reapply settings saved with netsh export</b>
netsh -f IPConfig.txt
<b>List the SCSI devices for a group of machines</b>
for /f %i in (computers.txt) do @for /f "tokens=1,2,*" %m in ('"devcon -m:\\%i listclass SCSIAdapter | find /i "VEN""') do @echo %i,%o
<b>Adjust the priority of a process given its PID </b>
setprio /P %PID% /L 2
<b>Find the paged and non-paged pool memory allocations</b>
poolmon
<b>Create a local tag file for paged and non-paged pool memory allocations</b>
poolmon /c
<b>Add a trigger to an existing scheduled task</b>
jt.exe /sac "\\%server%\c$\windows\Tasks\taskname.job" /ctj StartTime=15:10 StartDate=02/02/2010 type=DAILY typearguments=1
<b>Find AdminSDHolder / SDPROP groups in the directory</b>
dsquery * -filter "(&(objectClass=Group)(objectCategory=Group)(adminCount=1))"
<b>Query for all objects that are protected (that are members of the groups above)</b>
dsquery * -filter "(adminCount=1)"
<b>Count how many user accounts are protected by the SDPROP process</b>
dsquery * -filter "(&(objectClass=User)(objectCategory=Person)(adminCount=1))" | find /i /c "CN="
<b>Find disk and partition relationships</b>
wmic path Win32_LogicalDiskToPartition
<b>LDAP string to search for mail-enabled user and contact objects</b>
"(&(|((objectClass=Contact)(objectClass=User)))(objectCategory=Person)(mailnickname=*))"
<b>Find SCPs (Service Connection Points) for objects other than print queues</b>
dsquery * -filter "&((objectClass=ConnectionPoint)(!(objectClass=PrintQueue)))" -limit 0
<b>List VSS Shadowstorage associations</b>
wmic /node:%server% path win32_shadowstorage
<b>List VSS Max storage for disabled volumes</b>
reg query HKLM\System\CurrentControlSet\Services\VSS\Volumes\Associations\{00b810fd-8ab6-11de-9d34-806e6f6e6963}\{00b810fd-8ab6-11de-9d34-806e6f6e6963}\MaxDiffSpace
<b>Force a STOP error and generate a memory dump (Stop 0x2E) after enabling</b>
Right Ctrl+ScrollLock+ScrollLock
<b>Enable the option to generate a STOP error on demand</b>
reg add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\i8042prt\Parameters /v CrashOnCtrlScroll /t reg_dword /d 0x1
<b>Logoff a remote terminal sessions session (after using query.exe)</b>
logoff rdp-tcp#42 /v /server:%server%
<b>List the DLL function exports of the specified DLL</b>
dumpbin c:\temp\dllname.dll /exports
<b>Terminate a disconnected terminal services session</b>
rwinsta 0 /server:%server%
<b>Find memory information from a list of machines</b>
for /f %i in (computers.txt) do for /f "tokens=1-5" %m in ('"wmic /node:%i path Win32_PerfFormattedData_PerfOS_Memory get PoolNonpagedBytes,PoolPagedBytes,PoolPagedResidentBytes,FreeSystemPageTableEntries,AvailableMBytes | find /i /v "bytes""') do echo %i,%m,%n,%o,%p,%q
<b>Set the percentage at which the paged pool working set is trimmed</b>
reg add "\\%server%\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management" /v PoolUsageMaximum /t reg_dword /d 60
<b>Calculate a replication summary for the domain</b>
repadmin /replsum /bysrc /bydest /sort:delta
<b>Check a 2008 R2 schema forest prep has run successfully (rvevision=5)</b>
dsquery * "CN=ActiveDirectoryUpdate,CN=ForestUpdates,CN=Configuration,domainRoot" -attr * -scope base
<b>Check a 2008 R2 schema domain prep has run successfully (revision=5)</b>
dsquery * "CN=ActiveDirectoryUpdate,CN=DomainUpdates,CN=System,domainRoot" -attr * -scope base
<b>Find the infrastructure role holder for the DNS domain application partition</b>
dsquery * "CN=Infrastructure,DC=DomainDNSZones,domainRoot" -attr fSMORoleOwner
<b>Find the application partitions from the forest root configuration NC</b>
dsquery * "CN=Partitions,CN=Configuration,domainRoot" -filter "(&(objectClass=crossRef)(msDS-SDReferenceDomain=*))" -attr ncName dnsRoot
<b>Monitor the page faults of an application (hard and soft)</b>
pfmon.exe c:\temp\application.exe
<b>Monitor the page faults of a process (hard and soft)</b>
psmon /p %PID%
<b>Reset the SystemPages memory management for available PTE's to server 2003 def.</b>
reg add "\\%server%\HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v SystemPages /t reg_dword /d 0x0x
<b>Find Exchange mailbox limits for user accounts</b>
csvde -f limits.csv -l samaccountname,cn,mDBStorageQuota,mDBOverQuotaLimit,mDBUseDefaults,mDBOverHardQuotaLimit,homeMDB -r "(&(objectClass=User)(objectCategory=Person)(mailnickname=*))"
<b>Find computer accounts not server, XP or Vista</b>
dsquery * domainroot -filter "(&(objectCategory=Computer)(objectClass=Computer)(&(!(operatingSystem=*prof*)(!(operatingSystem=*server*)(!(operatingSystem=*vista*))))))" -limit 0 -attr CN operatingSystem operatingSystemVersion
<b>Find SPNs from the directory</b>
dsquery * -filter "(servicePrincipalName=*)" -attr cn servicePrincipalName -limit 0
<b>Query a list of groups and determine the group type (global/local/universal)</b>
dsquery group -name *groupfilter* | dsget group -scope -secgrp -dn
<b>Perform a NetBIOS name lookup</b>
nblookup %NETBIOS_NAME%
<b>Extract DNS scavenging events from the DNS eventlog</b>
wmic /node:"%server%" path Win32_NTLogEvent WHERE "SourceName='DNS' AND LogFile='DNS Server' AND EventCode=2501"
<b>Dump GPO information on priority and inherited links for an OU</b>
cscript DumpSOMInfo.wsf "OUName" /ShowInheritedLinks
<b>Copy a GPO </b>
cscript copygpo.wsf "Default Domain Policy" "Test Domain Policy" domain.com domain.com %SourceDC% %TargetDC%
<b>Backup a number of GPOs from a control file input</b>
for /f "tokens=*" %i in (gpos.txt) do cscript backupgpo.wsf "%i" c:\temp\gpo
<b>Create a number of blank GPOs from a control file input </b>
for /f "tokens=*" %i in (c:\temp\gpo.txt) do cscript CreateGPO.wsf "%i" /domain:domain.com
<b>Add GPO permissions for a number of GPOs</b>
for /f "tokens=*" %i in (c:\temp\gpo.txt) do cscript SetGPOPermissions.wsf "%i" domain\user /permission:fulledit
<b>List the available features for a 2008 R2 online installation </b>
dism /online /get-features
<b>Allow remote desktop connections on a 2008 R2 server (requires reboot)</b>
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t reg_dword /d 0x0
<b>Allow remote desktop connections on a 2008 R2 server core (requires reboot)</b>
cscript C:\Windows\System32\Scregedit.wsf /ar 0
<b>Set the boot timeout for a 2008 server</b>
bcdedit /timeout 5
<b>Modify startup and recovery settings prevent automatic restart on 2008 server </b>
reg add HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CrashControl /v "AutoReboot" /t reg_dword /d 0x0
<b>Modify the performance options to adjust for best performance</b>
reg add HKU\.default\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects /v VisualFXSetting /t reg_dword /d 0x2
<b>Disable hibernation on 2008 server</b>
powercfg -hibernate off
<b>Change the default user profile to adjust performance options for best perf</b>
reg load c:\users\Default\ntuser.dat & reg add HKLM\a\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects /v VisualFXSetting /t reg_dword /d 0x2 & reg unload hkml\a
<b>Enable boot logging on 2008 server</b>
bcdedit /set {default} bootlog yes
<b>Disable Windows Error Reporting on 2008 server</b>
serverWerOptin /disable
<b>Adjust windows server 2008 event log sizes to 128MB</b>
wevtutil sl Security /ms:135266304
<b>Install Windows Server 2008 R2 optional components (features and roles)</b>
cmd /c start /w ocsetup RSAT-NIS;SNMP;WMISnmpProvider;WindowsServerBackup;WindowsServerBackupCommandlet;NetFx3;MicrosoftWindowsPowerShellISE /quiet /norestart /log:c:\temp\install.log
<b>Check Microsoft iSCSI initiator MaxRequestHoldTime </b>
reg query "\\%server%\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\0002\Parameters" /v MaxRequestHoldTime
</code></pre></span><br />
<span style="font-size: 85%;">Wayne's World of IT (WWoIT), Copyright 2010 Wayne Martin. </span>Wayne Martinhttp://www.blogger.com/profile/09719833406577070443noreply@blogger.com1tag:blogger.com,1999:blog-6043156720447404006.post-2259807515238635872010-01-14T22:33:00.004+10:002010-01-14T22:39:37.566+10:00PowerCLI: Copy-VMGuestFileIn VMware PowerCLI Update 1, a new cmdlet has been added to copy files to/from guest OS’s using the VMTools. Under normal circumstances this wouldn’t be all that useful, but if a machine is not accessible on the network – either a DMZ or a test-lab environment for example – there is now a method to easily copy files to and from the guest machines.<br /><br />For example:<br /><span><pre class='mycode'><code>copy-vmguestfile -source c:\windows\system32\imageres.dll -destination c:\temp\ -vm vm01 -guesttolocal -hostuser root -hostpassword * -guestuser administrator -guestpassword *</code></pre></span><br />Note that you need to specify the passwords, or not specify credentials at all for a prompt, or you can use a pscredential object.<br /><br />Unfortunately wildcards are currently unsupported, but it would be easy to loop through local files within PowerShell to upload based on wildcards.<br /><br />I ran this with the measure-command cmdlet to see how fast it was – about 0.5MB/sec– not too quick, but a lot better than nothing.<br /><br /><span><pre class='mycode'><code>measure-command -expression {copy-vmguestfile -source c:\windows\system32\imageres.dll -destination c:\temp\ -vm vm01 -guesttolocal -hostuser root -hostpassword * -guestuser administrator -guestpassword *}<br /><br />Seconds : 26<br />Milliseconds : 539<br />Ticks : 265390633<br />TotalDays : 0.000307165084490741<br />TotalHours : 0.00737196202777778<br />TotalMinutes : 0.442317721666667<br />TotalSeconds : 26.5390633<br />TotalMilliseconds : 26539.0633</code></pre></span><br /><br /><span style="font-size: 85%;">Wayne's World of IT (WWoIT), Copyright 2010 Wayne Martin. </span>Wayne Martinhttp://www.blogger.com/profile/09719833406577070443noreply@blogger.com4tag:blogger.com,1999:blog-6043156720447404006.post-7574351051707913592009-11-29T16:07:00.000+10:002009-11-29T16:08:10.386+10:00vCenter file copy with virtual floppy diskn an ESXi or vCenter environment, without network connectivity to a virtual machine from your administrative workstation it's quite hard to bi-directionally transfer files. <br /><br />This post discusses a simple method I use for small quick file transfer from a secure virtual machine to my administrative workstation, using virtual floppy drives managed from the command-line.<br /><br />This process uses vfd.exe, but presumably any virtual floppy software on your workstation could be used. The virtual machine also needs to have a floppy drive...<br /><br />To bi-directionally transfer files from a non-network connected VM to my administrative workstation:<br /><ol><li>Create a virtual floppy disk on my workstation</li><br /><li>Mount that floppy disk file as a virtual floppy drive on my workstation as A:</li><br /><li>Through VI client, connect the VM to the A: drive </li><br /><li>On the VM, copy files to/from A: drive and disconnect from the floppy</li><br /><li>On my workstation, copy files to/from the virtual A:</li><br /><li>Close the virtual floppy</li></ol><br /><br />Using vfd.exe:<br /><ol><li>vfd install</li><br /><li>vfd open c:\temp\new.flp</li><br /><li>Use VI Client to connect to A:</li><br /><li>Copy files, then disconnect the VM virtual device</li><br /><li>copy a:\*.*</li><br /><li>vfd close</li></ol><br /><br />The obvious limitation of this is that the size is limited to 1.44MB. I tried with a 2.44MB floppy and the virtual machine didn't recognise this disk.<br /><br />This doesn’t work with a virtual CD-ROM, as it’s mounted as read-only in the VM, so bi-directional copies aren’t available. You can still use a similar process for creating an ISO to copy files into a VM though. For this I use oscdimg.exe (Microsoft utility) to create my ISO from the command-line.Wayne Martinhttp://www.blogger.com/profile/09719833406577070443noreply@blogger.com1tag:blogger.com,1999:blog-6043156720447404006.post-232914125484938622009-10-30T23:14:00.003+10:002009-10-31T23:07:18.846+10:00VMware PowerCLI commandsThe VMware PowerCLI PowerShell interface provided for managing vSphere systems is a fantastic tool that should be useful for all VMware admins.<br />
<br />
I've gathered these commands while implementing and managing ESXi 4.0 clusters, use with caution on any production system.<br />
<br />
This is an extension of a previous post:<br />
<a href="http://waynes-world-it.blogspot.com/2009/08/vmware-vsphere-powercli-commands.html">VMware vSphere PowerCLI commands</a><br />
<br />
<span><pre class='mycode'><code>
<u>Join a cluster by moving an ESX host from one location to the cluster</u>
Move-Inventory -Item (Get-VMHost -Name esxHost) -Destination (Get-Cluster -Name clusterName)
<u>Get the VMware.Vim.ClusterComputeResource MO from the PowerCLI cluster object</u>
$clusterview = get-view $cluster.Id
<u>Reconfigure a host for VMware HA (high availability)</u>
$vmhost = get-vmhost -name esxHost; $hostMO = Get-View -ID $vmhost.ID; $hostMO.ReconfigureHostForDAS()
<u>Find migration events for the last day</u>
$events = Get-VIEvent -Start (Get-Date).AddDays(-1) | where {$_.fullFormattedMessage -match "Migrating.*"}
<u>Find events other than CPU Alarms or user login/logout for the last day</u>
$events = Get-VIEvent -Start (Get-Date).AddDays(-1) | where {$_.fullFormattedMessage -notmatch "Alarm.*CPU.*|User.*logged.*"}
<u>Find events for degraded MPIO path redundancy </u>
$events = Get-VIEvent -Start (Get-Date).AddDays(-1) | where {$_.fullFormattedMessage -match "Path redundancy to storage.*degraded"}
<u>Report the date, host and description for MPIO path redundancy errors</u>
foreach ($event in $events) {write-output ($event.createdTime.ToString() + "," + $event.host.get_name() + "," + $event.fullFormattedMessage)}
<u>List a table of VI events with only the date and message</u>
$events | format-table -wrap -autosize -property createdTime,fullFormattedMessage
<u>List the physical networks adapters and the current link speed (ESX 4.0)</u>
$hostSystem = get-view -ViewType HostSystem; $hostConfigManager = $hostSystem.get_ConfigManager(); $hostNetworkSystem = $hostConfigManager.get_NetworkSystem(); $netSystem = Get-View $hostNetworkSystem; $netSystem.NetworkConfig.pnic; foreach ($pnic in $netSystem.NetworkConfig.pnic) {Write-Output ($pnic.Device + "," + $pnic.spec.linkspeed.SpeedMB)}
<u>List the vSwitches and the uplinks currently attached</u>
$hostSystem = get-view -ViewType HostSystem; $hostConfigManager = $hostSystem.get_ConfigManager(); $hostNetworkSystem = $hostConfigManager.get_NetworkSystem(); $netSystem = Get-View $hostNetworkSystem; foreach ($vswitch in $netSystem.NetworkConfig.vSwitch) {Write-Output ($vSwitch.Name + "," + $vswitch.spec.policy.NicTeaming.NicOrder.ActiveNic)}
<u>Remove snapshots from a group of machines</u>
$VMs = Get-VM -Location (get-folder -name "vmFolder"); foreach ($vm in $vms) {remove-snapshot -snapshot (Get-Snapshot -vm $vm) -confirm:$false}
<u>Take snapshots of a group of machines</u>
$VMs = Get-VM -Location (get-folder -name "vmFolder"); foreach ($vm in $VMs) {New-Snapshot -Name "snapshot 01" -description "Snapshot description" -vm $vm -Quiesce:$false}
<u>Find VM name, description and primary disk datastore</u>
$VMs = get-vm; foreach ($vm in $VMs) {write-output ($vm.Name + ",""" + $vm.Description + """," + $vm.harddisks[0].FileName.Replace(" ", ",")) | out-file -append -filepath c:\temp\VM_Datastores.txt}
<u>Bring a host out of maintenance most</u>
Set-VMHost -VMHost esxHost -State Connected
<u>Generate diagnostic support bundles for all hosts</u>
get-log -vmhost (get-vmhost) -bundle -destinationpath c:\temp\bundles
<u>Find the network adapter type for each VM</u>
$vms = get-vm ; foreach ($vm in $vms) {write-host $vm.Name "-" $vm.networkadapters[0].type}
<u>Find physical NICs and whether they're set to autonegotiate or hardcoded</u>
foreach ($pnic in $hostNetwork.pnic) {if($pnic.linkSpeed -eq $null) {$ls = "Auto"} else {$ls= $pnic.linkSpeed.speedMB.toString() + ":" + $pnic.linkSpeed.duplex} ;write-output ($pnic.Device + "," + $ls)}
<u>Find host sytem build information</u>
$hostSystems = get-view -ViewType HostSystem; foreach ($hostSystem in $hostSystems) {Write-Output ($hostSystem.Name + "," + $hostSystem.config.product.Fullname)}
<u>Find VMs and whether the VMtools is configured to synchronising time </u>
$vmSet = Get-VM ; foreach ($vm in $vmSet) { $view = get-view $vm.ID ;$config = $view.config; $tools = $config.tools; Write-Output ($vm.Name + "," + $tools.SyncTimeWithHost) }
<u>Revert to a snapshot</u>
set-vm -vm vmName -snapshot (get-snapshot -vm vmName) -confirm:$false
<u>Remove a virtual machine from inventory and delete from disk</u>
remove-vm -DeleteFromDisk:$true -RunAsync:$true -vm vmName
<u>Shutdown one or more Virtual Machine guests</u>
shutdown-vmguest -vm $vms -confirm:$false
<u>Start one or more Virtual Machine guests</u>
start-vm -vm $vms -confirm:$false
<u>Forcefully power off one or more Virtual Machines</u>
stop-vm $vms -confirm:$false
<u>Get a virtual switch from the specified ESX host</u>
get-virtualswitch -name vSwitch1 -vmhost esxHost
<u>Create a new port group on the specified vSwitch</u>
New-VirtualPortGroup -Name "pgName" -VirtualSwitch $vs
<u>Find ESX memory balloon averages for the last five days</u>
get-stat -entity $hosts -start (Get-Date).AddDays(-5) -finish (Get-Date) -stat mem.vmmemctl.average
<u>Export a list of VMs</u>
$vms | select-object -prop Name | out-file -filepath c:\temp\vms.txt
<u>Export a list of VM guest hostnames </u>
$vms = get-vm; foreach ($vm in $vms) { write-output $vm.guest.get_HostName()}
</code></pre></span><br />
<span style="font-size: 85%;">Wayne's World of IT (WWoIT), Copyright 2009 Wayne Martin. </span>Wayne Martinhttp://www.blogger.com/profile/09719833406577070443noreply@blogger.com0tag:blogger.com,1999:blog-6043156720447404006.post-8317679880997522422009-10-13T22:38:00.000+10:002009-10-13T22:38:03.989+10:00Service Control Manager Security for non-adminsAllowing non-administrators rights for service control sounds deceptively simple, but unfortunately it’s not. After Windows Server 2003 SP1, the default rights are very focused on administrator-only access for service control.<br />
<br />
This post describes how to view and modify the security descriptor for the Service Control Manager (SCM) and individual services as required.<br />
<br />
Show the descriptor for SCM:<br />
<span style="font-family:courier new;font-size:78%;">sc sdshow SCMANAGER<br />
<br />
D:(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)</span><br />
<br />
In this case, the output shows that by default, Authenticated Users (AU) only have connect, but not enumerate (LC) for SCM.<br />
<br />
If you want to allow a non-administrator to connect to the Service Control Manager and enumerate the services, you can modify the security descriptor by using something like the following command to add enumerate, read control and query lock status for Authenticated Users with SCM:<br />
<span style="font-family:courier new;font-size:78%;">sc sdset SCMANAGER<br />
<br />
D:(A;;CCLCRPRC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)</span><br />
<br />
This allows connecting to the SCM and enumerating services. However, if the DACL on the individual services only allows administrators access to the services, then they still won’t be accessible. You’ll need to run specific 'sc sdset' commands against particular services, or use subinacl to change all services with one command.<br />
<br />
Note that the sc.exe version with XP does not support this syntax – use the sc.exe on 2003 server.<br />
<br />
For individual services, you could then allow query and interrogate with the following command:<br />
<br />
<span style="font-family:courier new;font-size:78%;">subinacl /service \\server\* /grant=domain\user=QSI</span><br />
<br />
Note that to map the ACE flags to the meaning with regards to service control, I went through the following process:<br />
<ol><li>Find the access rights from the flag, eg CC = SDDL_CREATE_CHILD = ADS_RIGHT_DS_CREATE_CHILD (ACE Strings link below)</li><li>Find the constant matching this value, eg. 0x1 (ADS_RIGHTS_ENUM Enumeration link below)</li><li>Match this to the SCM access right for the hexadecimal value, eg. 0x1 = SC_MANAGER_CONNECT (Service Security and Access Rights link below)</li></ol>Map between sdshow output, right, hex value and SC/service meaning:<br />
<span><pre class='mycode'><code>
"CC" ADS_RIGHT_DS_CREATE_CHILD = 0x1, SC_MANAGER_CONNECT, SERVICE_QUERY_CONFIG
"DC" ADS_RIGHT_DS_DELETE_CHILD = 0x2, SC_MANAGER_CREATE_SERVICE, SERVICE_CHANGE_CONFIG
"LC" ADS_RIGHT_ACTRL_DS_LIST = 0x4, SC_MANAGER_ENUMERATE_SERVICE, SERVICE_QUERY_STATUS
"SW" ADS_RIGHT_DS_SELF = 0x8, SC_MANAGER_LOCK, SERVICE_ENUMERATE_DEPENDENTS
"RP" ADS_RIGHT_DS_READ_PROP = 0x10, SC_MANAGER_QUERY_LOCK_STATUS, SERVICE_START,
"WP" ADS_RIGHT_DS_WRITE_PROP = 0x20, SC_MANAGER_MODIFY_BOOT_CONFIG, SERVICE_STOP
"DT" ADS_RIGHT_DS_DELETE_TREE = 0x40, SERVICE_PAUSE_CONTINUE
"LO" ADS_RIGHT_DS_LIST_OBJECT = 0x80, SERVICE_INTERROGATE
"CR" ADS_RIGHT_DS_CONTROL_ACCESS = 0x100 SERVICE_USER_DEFINED_CONTROL
"RC" READ_CONTROL = 0x20000 READ_CONTROL
</code></pre></span><br />
<br />
Access right Description for services and SCM:<br />
<br />
<span><pre class='mycode'><code>
SERVICE_QUERY_CONFIG (0x0001) Required to call the QueryServiceConfig and QueryServiceConfig2 functions to query the service configuration.
SERVICE_CHANGE_CONFIG (0x0002) Required to call the ChangeServiceConfig or ChangeServiceConfig2 function to change the service configuration. Because this grants the caller the right to change the executable file that the system runs, it should be granted only to administrators.
SERVICE_QUERY_STATUS (0x0004) Required to call the QueryServiceStatusEx function to ask the service control manager about the status of the service.
SERVICE_ENUMERATE_DEPENDENTS (0x0008) Required to call the EnumDependentServices function to enumerate all the services dependent on the service.
SERVICE_START (0x0010) Required to call the StartService function to start the service.
SERVICE_STOP (0x0020) Required to call the ControlService function to stop the service.
SERVICE_PAUSE_CONTINUE (0x0040) Required to call the ControlService function to pause or continue the service.
SERVICE_INTERROGATE (0x0080) Required to call the ControlService function to ask the service to report its status immediately.
SERVICE_USER_DEFINED_CONTROL(0x0100) Required to call the ControlService function to specify a user-defined control code.
SERVICE_ALL_ACCESS (0xF01FF) Includes STANDARD_RIGHTS_REQUIRED in addition to all access rights in this table.
READ_CONTROL Required to call the QueryServiceObjectSecurity function to query the security descriptor of the service object.
SC_MANAGER_CONNECT (0x0001) Required to connect to the service control manager.
SC_MANAGER_CREATE_SERVICE (0x0002) Required to call the CreateService function to create a service object and add it to the database.
SC_MANAGER_ENUMERATE_SERVICE (0x0004) Required to call the EnumServicesStatusEx function to list the services that are in the database.
SC_MANAGER_LOCK (0x0008) Required to call the LockServiceDatabase function to acquire a lock on the database.
SC_MANAGER_QUERY_LOCK_STATUS (0x0010)
SC_MANAGER_MODIFY_BOOT_CONFIG (0x0020) Required to call the NotifyBootConfigStatus function.
SC_MANAGER_ALL_ACCESS (0xF003F) Includes STANDARD_RIGHTS_REQUIRED, in addition to all access rights in this table.
</code></pre></span><br />
<br />
<br />
Directory service object access rights<br />
<br />
<span><pre class='mycode'><code>
"RC" SDDL_READ_CONTROL READ_CONTROL
"RP" SDDL_READ_PROPERTY ADS_RIGHT_DS_READ_PROP
"WP" SDDL_WRITE_PROPERTY ADS_RIGHT_DS_WRITE_PROP
"CC" SDDL_CREATE_CHILD ADS_RIGHT_DS_CREATE_CHILD
"DC" SDDL_DELETE_CHILD ADS_RIGHT_DS_DELETE_CHILD
"LC" SDDL_LIST_CHILDREN ADS_RIGHT_ACTRL_DS_LIST
"SW" SDDL_SELF_WRITE ADS_RIGHT_DS_SELF
"LO" SDDL_LIST_OBJECT ADS_RIGHT_DS_LIST_OBJECT
"DT" SDDL_DELETE_TREE ADS_RIGHT_DS_DELETE_TREE
"CR" SDDL_CONTROL_ACCESS ADS_RIGHT_DS_CONTROL_ACCESS
</code></pre></span><br />
<br />
ADS enum:<br />
<br />
<span><pre class='mycode'><code>
typedef enum {
ADS_RIGHT_DS_CREATE_CHILD = 0x1,
ADS_RIGHT_DS_DELETE_CHILD = 0x2,
ADS_RIGHT_ACTRL_DS_LIST = 0x4,
ADS_RIGHT_DS_SELF = 0x8,
ADS_RIGHT_DS_READ_PROP = 0x10,
ADS_RIGHT_DS_WRITE_PROP = 0x20,
ADS_RIGHT_DS_DELETE_TREE = 0x40,
ADS_RIGHT_DS_LIST_OBJECT = 0x80,
ADS_RIGHT_DS_CONTROL_ACCESS = 0x100
} ADS_RIGHTS_ENUM;
READ_CONTROL = 0x20000;
</code></pre></span><br />
<br />
<span style="font-size:85%;"><br />
References:<br />
<br />
Applying Security Descriptors on the Device Object<br />
<a href="http://msdn.microsoft.com/en-us/library/ms793368.aspx">http://msdn.microsoft.com/en-us/library/ms793368.aspx</a><br />
<br />
Non-administrators cannot remotely access the Service Control Manager after you install Windows Server 2003 Service Pack 1<br />
<a href="http://support.microsoft.com/default.aspx?scid=kb;EN-US;907460">http://support.microsoft.com/default.aspx?scid=kb;EN-US;907460</a><br />
<br />
Securing a Remote WMI Connection<br />
<a href="http://msdn.microsoft.com/en-us/library/aa393266(VS.85).aspx">http://msdn.microsoft.com/en-us/library/aa393266(VS.85).aspx</a><br />
<br />
Configuring a Report Server for Remote Administration<br />
<a href="http://msdn.microsoft.com/en-us/library/ms365170(SQL.90).aspx">http://msdn.microsoft.com/en-us/library/ms365170(SQL.90).aspx</a><br />
<br />
Service Security and Access Rights<br />
<a href="http://msdn.microsoft.com/en-us/library/ms685981(VS.85).aspx">http://msdn.microsoft.com/en-us/library/ms685981(VS.85).aspx</a><br />
<br />
How to grant users rights to manage services in Windows 2000<br />
<a href="http://support.microsoft.com/kb/288129">http://support.microsoft.com/kb/288129</a><br />
<br />
How to troubleshoot WMI-related issues in Windows XP SP2<br />
<a href="http://support.microsoft.com/kb/875605">http://support.microsoft.com/kb/875605</a><br />
<br />
ACE Strings<br />
<a href="http://msdn.microsoft.com/en-us/library/aa374928(VS.85).aspx">http://msdn.microsoft.com/en-us/library/aa374928(VS.85).aspx</a><br />
<br />
ADS_RIGHTS_ENUM Enumeration<br />
<a href="http://msdn.microsoft.com/en-us/library/aa772285(VS.85).aspx">http://msdn.microsoft.com/en-us/library/aa772285(VS.85).aspx</a><br />
</span><br />
<br />
<br />
<span style="font-size: 85%;">Wayne's World of IT (WWoIT), Copyright 2009 Wayne Martin. </span>Wayne Martinhttp://www.blogger.com/profile/09719833406577070443noreply@blogger.com2tag:blogger.com,1999:blog-6043156720447404006.post-37631249351125092992009-09-30T23:03:00.002+10:002009-09-30T23:05:29.880+10:00VMware Command-Line Interface commandsThe Windows command-line interface provided for managing ESX/ESXi systems is an invaluable tool for managing ESX infrastructure at the command-line. When using ESXi without a service console the CLI becomes even more useful.<br />
<br />
I've gathered these commands while implementing and managing ESXi 4.0 clusters, use with caution on any production system.<br />
<br />
ESXi 4.0 RCLI:<br />
<span><pre class='mycode'><code>
<b>List the NTP servers used by the host</b>
vicfg-ntp.pl --server esx01 --list
<b>Add a Software iSCSI NIC named vmk2</b>
esxcli --server=esx01 swiscsi nic add -n vmk2 -d vmhba33
<b>List the Software iSCSI NICs</b>
esxcli --server=esx01 swiscsi nic list -d vmhba33
<b>List the software iSCSI status on a host</b>
vicfg-iscsi.pl --server esx01 --swiscsi --list
<b>Enable software iSCSI on an ESX host</b>
vicfg-iscsi.pl --server esx01 --swiscsi --enable
<b>List the adapters bound to software iSCSI</b>
esxcli --server=esx01 swiscsi nic list -d vmhba33
<b>List the VMKernel NICs</b>
vicfg-vmknic.pl --server esx01 --list
<b>List the software iSCSI adapters</b>
vicfg-iscsi.pl --server esx01 --adapter --list
<b>Set the iSCSI alias for the specified adapter</b>
vicfg-iscsi.pl --server esx01 --iscsiname --alias esx01 vmhba33
<b>Bind a VMK software iSCSI NIC for MPIO PSA</b>
esxcli --server=esx01 swiscsi nic add -n vmk2 -d vmhba33
<b>Rescan a storage adapter bus</b>
vicfg-rescan.pl --server esx01 vmhba33
<b>Add a dynamic iSCSI discovery target</b>
vicfg-iscsi.pl --server esx01 --discovery --add --ip 10.1.1.10:3260 vmhba33
<b>Add CHAP authentication to an iSCSI discovery target</b>
vicfg-iscsi.pl --server esx01 --authentication --level chapRequired --method CHAP --auth_username esxchap --auth_password chapacc3ss80 --ip 10.2.128.33:3260 vmhba33
<b>Find the current ScratchConfig scratch location</b>
vicfg-advcfg.pl --server esx01 -g ScratchConfig.ConfiguredScratchLocation
<b>Set the scratch location for ESXi</b>
vicfg-advcfg.pl --server esx01 -s "/vmfs/volumes/esxds01/Scratch/esx01" ScratchConfig.ConfiguredScratchLocation
<b>Check if CIM OEM providers are enabled (such as Dell OM)</b>
vicfg-advcfg.pl --server esx01 -g UserVars.CIMOEMProvidersEnabled
<b>Enable CIM OEM Providers (such as Dell OM)</b>
vicfg-advcfg.pl --server esx01 -s "1" UserVars.CIMOEMProvidersEnabled
<b>Query the patches/updates/bulletins/VIBs installed on ESXi</b>
vihostupdate.pl --server esx01 -q
<b>Set the SNMP community for the ESXi host</b>
vicfg-snmp.pl --server esx01 -c public
<b>Enable the SNMP agent on an ESXi host</b>
vicfg-snmp.pl --server esx01 -E
<b>List the iSCSI node name</b>
vicfg-iscsi.pl --server esx01 --list --iscsiname --adapter vmhba36
<b>List the preferred nativte multipathing (NMP) path for a device</b>
esxcli --server esx01 nmp fixed getpreferred -d naa.6090332880cfdc44fda634b1ca2457b8
<b>Check whether round robin path selection is used for a device</b>
esxcli --server esx01 nmp roundrobin getconfig -d naa.6090a02833cfdc7ffd4434b1ca5457b8
<b>List the disk NAA/UUIDs known to a host</b>
esxcli --server esx01 nmp device list
<b>List the MPIO path to device mapping</b>
esxcfg-mpath.pl --server esx01 -m
<b>List the SCSI devices known to a host</b>
vicfg-scsidevs.pl --server esx01 --list
<b>List the available datastores on a host</b>
vifs.pl --server esx01 --listds
<b>List the contents of a datastore</b>
vifs.pl --server esx01 --dir [datastore]
<b>Upload a local file to a datastore through vifs</b>
vifs.pl --server esx01 --put c:\temp\file.txt dir/file.txt?dsName=datastoreName
<b>List virtual switches, port groups, uplinks and MTU</b>
vicfg-vswitch.pl -l --server esx01
<b>Browse the datastores or local host through ssl</b>
https://esx01/folder or https://esx01/host
<b>Find the vmnic configuration, including driver, current speed</b>
vicfg-nics.pl --server esx01 -l
<b>Set a vNIC to auto-negotiate</b>
vicfg-nics.pl --server esx01 --vihost esx01 -a vmnic0
<b>List the host-based files on an ESXi client</b>
vifs.pl --server esx01 --dir /host
</code></pre></span><br />
<br />
A few other useful VMware tips:<br />
<span><pre class='mycode'><code>
<b>Recreate the rui.pfx file for VirtualCenter</b>
openssl pkcs12 -export -in rui.crt -inkey rui.key -name rui -passout pass:testpassword -out rui.pfx
<b>Forcefully power off a suspended VM</b>
Delete the vmss file, and then power on the VM (state is lost)
<b>ESXi 4.0, access unsupported ssh console through the dcui</b>
Press Alt+F1, type unsupported, then the root password
</code></pre></span><br />
<span style="font-size: 85%;">Wayne's World of IT (WWoIT), Copyright 2009 Wayne Martin. </span>Wayne Martinhttp://www.blogger.com/profile/09719833406577070443noreply@blogger.com1tag:blogger.com,1999:blog-6043156720447404006.post-401970230125687852009-09-20T23:57:00.000+10:002009-09-20T23:57:15.153+10:00More useful command-linesThis is the second edition of useful command lines, adding another 132 commands that I've found useful. Note that many of the command-line calls may require Microsoft utilities (such as dsquery, wmic, dnscmd).<br />
<br />
Most of the commands are for the windows-based command interpreter, with a few PowerShell and ESX service console commands creeping in. They range from diagnostics, troubleshooting and simply automating recurring tasks.<br />
<br />
Each command-line can be copied and pasted at the command prompt, if you use a batch file you'll need to reference variables with double-percent (%%).<br />
<br />
See the original post with another 425 commands <a href="http://waynes-world-it.blogspot.com/2008/09/useful-command-lines.html">http://waynes-world-it.blogspot.com/2008/09/useful-command-lines.html</a><br />
<br />
<span><pre class='mycode'><code>
<b>Given an IP and mask, return the subet the IP belongs to</b>
for /f "tokens=1-8 delims=.- " %i in ('echo 192.168.5.200 255.255.255.0') do set /a Octet1="%i & %m" >nul & set /a Octet2="%j & %n" >nul & set /a Octet3="%k & %o" >nul & set /a Octet4="%l & %p" >nul & Echo %i.%j.%k.%l,!Octet1!.!Octet2!.!Octet3!.!Octet4!,%m.%n.%o.%p
<b>Display the contents of the client DNS resolver cache</b>
ipconfig /displaydns
<b>Find the package source path of a program from SMS</b>
wmic /namespace:\\root\sms\site_%sitecode% /node:"server" path SMS_Package Where "Name like '%programname%'" get Name,ShareName,PkgSourcePath
<b>Find the session associated with a process</b>
wmic path win32_process get name,sessionid
<b>List the local winstation windows objects</b>
objdir \Windows\Windowstations\Winsta0
<b>Query the configuration container for Exchange mailbox stores</b>
dsquery * ",CN=Configuration,DC=domainroot" -filter "(&(objectClass=msExchPrivateMDB)(objectCategory=msExchPrivateMDB))"
<b>Query a Virtual Centre/VC 2.5 database for Virtual Machine details</b>
sqlcmd -S server -d database -W -s "," -Q "select ENT.Name as 'Name', Lower(DNS_Name) as 'DNS Name', Guest_OS as 'OS', Mem_Size_MB as 'Mem', Num_VCPU as 'CPU', Num_NIC as 'NIC', IP_Address as 'IP', NET.MAC_Address as 'MAC Address', VM.FILE_Name as 'VMX location' from vpx_vm VM inner join VPX_NIC NET on VM.ID = NET.ENTITY_ID inner join VPX_ENTITY ENT on VM.ID = ENT.ID Order By ENT.Name"
<b>Query a Virtual Centre/VC 2.5 database for Virtual Machine snapshots (GMT+10)</b>
sqlcmd -S server -d database -W -s "," -Q "select ENT.Name as 'Name', Lower(DNS_Name) as 'DNS Name', Guest_OS as 'OS', Mem_Size_MB as 'Mem', IP_Address as 'IP', VM.FILE_Name as 'VMX location', VM.Suspend_Time as 'Suspend Time', VM.Suspend_Interval as 'Suspend Interval', VMS.Snapshot_Name as 'Snapshot Name', VMS.Snapshot_Desc 'Snapshot Description', DateAdd(Hour, 10, VMS.Create_Time) as 'Snapshot Time', VMS.Is_Current_Snapshot 'Current Snapshot' from vpx_vm VM inner join VPX_NIC NET on VM.ID = NET.ENTITY_ID inner join VPX_ENTITY ENT on VM.ID = ENT.ID inner join VPX_SNAPSHOT VMS on VM.ID = VMS.VM_ID"
<b>Test the password for a domain account (assumes no existing IPC connection)</b>
net use \\server\ipc$ /user:%domain%\%testuser% *
<b>View the last-access, modified, created and MFT entry modified timestampes</b>
timestomp "%fullpathtoFile%" -v
<b>Create a scheduled task escaped with a command containing double-quotes (2003)</b>
schtasks /create /SC Daily /TN "Task" /ST 12:00 /TR "cmd /c echo \"Test\"" /RU System
<b>Create a scheduled task running two commands</b>
schtasks /create /SC Daily /TN "Task" /ST 12:00 /TR "cmd /c echo Test1 & cmd /c echo Test2" /RU System
<b>Check a number of computers to see if hibernation is enabled</b>
for /f %i in (%controlfile%.txt) do @if exist \\%~i\c$\hiberfil.sys (echo %~i,Enabled) else (echo %~i,Disabled)
<b>For each path in a control file, list the 8.3 short equivalent</b>
for /f "tokens=*" %i in (test.txt) do echo %~si
<b>Use if exist and disabled path parsing to bypass max_path</b>
for /f "tokens=*" %i in (test.txt) do if exist "\\?\UNC\%~pnxi" echo File exists
<b>Enumerate a cluster through WMI</b>
wmic /node:"%node%" /namespace:\\root\mscluster path MSCluster_Cluster
<b>Given a path exceeding MAX_PATH, return the 8.3 equivalent of the directories</b>
for /f "tokens=*" %i in (longfiles.txt) do for /d %m in ("\\%~pi") do echo %~sm%~nxi
<b>Given a path you know contains deeper than 260, batch to return the 8.3 subdirs</b>
(3 lines) @for /f "tokens=*" %%i in (c:\temp\longdir1.txt) do @for /d %%m in ("\\%%~pi") do @Call :Process "%%~si" || :process || @if "%~1"=="" (goto :EOF) else (@for /d %%i in ("%~1\*.*") do @echo %%~si & Call :Process "%%~si")
<b>Set a Domain Controller to be a Global Catalog server</b>
dsmod server "%DC_DN%" -isgc yes
<b>Check which network connections (drive mappings) a computer has</b>
wmic /node:"%computer%" path win32_logicaldisk where "DriveType=4" get DeviceID,ProviderName
<b>Query the current site of a remote computer using nltest</b>
nltest /dsgetsite /server:%computer%
<b>Query the current site of a remote computer using the registry</b>
reg query \\%computer%\hklm\system\currentcontrolset\services\netlogon\parameters /v DynamicSiteName
<b>Check the schema version on a Domain Controller (R2=31)</b>
reg query \\%dc%\hklm\system\currentcontrolset\services\NTDS\parameters /v "Schema Version"
<b>Query the revision of 2003 Update (R2=9)</b>
dsquery * CN=Windows2003Update,CN=ForestUpdates,CN=Configuration,%forestRoot% -attr revision
<b>Check the schema version on a Domain Controller (R2=31)</b>
dsquery * "CN=Schema,CN=Configuration,%forestRoot%" -attr objectVersion -scope base
<b>Find the disk signature of a disk through diskpart</b>
echo select disk 0 > %temp%\diskpart.txt & echo detail disk >> %temp%\diskpart.txt & diskpart /s %temp%\diskpart.txt | find /i "Disk ID:"
<b>Search a dnscmd export for duplicate IP address references</b>
for /f "tokens=1,5" %i in (DNSExport.txt) do @if "%j" NEQ "" @for /f "tokens=1" %m in ('"findstr /i "%j$" DNSExport.txt find /i /c "%j""') do @if %m GTR 1 @echo %i,%j,%m
<b>Search and report duplicate IPs from a dnscmd export</b>
for /f "tokens=1,4" %i in (DNSExport.txt) do @if "%j" NEQ "" @for /f "tokens=1" %m in ('"findstr /i "%j$" DNSExport.txt find /i /c "%j""') do @if %m GTR 1 (@echo %j,%m: & findstr /i "%j$" DNSExport.txt & echo.)
<b>Dump the dfsr config from the active directory</b>
dfsrdiag dumpadcfg
<b>Remove Outlook 2003 prevention of PST usage</b>
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\11.0\Outlook /v DisablePST /t reg_dword /d 0x0
<b>Set the command prompt to include the time of the last command</b>
prompt $t $p$g
<b>Create a zero byte file</b>
echo file 2>zero.txt
<b>Given a list of files, echo those that are zero bytes in size</b>
for %i in (%source%\*) do @if %~zi == 0 @echo %i
<b>From a dnscmd export, find duplicate IP addresses</b>
echo. > DuplicateIPs.txt & (for /f "tokens=1,4" %i in (DNSRecords.txt) do @if "%j" NEQ "" @find /i "%j" DuplicateIPs.txt >nul & if errorlevel 1 for /f "tokens=1" %m in ('"findstr /i "%j$" DNSRecords.txt | find /i /c "%j""') do @if %m GTR 1 (@echo %j,%m: & findstr /i "%j$" DNSRecords.txt & echo.) >> DuplicateIPs.txt) & type DuplicateIPs.txt
<b>Start xperf performance tracing using the 'Diag' group</b>
xperf -start -on Diag -f %temp%\tracing.etl
<b>Open an xperf trace, exporting context switching for threads and processes</b>
xperf -i %temp%\tracing.etl -a cswitch -thread -process
<b>Check whether VMware VMFS partitions are block aligned to 128</b>
/sbin/fdisk -lu
<b>Query a Virtual Centre/VC 2.5 database for Consolidation performance stats</b>
sqlcmd -S server -d virtualcenter -W -s "," -Q "Select Top 6 ip_address as 'IP', cpu_mhz_avg/1000 as 'CPU', mem_mb_avg/1000 as 'RAM' , disk_percent_avg/1000 as 'Disk' from vpx_csl_system_perf vPERF inner join vpx_csl_system_ip_address vIP on vPERF.System_ID = vIP.system_ID order by sample_time desc"
<b>Identify Virtual Machines that are currently powered on</b>
/usr/sbin/vcbVmName -h %server% -u username -s powerstate:on
<b>Find OCS 2007 classes/attributes in AD</b>
dsquery * "CN=Schema,CN=Configuration,DC=forestRoot" -filter "(&((cn=*rtc*)(|(objectCategory=classSchema)(objectCategory=attributeSchema))))"
<b>Find OCS 2007 server from DNS service records</b>
nslookup -type=srv _SipInternalTLS._tcp.{FQDN}
<b>Find OCS 2007 Pools published in the current directory</b>
dsquery * -filter "(objectClass=msRTCSIP-Pools)"
<b>Find OCS 2007 SCPs from the local domain</b>
dsquery * "CN=Pools,CN=RTC Service,CN=Microsoft,CN=System,DC=domainRoot" -attr *
<b>Export config from OCS 2007 from a remote server</b>
lcscmd /config /action:export /level:machine /configfile:config.xml /fqdn:%server%
<b>IIS Authentication and Access Control Diagnostics</b>
authdiag.exe
<b>Find the number of VMs per datastore from the VC database</b>
sqlcmd -S server -d virtualcenter -W -s "," -Q "select DS.name, Count(VMDS.VM_ID) as 'VMs' from vpxv_vm_datastore VMDS inner join vpx_datastore DS on VMDS.DS_ID = DS.ID group by DS.name"
<b>Find detail on the VMs per datastore from the VC database</b>
sqlcmd -S server -d virtualcenter -W -s "," -Q "select DS.name, VMS.Name from vpxv_vm_datastore VMDS inner join vpx_datastore DS on VMDS.DS_ID = DS.ID inner join vpxv_vms VMS on VMDS.VM_ID = VMS.VMID order by DS.Name"
<b>Unattended install of IIS (assuming INF created with relevant [components])</b>
Sysocmgr.exe /i:%windir%\inf\sysoc.inf /u:%iisComponents%.inf
<b>Find the Exchange 2003 organization from AD</b>
dsquery * forestroot -filter "(&(objectCategory=msExchOrganizationContainer))"
<b>Mount a virtual floppy</b>
vfd install & vfd start & vfd open
<b>Send an SMTP mail using blat</b>
blat -f smtprelay@relay.local -to user@domain.com -subject Test -body "Test body" -server smtprelay
<b>Create MAPI profiles with an Exchange connection on a server without Outlook</b>
profman2.exe
<b>Find mailboxes that are excluded from Recipient Update Policies</b>
dsquery * -filter "(&(objectClass=User)(objectCategory=Person)(msExchPoliciesExcluded=*))" -attr cn msExchPoliciesExcluded | find /i "{26491CFC-9E50-4857-861B-0CB8DF22B5D7}"
<b>Export a connector space from MIIS/IIFP to XML</b>
csexport %maName% maExport.xml
<b>IIFP permissions, write proxyAddresses to user objects, inherited to subobjects</b>
dsacls "OU=%targetOU%,%domainRoot%" /I:S /G %DOMAIN%\%GROUP%:WP;proxyAddresses;user
<b>IIFP permissions, create and delete contact objects, inherited to subobjects</b>
dsacls "OU=%targetOU%,%domainRoot%" /I:S /G %DOMAIN%\%GROUP%:CCDC;contact
<b>IIFP permissions, read/write all properties, inherited to subobjects</b>
dsacls "OU=%targetOU%,%domainRoot%" /I:S /G %DOMAIN%\%GROUP%:RPWP;;contact
<b>Find extended rights in the directory that apply to schema classes</b>
dsquery * "CN=Extended-Rights,CN=Configuration,dc=forestRoot" -attr displayName CN
<b>Trigger the SD propagator adminsdholder process in a domain</b>
admod -rootdse "FixUpInheritance::1"
<b>Set interrupt processor affinity for PnP drivers</b>
intfiltr.exe
<b>Set interrupt processor affinity for processes persistent across reboots</b>
imagecfg.exe -a 0xF calc.exe (the mask to use the first four logical processors)
<b>Start an executable with the specified processor affinity</b>
start /affinity f calc.exe (the mask to use the first four logical processors)
<b>Modify a server to use only one processor</b>
boot.ini, add /onecpu switch
<b>Query DC/DNS servers and find unconditional non-ds forwarders</b>
for /f %i in ('dsquery server -domain %userdnsdomain% -o rdn') do @for /f "tokens=1,3" %m in ('"dnscmd %i /info > DNS_%i.txt & tail -5 DNS_%i.txt | find /i "addr[" | find /i "addr""') do @echo %~ni,%m,%n
<b>Create an Active Directory integrated DNS conditional forwarder (5.2.3790.0)</b>
dnscmd /ZoneAdd %targetDomain% /DsForwarder %targetDomainNSIP%
<b>Find DNS forwarder zones</b>
dnscmd %server% /enumzones /forwarder
<b>Find DNS forwarder targets</b>
for /f %i in ('"dnscmd %server% /enumzones /forwarder | find /i "forwarder""') do dnscmd %server% /zoneinfo %i | find /i "master"
<b>Find AdminSDHolder groups with GROUP_TYPE_SECURITY_ENABLED</b>
dsquery * domainroot -filter "(&(objectCategory=Group)(objectClass=Group)(groupType:1.2.840.113556.1.4.803:=2147483648))"
<b>Query an MIIS/IIFP database to find the management agent AD configuration</b>
select ma_name, private_configuration_xml from mms_management_agent
<b>Check the MIIS/IIFP GALSync.xml file to find the management agent AD config</b>
Extensions\GALSync.xml
<b>Query an MIIS/IIFP database to find the management agent AD containers to sync</b>
select filter_xml from mms_partition MMSP inner join mms_management_agent MMSA on MMSP.ma_id = MMSA.ma_id where ma_name = 'MA-NAME' and partition_name = 'DC=domainRoot'
<b>Set the IP address of a machine using netsh</b>
netsh interface ip set address name="Local Area Connection" source=static addr=192.168.0.10 mask=255.255.255.0 gateway=192.168.0.1 1
<b>Set local DNS client primary using netsh</b>
netsh interface ip add dns name="Local Area Connection" addr=192.168.0.10 index=1
<b>Set local DNS client secondary using netsh</b>
netsh interface ip add dns name="Local Area Connection" addr=192.168.0.11 index=2
<b>Set local WINS client primary using netsh</b>
netsh interface ip add wins name="Local Area Connection" addr="192.168.0.10" index=1
<b>Set local WINS client secondary using netsh</b>
netsh interface ip add wins name="Local Area Connection" addr="192.168.0.11" index=2
<b>Modify service DACLs to allow service start stop (assumes query already exists)</b>
subinacl /service schedule /grant=builtin\users=TO
<b>User cmdkey to add a stored credential when connecting to a remote server</b>
cmdkey /add:remote.domain.com /user:domain\user /pass:*
<b>Find the holders of the specified NT right / privilege</b>
showpriv SeProfileSingleProcessPrivilege
<b>Query the privileges the current user holds</b>
whoami /priv
<b>Delete the policy restriction to run adsiedit.msc</b>
reg delete "HKCU\Software\Policies\Microsoft\MMC\{1C5DACFA-16BA-11D2-81D0-0000F87A7AA3}"
<b>Stop and then restart the ESX software iSCSI initiator</b>
/usr/sbin/esxcfg-swiscsi -d | /usr/sbin/esxcfg-swiscsi -e
<b>Reset a computer account secure channel</b>
nltest /sc_reset:%domain%[\%dc%]
<b>Reset the password for a computer account</b>
nltest /sc_change_pwd:%domain%
<b>CSV directory export of one or more subcontainers of a container</b>
for /f %i in ('"dsquery ou OU=People,DC=domainRoot -scope onelevel -o rdn"') do csvde -f UserExport-%~i.csv -l givenName,sn,displayname,mail,targetAddress,proxyAddresses,mailnickname -d "OU=%~i,OU=People,DC=domainRoot" -r "(&(objectClass=Contact)(objectCategory=Person))"
<b>Query VMFS volume information from the service console</b>
/usr/sbin/vmkfstools -P /vmfs/volumes/%GUID%
<b>Change the volume label of a disk</b>
label %drive%: %newlabel%
<b>Find VMware CDP info from the service console</b>
esxcfg-info | grep -C 18 '\==+CDP Summary'
<b>Add a non expiring enabled user account to the Active Directory</b>
dsadd user "CN=user,OU=Users,DC=test,DC=com" -pwd "password" -pwdneverExpires yes -disabled no -desc "Description"
<b>Clear local DNS client settings using netsh</b>
netsh interface ip delete dns name="Local Area Connection" addr=ALL
<b>From an ESX service console, scan for updates from a depot for UpdateManager</b>
/usr/sbin/esxupdate --HA --flushcache -d http://esx01/vci/hostupdates/hostupdate/esx/esx-3.5.0 scan
<b>Check the VI35 Legato AAM HA agent</b>
cat /var/log/vmware/aam/aam_config_util_addnode.log
<b>VMware VI35 HA Legato AAM, list the cluster manager</b>
/opt/vmware/aam/bin/ftcli -domain vmware -timeout 60 -cmd "listrules"
<b>VMware VI35 HA Legato AAM, list the cluster nodes</b>
/opt/vmware/aam/bin/ftcli -domain vmware -connect esx01 -port 8042 -timeout 60 -cmd "listnodes"
<b>VMware ESX VI35 List the software iSCSI targets</b>
/usr/sbin/vmkiscsi-tool -L -l vmhba32
<b>Mount a local volume inside a local folder</b>
mountvol c:\temp\mount1 \\?\Volume{f856ff87-70ae-11dc-8b8d-806d6172696f}\
<b>Remove a mount point</b>
mountvol C:\temp\mount1\ /d
<b>List junctions or mount points</b>
junction -s c:\temp
<b>Find the boot device for an ESX installation</b>
esxcfg-info -s | grep -A10 "Diagnostic Partition"
<b>Find the boot device for an ESX installation</b>
esxcfg-info -s | egrep -A4 "Parallel SCSI Interface|Block SCSI Interface"
<b>Use vSphere RCLI to list an ESXi host filesystem</b>
vifs.pl --server %server% --username %username% --password %password% -D /host
<b>Use vSphere RCLI to backup an ESXi host (esxcfg-cfgbackup.pl)</b>
vicfg-cfgbackup.pl --server %server% --username %username% --password %password% -s server.tgz
<b>ESX VI35 list the virtual machines and their disks for performance analysis</b>
/usr/lib/vmware/bin/vscsiStats -l
<b>ESX VI35 gather disk statistics and display the latency histogram in CSV</b>
/usr/lib/vmware/bin/vscsiStats -s; /usr/lib/vmware/bin/vscsiStats -x; /usr/lib/vmware/bin/vscsiStats -p latency -c;
<b>Get Windows Remote Management config on the local machine</b>
winrm get winrm/config
<b>Windows Remote Management quick configuration to create a listener</b>
winrm quickconfig
<b>Test Windows Remote Management listener on the local host</b>
winrm id
<b>Create a Windows Remote Management https listener on the local host</b>
winrm quickconfig -transport:https
<b>Create a self-signed certificate</b>
makecert" -r -pe -n -r 30/12/2039 -eku 1.3.6.1.5.5.7.3.1 -ss my-sr localMachine -sky Exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 c:\temp\test.cer
<b>Query the SNTP servers a comptuer is using for time synchronisation</b>
net time \\server /querysntp
<b>Set the SNTP servers used for w32time synchronistaion</b>
net time \\server /setsntp:"192.168.0.10 192.168.0.11"
<b>Convert time from 100 nanosecond intervals since epoch 01/01/1601</b>
w32tm /ntte 127076450620627215
<b>Install the w32time Windows Time service</b>
w32tm /register
<b>Enable NTP Server for a w32time service</b>
reg add \\server\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer /v Enabled /t reg_dword /d 0x1 /f
<b>Find the error description given a win32 error number</b>
net helpmsg 2
<b>Delete the policy value controlling whether recently run programs are recorded</b>
reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoRecentDocsHistory
<b>Set registry permissions (subinacl 5.2.3790.1180 or later)</b>
subinacl /keyreg "\\server\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /grant=domain\group=F
<b>Set service DACLs (Q : Query SC, S: status, I: interrogate, T: Start, O: Stop)</b>
subinacl /service \\server\schedule /grant=domain\group=TOQSI
<b>Rename a LAN interface name (ncpa.cpl)</b>
netsh interface set int name="Local Area Connection 2" newname="Local Area Connection"
<b>Find all network devices</b>
devcon findall =net
<b>Find all network adapters for the Net class</b>
devcon listclass net
<b>Remove an old VMware VI3 PCNET Flexible/VLance/VMXNET adapter instance (@)</b>
devcon remove "@PCI\VEN_1022&DEV_2000&SUBSYS_20001022&REV_10\3&61AAA01&0&88"
<b>Find where a file is in the path</b>
for %i in (calc.exe) do echo %~$PATH:i
<b>Find the physical disk sector size</b>
wmic path win32_diskdrive get BytesPerSector
<b>Find the current amount of memory used by the file system virtual cache</b>
wmic path Win32_PerfFormattedData_PerfOS_Memory get SystemCacheResidentBytes
<b>Use robocopy in backup mode to take a copy of folder-level permissions</b>
Robocopy \\server\source c:\temp\copy zxcvsadfqwer /E /B /COPYALL /R:1 /W:1
<b>Find remote shares and paths using WMI</b>
wmic /node:%server% path win32_share get Name,Path,Description
<b>Find total memory, free memory and used paging file</b>
wmic /node:%server% path Win32_OperatingSystem Get FreePhysicalMemory,FreeSpaceInPagingFiles,TotalVirtualMemorySize,TotalVisibleMemorySize
<b>Search a remote computer's registry for a string</b>
regfind -m \\%server% -y -b -n search_string
<b>Set a computer to use a specified number of available processors</b>
modify boot.ini, use the /NUMPROC=x switch or /ONECPU switch
<b>Check the Exchange ESE buffer cache size</b>
dsquery * "CN=InformationStore,CN=exchserver01,CN=Servers,CN=AdminGroup01,CN=Administrative Groups,CN=organisation,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domainRoot" -attr msExchESEParamCacheSizeMax -scope base
<b>Query the start of authority record for a DNS zone</b>
dnscmd %server% /enumrecords %fqdn% @ /type SOA
</code></pre></span><br />
<span style="font-size: 85%;">Wayne's World of IT (WWoIT), Copyright 2009 Wayne Martin. </span>Wayne Martinhttp://www.blogger.com/profile/09719833406577070443noreply@blogger.com1tag:blogger.com,1999:blog-6043156720447404006.post-85909853865634864082009-08-11T22:24:00.000+10:002009-08-11T22:24:44.850+10:00VMware PowerCLI - Reconfigure cluster optionsThe following script contains a simple example of how to modify the configuration of a cluster – in this case to add two advanced options to the HA settings. This uses the new ClusterConfigSpecEx object, which can be used with the more generic function to reconfigure a resource – ReconfigureComputeResource().<br />
<br />
The options set in this example are the das.allowNetworkX options, configuring HA to set specific management networks/service consoles that are used for HA communication and heartbeats.<br />
<br />
Consider the following scenario for a reason why you might want to use these options:<br />
<br />
<ol><li>Software iSCSI with ESX 3.x – using the service console for authentication, meaning you need a service console on your iSCSI network (or routes between your corporate network and iSCSI). The standard result is that HA could be used across this interface.</li>
<li>You are progressing with an upgrade to ESXi 4.0, still using software iSCSI, which is improved to remove the need for a management interface on your iSCSI network</li>
<li>You put an ESX 3.5 and ESXi 4.0 host in the same cluster, HA no longer works because your iSCSI service console on ESX 3.5 can’t talk to your ESXi 4.0 host.</li>
<li>Adding the two options above (with names changed appropriately) would force HA to use the service console on ESX 3.5 and the equivalent management network on ESXi 4.0, ignoring the iSCSI service console on 3.5 - resolving HA issues.</li></ol><br />
<span><pre class='mycode'><code>
# http://www.vmware.com/support/developer/vc-sdk/visdk400pubs/ReferenceGuide/vim.ComputeResource.html#reconfigureEx
# http://www.vmware.com/support/developer/vc-sdk/visdk400pubs/ReferenceGuide/vim.cluster.DasConfigInfo.html#field_detail
param (
$vcServerName = ""
)
$viServer = Connect-VIServer -server $vcServerName
$optionValue = New-Object Vmware.Vim.OptionValue
$optionValue.Key = "das.allowNetwork0"
$optionValue.Value = "Service Console"
$optionValue2 = New-Object Vmware.Vim.OptionValue
$optionValue2.Key = "das.allowNetwork1"
$optionValue2.Value = "Management Network"
[Vmware.Vim.OptionValue[]]$optionValues = $optionvalue, $optionValue2 # Create the array of the two new option values
$cluster = get-cluster -Name 'Cluster01' # Get the cluster
$clusterview = get-view $cluster.Id # Get the SDK object from the PowerCli object MO
$spec = New-Object Vmware.Vim.ClusterConfigSpecEx
$spec.dasConfig = New-Object Vmware.Vim.ClusterDasConfigInfo # New VMware HA config
$spec.dasConfig.option = $optionValues # Add the array of optionValues
$clusterview.ReconfigureComputeResource($spec, $true) # Modify the configuration. When configuring clusters, can be a ClusterConfigSpecEx object
# Check the settings were saved
$cluster = get-cluster -Name 'Cluster01' # Get the cluster
$clusterview = get-view $cluster.Id # Get the SDK object from the PowerCli object MO
$clusterview.Configuration.dasConfig.Option | format-list # Retrieve the advanced options
</code></pre></span><br />
<span style="font-size: 85%;">Wayne's World of IT (WWoIT), Copyright 2009 Wayne Martin. </span>Wayne Martinhttp://www.blogger.com/profile/09719833406577070443noreply@blogger.com0tag:blogger.com,1999:blog-6043156720447404006.post-1056116714096326682009-08-11T22:06:00.000+10:002009-08-11T22:06:21.780+10:00VMware PowerCLI - Backup ESXi 4.0 firmwareThe following script contains a simple function to use the VMware vSphere PowerCLI to connect to a vCenter and/or ESXi 4.0 host and backup the 'firmware' - the configuration of the ESX host. I don’t think this functionality is exposed directly through the PowerCLI, so a call to the very useful Get-View function is used to get the VI SDK object to call the appropriate method. <br />
<br />
From what I can tell all this command does is generate a config dump on the server and return the HTTP URL to access the file download, which I’m then using the .Net web client object to download the file and store as the filename returned with a unique date suffix.<br />
<br />
This certainly isn’t original, all I did was look at the vicfg-backup.pl perl RCLI script and (badly) translate to PowerCLI from there.<br />
<br />
<span><pre class='mycode'><code>
#
# Description:
# Backup the firmware configuration on an ESXi 4.0 host
#
# Limitations:
# -
#
# Assumptions, this script works on the assumption that:
# The caller provides credentials with permissions to connect to the specified host
#
# Arguments:
# esxServer, the ESX host to connect to, eg. esx01
# vcServerName, The vCenter Server to connect to, eg vc01
# outputDir, The directory to write the backup file to, defaults to %temp%
# username, The username to use when connecting to the vCenter server (if specified), defaults to %username%
# password, The password to use for the connection to vCenter, secure string prompt by default
#
# Usage:
# PowerShell . .\BackupFirmware.ps1 -esxServer 'esx01'
# PowerShell . .\BackupFirmware.ps1 -esxServer 'esx01' -vcServer vc01 -u domain\username
#
# References:
# http://www.vmware.com/support/developer/vc-sdk/visdk400pubs/ReferenceGuide/vim.host.FirmwareSystem.html
#
# Changes:
# 04/07/2009, Wayne Martin, initial version
#$ErrorActionPreference = "Continue"
param (
$esxServer = "",
$vcServerName = "",
$outputDir = $env:Temp,
$username = $env:username,
$password = ""
)
if ($password -eq "" -and !($pass)) {
write-output "No password specified from the command-line"
$pass = Read-Host "Password?" -assecurestring
$credential = new-object System.Management.Automation.PSCredential($username,$pass)
}
if ($esxServer -eq "" -OR ($vcServerName -eq "" -and $esxServer -eq "")) {
Write-Output "Please specify either a standalone host, or a host and a cluster"
Exit 2
}
$viServer = $null
function BackupConfiguration([string] $vcServerName, [string] $esxServer, [string] $outputDir){
$hostSystem = get-view -ViewType HostSystem -Filter @{"Name" = $esxServer} # Find the .Net view of the specified host
$hostConfigManager = $hostSystem.get_ConfigManager() # Get the config manager
$hostfirmwareSystem = $hostConfigManager.get_firmwareSystem() # Find the MOR of the host firmware system
$hostfirmware = Get-View $hostfirmwareSystem # Get the VMware.Vim.HostFirmwareSystem object from the MOR
$backupDownload = $hostfirmware.BackupFirmwareConfiguration() # Call the backup method to generate the config bundle
$backupDownload = $backupDownload.Replace("*", $esxServer) # Replace '*' with the server name
Write-Output "Backup saved to $backupDownload on the ESX host"
$fileName = $backupDownload.SubString($backupDownload.LastIndexOf("/")+1) # Extract the filename to reuse
$fileType = $fileName.SubString($fileName.LastIndexOf(".")) # Find the extension (.tgz in this case)
$Now = [DateTime]::Now.ToString("yyyyMMddTHHmmss") # Unique identifier for the filename
$file = $fileName.SubString(0, $fileName.Length - $fileType.Length) # File name without extension
$outputFile = $outputDir + "\" + $file + "_" + $Now + $fileType # Construct the full filename path\bundle_date.tgz
$wc = new-object system.net.WebClient # use the .Net web client
$wc.DownloadFile($backupDownload, $outputFile) # Download the file from the URL returned
if (test-path -path $outputFile) { # Does the output file exist?
Write-Output "$outputFile downloaded"
} else {
Write-Output "Error: $outputFile was not downloaded from $backupDownload"
}
}
if ($vcServerName -ne "") {
$viServer = Connect-VIServer -server $vcServerName -Credential $credential
} elseif ($esxServer -ne "") {
$esxServer = Connect-VIServer -server $esxServer # connect to VC
}
$results = ""
$results = BackupConfiguration $vcServerName $esxServer $outputDir
$results
if ($vcServerName -ne "") {
Disconnect-VIServer -confirm:$false
}
</code></pre></span><br />
<span style="font-size: 85%;">Wayne's World of IT (WWoIT), Copyright 2009 Wayne Martin. </span>Wayne Martinhttp://www.blogger.com/profile/09719833406577070443noreply@blogger.com3tag:blogger.com,1999:blog-6043156720447404006.post-72847438030673992162009-08-06T19:56:00.000+10:002009-08-06T19:56:15.066+10:00VMware vSphere PowerCLI commandsThe commands below are PowerCLI commands used to automate VMware ESX and VirtualCenter at the command prompt. Most of these commands were built on 3.5 with vSphere PowerCLI, and the majority have been tested against ESXi 4.0 and vCenter 4.0 infrastructure.<br />
<br />
Each command-line can be copied and pasted at a PowerCLI command prompt, and most commands assume you already have a connection to the target, be it vCenter or ESX.<br />
<br />
Note that most of these commands use OBN - Object By Name - instead of using the get* command to get the object. This is supported with all but a few of the commands I've come across.<br />
<br />
<span><pre class='mycode'><code>
<b>List the vSphere PowerCLI commands</b>
Get-VICommand
<b>Connect to a ESX or VirtualCenter instance</b>
connect-viserver -server %server%
<b>List the currently available datastores</b>
Get-Datastore | sort
<b>List the currently available datastores filtered and sorted</b>
Get-Datastore | where {$_.Name -like '*pr*'} | sort
<b>Find the VMs attached to one or more datastores</b>
foreach ($prodDatastore in $prodDatastores) { write-output $prodDatastore.Name; get-vm -datastore $proddatastore; write-output ''}
<b>Get a Virtual Machine</b>
$vm = get-vm -name '%vm%'
<b>Get the virtual harddisk for the specified VMs</b>
Get-HardDisk -vm $vm
<b>Move a virtual machine to another container</b>
Move-VM -Destination $prodApps -VM $vm
<b>Update the VM description for a list of CSV entries</b>
foreach ($virtualServer in $virtualservers) {$arr = $virtualServer.split(","); $desc = $arr[1]; $vmName = $arr[0]; write-output $vmName; $desc; $vm = get-vm -name $vmName; Set-VM -VM $vm -description $desc}
<b>Query for a list of VMs and output in ANSI format</b>
get-vm | sort-object | format-table -property Name | out-file -encoding ASCII -filepath c:\temp\vms_20090625.txt
<b>Find VMware machine performance statistics</b>
get-stat -entity $vm -disk -start 01/01/2009 -finish ([DateTime]::Now.ToString("dd/MM/yyyy"))
<b>For a group of VMs, report performance statistics and save to file</b>
foreach ($vm in $devVMs) {get-stat -entity $vm -disk -start 01/01/2009 -finish ([DateTime]::Now.ToString("dd/MM/yyyy")) | out-file -filepath ("c:\temp\" + $vm.Name + "DiskPerformance.txt")}
<b>Find VM datastore disk usage</b>
$devVMs = get-vm -name '*dv*'; foreach ($vm in $devvms) {$vm.harddisks}
<b>Find VM datastore disk usage</b>
$testVMs = Get-VM -Location (get-folder -name "Test") ;foreach ($vm in $testVMs) {$vm.harddisks | format-table -hideTableHeaders -wrap -autosize | findstr /i /c:per}
<b>Find SCSI devices attached to an ESX server</b>
get-scsilun -vmhost (Get-VMHost -Location "cluster")[0]
<b>Rescan HBAs on an ESX server</b>
get-VMHostStorage -VMHost (Get-VMHost -Location "cluster")[0] -RescanAllHba
<b>Storage vMotion a virtual machine to a new datastore</b>
Move-VM -vm "vmName" -datastore "NewDatastore"
<b>Storage vMotion a group of machines from a CSV input file</b>
$servers = get-content -path inputfile.txt; foreach ($server in $servers) {move-vm -vm $server.split(",")[0] -datastore $server.split(",")[1]}
<b>Remove a snapshot and child snapshots, reporting how long the operation took</b>
measure-command -expression {remove-snapshot -snapshot $snapshots[0] -removechildren}
<b>Find datastore space, usage and number of VMs per datastore</b>
$datastores = get-datastore | sort-object; write-output "Name,Size,Used,Free,% Used,#VMs"; foreach ($datastore in $datastores) { write-output ($datastore.Name + "," + [math]::round($datastore.CapacityMB/1024) + "," + [math]::round(($datastore.CapacityMB/1024)-($datastore.FreeSpaceMB/1024)) + "," + [math]::round($datastore.FreeSpaceMB/1024) + "," + [math]::round(((($datastore.CapacityMB/1024) - ($datastore.FreeSpaceMB/1024)) / ($datastore.CapacityMB/1024)) * 100) + "," + (get-vm -datastore $datastore).count)}
<b>From a set of VMs, find which have snapshots</b>
foreach ($testvm in $testvms) {if (get-snapshot -vm $testvm){write-output $testvm.Name}}
<b>Find the size of the first hard disk in each VM</b>
foreach ($vm in $vms) {$vm.harddisks[0] | format-table -hideTableHeaders -wrap -autosize | findstr /i /c:per }
<b>Find disk information for VMs in the specified datastore</b>
$VMs = Get-VM ;foreach ($vm in $VMs) {$vm.harddisks | where {$_.FileName -like '*clusterpr*'} | format-table -hideTableHeaders -wrap -autosize | findstr /i /c:per}
<b>Find VMs in the specified datastore</b>
$VMs = Get-VM | where {$_.harddisks[0].FileName -like '*clusterpr*'}
<b>Get VM guest information, including virtual OS</b>
get-vm | get-vmguest | format-table -wrap -autosize
<b>Find virtual machines and their description/notes</b>
$vms = get-vm ; $vms | format-table -wrap -autosize -property Name,Description
<b>Create an associative array containing VM names and descriptions</b>
$vmdesc = @{}; foreach ($vm in $vms) {$vmdesc.add($vm.Name, $vm.Description)}
<b>Migrate a virtual machine to another host in a VMware ESX cluster</b>
move-vm -vm %vmName% -destination %hostname%
<b>Find the host a VM is currently located on</b>
get-vmhost -vm %vnName%
<b>Add a new harddisk to a virtual machine</b>
New-HardDisk -vm %vmName% -CapacityKB 20971520
<b>Retrieve details on the resource pools from the currently connected datacenter</b>
Get-ResourcePool | format-table -wrap -autosize -property Name,Id,CpuExpandableReservation,CpuLimitMHz,CpuReservationMHz,CpuSharesLevel,CustomFields,MemExpandableReservation,MemLimitMB,MemReservationMB,MemSharesLevel,Name,NumCpuShares,NumMemShares
<b>Find virtual machines and if they have a CD-ROM</b>
get-vm | format-table -wrap -autosize -property Name,CDDrives
<b>Find the last 100 events that aren't alarm related</b>
$events = Get-VIEvent -MaxSamples 100 | where {$_.fullFormattedMessage -notmatch "Alarm*"}
<b>Find all events for machine deployments from templates</b>
$events = Get-VIEvent | where {$_.fullFormattedMessage -match "Deploying (.*) on host (.*) in (.*) from template (.*)"}
<b>Create a resource pool with high CPU and memory shares</b>
New-ResourcePool -location (get-cluster -name 'cluster') -Name ResPool1 -CpuSharesLevel [VMware.VimAutomation.Types.SharesLevel]::High -MemSharesLevel [VMware.VimAutomation.Types.SharesLevel]::High
<b>Create a folder from the root of the tree</b>
New-Folder -Name Workstations -location (get-folder -name 'vm')
<b>Move one or more VMs to a resource pool (or other destination)</b>
$vms = get-vm -name vmNames*; move-vm -vm $vms -destination (Get-ResourcePool -name 'ResPool1')
<b>Get an OS customization specification, and list the properties in wide format</b>
Get-OSCustomizationSpec -name "SpecName" | format-list
<b>Take a snapshot of a virtual machine</b>
New-Snapshot -Name "Snapshot 01" -description "Snapshot description" -vm vmName -Quiesce:$true
<b>Convert a virtual machine to a template</b>
$vmView = get-vm -name vm01 | Get-View; $vmView.MarkAsTemplate()
<b>Find Datastore usage (custom written function)</b>
get-datastoreusage
<b>Get an ESX log bundle using PowerCLI</b>
Get-Log -VMHost esxhostname -Bundle -DestinationPath c:\temp
<b>Query for snapshots</b>
Get-VM | Get-Snapshot | export-csv -path c:\temp\VMsnapshots.csv
<b>Query for snapshot information</b>
Get-VM | Get-Snapshot | foreach-object {$out= $_.VM.Name + "," + $_.Name + "," + $_.Description + "," + $_.PowerState; $out}
</code></pre></span><br />
<span style="font-size: 85%;">Wayne's World of IT (WWoIT), Copyright 2009 Wayne Martin. </span>Wayne Martinhttp://www.blogger.com/profile/09719833406577070443noreply@blogger.com0tag:blogger.com,1999:blog-6043156720447404006.post-59980274677411186662009-08-06T19:38:00.002+10:002009-08-06T19:39:42.014+10:00Resetting Computer Account PasswordsI was trying to tell from a workstation point of view when the computer account password was last set. I'm sure this information is stored locally somewhere, but in the end it was easier to query the AD and find when the password for the computer account was last set.<br />
<br />
This is used for Virtual Machine templates - we use nltest to reset the computer account password, such that we can maintain a single template image and turn it on periodically for updates without having to rejoin to the domain because of mismatched computer accounts.<br />
<br />
Forcefully reset the computer account password:<br />
<br />
<span><pre class='mycode'><code>
nltest /SC_CHANGE_PWD:%domain%
</code></pre></span><br />
<br />
Query the workstation in the domain and find when the password was last set - returns the number of 100 nanosecond intervals since 01/01/1601.<br />
<br />
<span><pre class='mycode'><code>
dsquery computer -name ws01
dsquery * "CN=ws01,OU=Computers,DC=domain,DC=com" -attr pwdlastset
pwdlastset
128934012123005000
</code></pre></span><br />
<br />
Use PowerShell to convert the number to a human readable date format:<br />
<br />
<span><pre class='mycode'><code>
powershell [datetime]::FromFileTime(128934012123005000)
Thursday, 30 July 2009 2:20:12 PM
</code></pre></span><br />
<br />
Use w32tm to convert the number to a human readable date format:<br />
<br />
<span><pre class='mycode'><code>
w32tm /ntte 128934012123005000
149229 04:20:12.3005000 - 30/07/2009 2:20:12 PM
</code></pre></span><br />
<br />
Use VBScript to convert the number to a human readable date format:<br />
<br />
<span><pre class='mycode'><code>
cscript ConvertFileTime.vbs 128934012123005000
30/07/2009 2:20:12 PM
' ConvertFileTime.vbs
' VBScript doesn't support 64-bit integers, so it can't handle the number of 100 nanosecond intervals since 01/01/1601
' http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnclinic/html/scripting09102002.asp
' Either use ADSI provider and the IADs/IADsLargeInteger object
' LargeIntValue = objLargeInt.HighPart * 2^32 + objLargeInt.LowPart
' http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsi/adsi/iadslargeinteger.asp'
' Or WMI, which handles the conversion between 64-bit datetime structure / UTC / and VB var datetime
If Wscript.Arguments.UnNamed.Count > 0 Then
strDateTime = Wscript.Arguments.UnNamed(0)
Set objDateTime = CreateObject("WbemScripting.SWbemDateTime")
If IsDate(strDateTime) Then
Call objDateTime.SetVarDate(strDateTime, False)
wscript.echo objDateTime.GetFileTime
Else
Call objDateTime.SetFileTime(strDateTime, False)
wscript.echo objDateTime.GetVarDate
End If
intReturn = 0
Else
WScript.Echo "Specify a filetime or a date to convert, eg 127076450620627215, or ""11/04/2006 11:17:10 AM"""
intReturn = 2
End If
WScript.Quit(intReturn)
</code></pre></span><br />
<span style="font-size: 85%;">Wayne's World of IT (WWoIT), Copyright 2009 Wayne Martin. </span>Wayne Martinhttp://www.blogger.com/profile/09719833406577070443noreply@blogger.com0tag:blogger.com,1999:blog-6043156720447404006.post-44634035498767427312009-07-27T19:00:00.000+10:002009-07-27T19:00:36.673+10:00PowerCli Relocate VM storage with VI35 / VI4This post provides a script to help with storage vMotion – migrating a VMware virtual machine from one VMFS datastore to another with no downtime. It’s a great tool, but in VI35 at least it’s not exposed through the GUI or VC scheduled tasks, so I’ve written a script to perform a few checks and allow for very simplistic 'scheduling' (delay).<br />
<br />
I’ve only tested this with VI3.5 and PowerCLI 1.0, but I have no reason to think this wouldn’t with with vSphere vCenter and VI 4.0 hosts.<br />
<br />
There are a few caveats with storage vMotion (in VC 2.5/ESX 3.5) at least, you can’t:<br />
- Move the storage of a VM that has a snapshot if the VM is powered on<br />
- Move the storage of a VM that has a snapshot (in any power state) if the VM has disks in a different location than the config file. <br />
<br />
Based on these caveats, if instructed the script will suspend a VM with snapshots in order to move the storage, then power the VM back on. Use this with caution, as this may cause an outage of your VMs.<br />
<br />
<span><pre class='mycode'><code>
#
# Description:
# Relocate a virtual machine from one datastore to another.
#
# Limitations:
# -
#
# Assumptions, this script works on the assumption that:
# The caller provides credentials with permissions to perform the operations
#
# Arguments:
# vmName, lowecase short name for the virtual machine, eg pibutepr03
# dataStoreName, the new datastore to migrate the VM to
# suspend, Whether or not to suspend a VM and move if the VM has snapshots (which prevent live storage vMotion vi VI35)
# username, The username to connect with, default to the current username environment variable
# password, The Password to use for the connection, not specifying a password will result in a prompt to enter a secure string
# delay, The optional number of seconds to delay before starting the operation
#
#
# Usage:
# PowerShell . .\RelocateVM.ps1 -vmName "vm01" -datastore 'ds02'
# PowerShell . .\RelocateVM.ps1 -vmName "vm01" -datastore 'ds02' -suspend yes -username domain\user
#
# Changes:
# 07/04/2009, Wayne Martin, Initial version
#
param (
$vmName = "",
$dataStoreName = "",
$suspendIfRequired = $false,
$username = $env:username,
$password = "",
$delay = 0
)
$ErrorActionPreference = "Continue"
$invalidArgs = $false
if ($dataStoreName -eq "") { write-output "Please specify the datastore target for the VM, eg. ds02"; $invalidArgs = $true}
if ($vmName -eq "") { write-output "Please specify the virtual machine to move, eg vm01"; $invalidArgs = $true}
if ($account -eq "") { write-output "Please specify a user account to connect with, eg domain\user"; $invalidArgs = $true}
if ($invalidArgs) { write-output "Invalid Arguments, terminating"; exit}
Write-Output "Moving VM '$vmName' to the '$dataStoreName' datastore"
if ($delay -gt 0) {
$hours = $delay / 60 /60
Write-Output "Delaying $delay seconds before beginning ($hours hours)"
Sleep -seconds $delay
}
if ($suspendIfRequired) {
Write-Output "The virtual machine will be suspended if snapshots are preventing storage vMotion"
} else {
Write-Output "If the virtual machine has snapshots and is powered on the storage vMotion will not work"
}
if ($password -eq "" -and !($pass)) {
write-output "No password specified from the command-line"
$pass = Read-Host "Password?" -assecurestring
}
$credential = new-object System.Management.Automation.PSCredential($username,$pass)
$viServer = $null
$suspend = $false
$poweredOn = ""
$snapshot = $null
$hasSnapshot = $null
$viServer = Connect-VIServer -server $vcServerName -Credential $credential
if ($viServer) {
Write-Output (Get-Date -format "dd/MM/yyyy HH:mm:ss")
write-output ("Connected to server " + $viServer.Name + " on port " + $viServer.Port)
$vm = get-vm -name $vmName
if ($vm -and $vm -isnot [object[]]) {
Write-Output ("Found " + $vm.Name)
$hardDisks = $vm.hardDisks
$vmSize = 0
$vmSizeMB = 0
foreach ($harddisk in $vm.hardDisks) {
$vmSize += $hardDisk.CapacityKB
}
$vmSizeMB = $vmSize /1024
$datastore = get-datastore -name $dataStoreName
if ($datastore) {
$freeSpace = $datastore.FreeSpaceMB
if ($freeSpace -gt $vmSizeMB)
{
Write-Output "The datastore $datastoreName has $freeSpace MB available, the VM has disks totalling $vmSizeMB MB"
switch ($vm.PowerState)
{
([VMware.VimAutomation.Types.PowerState]::PoweredOn)
{
Write-Output "The virtual machine is currently powered on"
$poweredOn = $true
}
([VMware.VimAutomation.Types.PowerState]::PoweredOff)
{
Write-Output "The virtual machine is currently powered off"
}
([VMware.VimAutomation.Types.PowerState]::Suspended)
{
Write-Output "The virtual machine is currently suspended"
}
default
{
write-output "Virtual machine power state unknown"
}
}
[object[]]$snapshot = get-snapshot -vm $vm
if ($snapshot)
{
$hasSnapshot = $true
$numSnapshots = $snapshot.Count
Write-Output "$vmName currently has $numSnapshots snapshot(s)"
if ($poweredOn) {
if ($suspendIfRequired) {
Write-Output "$vmName is powered on and has a snapshot, and will be suspended during the move"
$suspend = $true
} else {
Write-Output "Error: $vmName is powered on and has a snapshot, but will not be suspended, process aborted"
$suspend = $false
exit 2
}
}
} else {
$suspend = $false
$hasSnapshot = False
Write-Output "No snapshots currently found for $vmName"
}
if ($suspend) {
Write-Output "Suspending $vmName"
Suspend-VM -vm $vm -confirm:$false
}
Write-Output "Moving $vmName to $datastoreName"
Move-VM -vm $vmName -datastore $datastoreName
if ($suspend) {
Write-Output "Bringing $vmName out of suspension"
Start-VM -vm $vm -confirm:$false
}
Write-Output "$vmName migrated to $datastoreName"
} else {
Write-Output "The datastore only has $freeSpace MB available, but the VM has disks totalling $vmSizeMB MB"
}
} else {
Write-Output "Error: datastore $datastoreName not found"
}
} else {
if ($vm -is [object[]])
{
Write-Output "Multiple objects returned for $vmname, please specify a single VM"
} else {
write-output "VM Not found - $vmName"
}
}
} else {
write-output "ERROR: VI server not found - $viServer"
}
Write-Output (Get-Date -format "dd/MM/yyyy HH:mm:ss")
Disconnect-VIServer -confirm:$false
exit 0
</code></pre></span><br />
<span style="font-size: 85%;">Wayne's World of IT (WWoIT), Copyright 2009 Wayne Martin. </span>Wayne Martinhttp://www.blogger.com/profile/09719833406577070443noreply@blogger.com0