You can try the following command:

(get-aduser -filter *).count

For only Enabled User Accounts
(get-aduser -filter *|where {$_.enabled -eq "True"}).count

For only Disabled User Accounts
(get-aduser -filter *|where {$_.enabled -ne "False"}).count

Another example taken from another script:

import-module activedirectory $domain = "domain.mydom.com" $DaysInactive = 90 $time = (Get-Date).Adddays(-($DaysInactive)) # Get all AD computers with lastLogonTimestamp less than our time Get-ADComputer -Filter {LastLogonTimeStamp -lt $time} -Properties LastLogonTimeStamp | # Output hostname and lastLogonTimestamp into CSV select-object Name,@{Name="Stamp"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}} | export-csv OLD_Computer.csv -notypeinformation

ListeningOn = ::1, fe80::ad99:8e4d:c356:9939%5, fe80::c0a1:571b:2955:87be%7, fe80::cda4:4841:5bff:7b5c%8, fe80::f902:5ea5:2d74:a154%3

Interesting - the server is only listening on IPv6 addresses.

Turns out IPvX filters are for the addresses that are listening (i.e. the local IP on the machine you are trying to remote into).
I set a filter like this 10.0.0.1-10.0.5.254 (where my admin machines would live).
Unfortunately, since this isn't an incoming filter (that's the firewall's job) this filter wasn't large enough to cover all of my production networks. I had 10.1.0.1-10.1.0.254 that wasn't inside the above range, and of course keep the machine from listening on it's IPv4 (the IPv6 was listening because I just left it wide open - testing, not using IPv6 in general, so left it as default (*))

So tweaking my filter to 10.0.0.1-10.0.5.254, 10.1.0.1-10.1.0.254 solved my problem.

@grey said in Powershell: I got something wrong.:

@jaredbusch said in Powershell: I got something wrong.:

@grey Specify PasswordLastSet after the -and also otherwise it has no idea what you are trying to -lt.

Get-ADUser -filter {PasswordNeverExpires -eq $false -and (PasswordLastSet -gt "8/16/2017" -and PasswordLastSet -lt "8/21/2017") -and enabled -eq $true} -Properties PasswordLastSet,Name,Description

You win at the Internet today. I should have caught that.

I did enough time in development. I know how it goes.

@darek-hamann said in Configuring Windows Server 2016 Core. Part 2: Hyper-V role installation:

@dashrender

This is actually a great article! It simplifies the procedure of installing a Hyper-V role from a GUI free Windows 2016 Core setup.

That's nice, but again - WHY. This is not the way you should NORMALLY install Hyper-V because now you have a license tied to the hardware. I get that there are reasons, but I'm asking what they are.

@stess said in Need help with powershell:

@dafyre said in Need help with powershell:

@stess said in Need help with powershell:

@dafyre said in Need help with powershell:

GitHub link: https://github.com/dafyre/PoweshellScripts/blob/master/folderInheritance.ps1

<# .SYNOPSIS File / Folder Auditing script to determine which users have permissions that are *NOT* inherited. .DESCRIPTION Date UpdatedBy Details 08/10/2017 BW Initial coding. #> $path="C:\TEMP" $outFile="myFolderInheritance.csv" $nonInherited=new-object System.Collections.ArrayList $folders=dir $path -Directory -recurse|get-acl| select @{Label='Path';Expression={$_.PSPath.replace("Microsoft.PowerShell.Core\FileSystem::","")}}, @{Label='User';Expression={$_.Access.identityReference}}, @{Label='IsInherited';Expression={$_.Access.IsInherited}}| where {$_.IsInherited -eq $false} foreach ($item in $folders) { $pass=0 write-host "Checking folder $($item.path)" foreach ($user in $item.user) { #$x=$nonInherited "$($item.Path), $($user),$($item.IsInherited[$pass])" $x=$noninherited.add("$($item.Path), $($user),$($item.IsInherited[$pass])") $pass=$pass++ } } $nonInherited|out-file -FilePath $outFile write-host "Done."

These works to certain extend of what I am looking for, but it needs some tweaking to work the way I am expecting the result.
Thanks!

How are you wanting the result to look?

The script doesn't appear to be showing false on non-inheritance. There either True or False for every member of the folder regardless of their inheritance.

I am looking into this post right now as it was brought up in Spiceworks.
It shows the result I am hoping for where non-inheritance = false and inherited = true.

Ah, okay. I thought you wanted to only see the ones where Inherited=False...

So you want to see everything, and whether or not it is inherited?

Edit: Also for the CSV File generated, the layout is

Folder, User, Is Inherited

Is Inhertied is True or False.

I ended up going with an upgraded script by truly using powershell.

I found the answer here -
https://stackoverflow.com/questions/936108/how-to-script-ftp-upload-and-download

Essentially this is the script:

$File = "D:\Dev\somefilename.zip"
$ftp = "ftp://username:[email protected]/pub/incoming/somefilename.zip"

"ftp url: $ftp"

$webclient = New-Object System.Net.WebClient
$uri = New-Object System.Uri($ftp)

"Uploading $File..."

$webclient.UploadFile($uri, $File)

Import-Module activedirectory $target = Get-ADOrganizationalUnit -Identity "OU=Disabled Computer Accounts,OU=Space,DC=Domain,DC=com" $computers = Get-ADComputer -filter {(enabled -eq "false")} foreach ($name in $computers) { Move-ADObject $name -TargetPath $target -verbose }

Followup to above... this section would move the disabled computers to a 'disabled' OU.

In case you have a mix of private and public network profiles use this command.

Enable-PSRemoting -SkipNetworkProfileCheck - Force

SkipNetworkProfileCheck ignores any public network profiles so you can enable remote powershell successfully.

Since i've previously attempted on testing the VTL to Cloud Replicator, I would like to mention that there can be a possible error in the process. Just so noone rings the alarm beforehand, it's quite simple to overcome the "Setup failed to install Microsoft .NET Core. Error 3010" by either rebooting the node, or installing the .NET core before installing StarWind.

After getting in touch with them, I was actually surprised that they were kind enough to take that into account in one of their future releases and mention to have that fixed.

@BRRABill said in Powershell Book Recommendations:

@dafyre said in Powershell Book Recommendations:

@BRRABill said in Powershell Book Recommendations:

@dafyre said in Powershell Book Recommendations:

@wirestyle22 said in Powershell Book Recommendations:

@dafyre said in Powershell Book Recommendations:

That is an excellent book. That's how I got started with PS about a year ago.

first or second link?

Second link. The Month of PowerShell lunches. That's pretty good.

How long of a lunch do you get?

However long I need, lol. Usually ~45 mins or an hour.

Yeah, that was kind of a joke, referring to the title of the book.

/facedesk.

I now have two brain cells left for the day.

Thanks to @NerdyDad for this presentation at Mango Meetup DFW

Configuring MPIO to automatically claim all iSCSI devices

Enable-MSDSMAutomaticClaim -BusType iSCSI
0_1494445991062_mpio-iscsi.png

@Dashrender said in Office365 Direct Send without Relay:

@JaredBusch said in Office365 Direct Send without Relay:

For only basic email traffic needs like scan to email, just setup a connector in Office 365.

0_1492696529257_upload-114c859e-4acc-44f7-98fb-1e15dd07b888

0_1492696555576_upload-097270f5-1ef9-441c-be47-52dedd9dbb0b

Exchange Online has various rate limits though. So if you think you will be even close to them, use postfix locally to send out and just add your local WAN IP to your SPF record.

Why wouldn't your local relay still relay everything through Hosted Exchange in O365? or would that be rate limited as well?

Exchange Online has limits. it does not matter from where the email originate. The software was actually setup to authenticate and send email directly with and Exchange Online account during testing.

This quickly hit the rate limits as the client was sending out large amounts of price notifications to users that has signed up for such.

So this site had a local CentOS 7 box setup and Postfix was configured to send mail out. The SPF record was updated and then a connector was also setup to make sure nothing was blocked for no reason.