New-SMBMapping vs. New-PSDrive

powershell-logoThis’ll be an expanding topic I suspect …

New-SMBMapping (link)

Seems to be the Microsoft’s preferred method.

Mapped network drive may fail to reconnect in Windows 10, version 1809

-UseWriteThrough is an option (Server 2019 & Windows 10 1809)
Overview of file sharing using the SMB 3 protocol in Windows Server
Controlling write-through behaviors in SMB

The Microsoft Desired State Resource Kit now uses it.
DSC Resource Kit Release January 2017

Mounting SAMBA drives from within Windows Nano server may need it.
Mounting Samba Shares inside Nano Server

Map drives on the fly with mandated signing or encryption

Windows versions 1709 and later went a bit further and allow you to create encrypted or signed mapped drives on the fly from the command-line. While this is outside the reach of the average user, it’s a great option for logon scripts and admins.
Solution: Map drives that require signing or encryption. You can use the NET USE command or New-SmbMapping PowerShell cmdlet to map drives by specifying “RequireIntegrity” (signing) or “RequirePrivacy” (encryption).


New-PSDrive (link)

Establishes an SMB connection at the highest SMB dilect (ie. if SMB 3.1.1 is on the server, it’ll connect at that level)

Has a -Force parameter which allows you to overwrite existing drive mappings.

Remove-PSDrive does not work correctly for Networked Drives created using -persist and -scope Global

Further References

Mapping Drives Revisited

The last time my computer was seen on the network …

was something I wrote about 8 years ago, in Detecting inactive computers in your AD domain.

So it was time to update that*.

Get-ADComputer -Filter * -Properties Name, LastLogonTimeStamp | Select-Object -Property Name, CanonicalName, @{ n = "LastLogonDate"; e = { [datetime]::FromFileTime( $_.lastLogonTimestamp ) } } | Export-CSV -NoTypeInformation "C:\temp\lastlogontimestamp.csv"

will give you a handy list of computer name and the last time they were seen on the network#.

* The Quest product is no longer free.
# within the last 14 days.

PowerShell: Get-ADComputer to retrieve computer last logon date – part 1
Converting LastLogon to DateTime format
Script: LastLogonTimestamp export csv

Using PowerShell to ZIP something.

powershellI needed to ZIP-up some log files in a number of subdirectories.  In the past, I have used the PKZIP utility.

I couldn’t find my copy of PKZIP Sad smile

“Doesn’t PowerShell have a compress-archive command?”
’Why, yes it does!’

Two commands later:

$files=get-childitem *.log -Recurse
compress-archive $files -DestinationPath c:\data\AllTheLogFiles

I had my AllTheLogFiles.Zip file.

Getting the user name for a given security identifier (SID)

Two lines of Powershell code:

PS C:\> $osid=New-Object"S-1-5-21-593069383-354653268-975305329-98179")

PS C:\> Write-Host $osid.translate([])

Output is in the form of <DOMAIN>\<USERID>

ie. NODDYLAND\admin-bike01

Microsoft: Well-known security identifiers in Windows operating systems

Getting a list of users in a particular AD Group

Get-ADGroup "<GROUP NAME>" -Properties Member | Select-Object -ExpandProperty Member | Get-ADUSer -properties Displayname,Description,EmailAddress | Select Name,Displayname,Description,EmailAddress

will cause the following to display

Name    Displayname   Description   EmailAddress
----    -----------   -----------   ------------
fkjhsd  Fred Smith    Tech Support
fhdfdf  Bill Burke    Manager
wrfvvv  Alice Cooper  Test account

How to output to a file?
Get-ADGroup "<GROUP NAME>" -Properties Member | Select-Object -ExpandProperty Member | Get-ADUSer -properties Displayname,Description,EmailAddress | Select Name,Displayname,Description,EmailAddress |Export-CSV 'c:\data\temp\<GROUP NAME>.csv'

Wouldn’t Get-ADGroupMember be a better choice than Get-ADGroup?
Yes, it would.  If the group is not a large group.  If it has a large number of members, you’ll run into the following error:

get-adgroupmember : The size limit for this request was exceeded

Active Directory has a default retrieval limit of 5000 objects for Get_ADGroupMember (and Get-ADPrincipalGroupMembership, and Get-ADAccountAuthorizationGroup).

Group Policy and WMI Filters–Round 2

Sexy Coffee at North Denver and Rosa Parks Way in Portland, Oregon - Wikipedia user Visitor7This is more of a link dump than anything else.  I was asked what I thought of a WMI-related Group Policy change.

I don’t much care for them.

So I know that WMI Filter queries are a bad idea, but didn’t know how to measure that badness until I saw this blog post (WMI filter queries and thoughts on performance) by Martin Binder.

You can enclose your WMI Filter in a PowerShell “Measure-Command” command, and measure it that way.

Measure-Command { for ( $i=1; $i -le 1000; $i++ ) { Get-WmiObject –Query "SELECT Model FROM Win32_ComputerSystem WHERE Model LIKE 'Compaq Presario A%BB%'" } } | Select-Object TotalMilliseconds | Format-List

TotalMilliseconds : 23308.6037

As the command is looping 1000 times, you’d divide by 1000 and get the answer 23 milliseconds.

Group Policy and WMI filtering slowness
Optimizing Group Policy WMI Filters
Introduction to WMI Basics with PowerShell Part 1 (What it is and exploring it with a GUI)

Getting a list of users in your AD domain via Powershell

Get-ADUser -Filter * -Properties HomeDirectory,LastLogonDate | Select-Object Name, LastLogonDate, HomeDirectory

will cause the following to display

Name       LastLogonDate          HomeDirectory
----       ---------------------  ---------------

CollinsP   11/12/2015 6:04:12 AM  \\\HomeDrive\CollinsP
SprouleK   19/12/2015 2:08:12 PM  \\\HomeDrive\SprouleK
ReithP     23/12/2015 8:45:54 PM  \\\HomeDrive\ReithP

How to output to a file?
Get-ADUser –Filter * -Properties HomeDirectory,LastLogonDate | Select-Object Name, LastLogonDate, HomeDirectory | Export-CSV 'c:\temp\AllDomainUserNames.CSV'

This article seem familar?  That will be because I wrote how to do this with Quest Active Server Roles Powershell Module, back in 2010.

The Microsoft page on Get-ADUser is here.

Getting a list of printers published in an Active Directory domain

So I need to get a list of print servers and printers in the domain.

Using Powershell.

Looking around the interwebs, I found a PowerShell commandline here which formed the basis of this commandline:
Get-ADObject -LDAPFilter "(objectCategory=printQueue)" -Properties cn, drivername, location, printername, portname, servername | select portname, cn, drivername, location, printername, servername | Format-Table -Property * -AutoSize | Out-String -Width 4096 | Out-File C:\wisefaq\printerlist.txt

Which outputs to a text file, like this:
portname cn drivername location printername servername
-------- -- ---------- -------- ----------- ----------
{} PRT001-LZR960-2 Dataproducts LZR 960 PS US/UT/Boort/99 Anytown St LZR960-2
{} PRT001-LZR960-1 Dataproducts LZR 960 PS US/UT/Boort/99 Anytown St LZR960-1
{} PRT001-LZR960-3 Dataproducts LZR 960 PCL US/UT/Boort/99 Anytown St LZR960-3
{} PRT001-LZR960-4 Dataproducts LZR 960 PS US/UT/Boort/99 Anytown St LZR960-4
{} PRT001-LZR960-5 Dataproducts LZR 960 PCL US/UT/Boort/99 Anytown St LZR960-5

So why did I use Out-File instead of Export-CSV?
Export-CSV is refusing to output the {ip.addresses}. I don’t know why, and I’ve wasted an hour trying to work around the issue.

Update: December 2015
Adrian suggests that I could use Powershell Custom Objects to fix the issue of ip.addresses not outputting.

PowerShell Quick Tip: Creating wide tables with PowerShell

Searching for Specific Printers in a Domain (Attributes for the printQueue Object)

Print-Queue class

PowerShell print server inventory script (looks very useful, but you need admin access to each of the printers)