The Energized Tech

In Powershell, Add users to Groups is a piece of cake whether you use Quest Commandlets or the new Active Directory Modules.

If your group name is “ACCOUNTING” and you’re adding in “GEDDY.LEE” the command would be (under Quest)

ADD-QADGROUPMEMBER ACCOUNTING GEDDY.LEE

Now this is all fine and dandy (except for Mr. Lee who probably should have been in the Group “RUSH” instead, but I was feeling silly) but if you try to add a user from a Trusted domain into the group, it’s a different story!

Let’s say we have two domains.    One is called ROCK and the other is called ROLL and you have a DomainLocal Security Group called “BassPlayers” you normally can add Users from a Domain called ROLL into the DomainLocal Group in ROCK under Active Directory users and Computers.  That part we all know. 

But under Powershell it was a bit confusing. At least at first!  Simply because I busy “Assuming” things.

So doing THIS to add NEIL.YOUNG from the ROLL domain

ADD-QADGROUPMEMBER BassPlayers ROLL\Neil.Young

Produces a complete fail with an error like this.

Add-QADGroupMember : Cannot resolve directory object for the given identity: 'ROLL\neil.young'.
At line:1 char:19
+ add-qadgroupmember <<<<  BassPlayers HO\neil.young
    + CategoryInfo          : NotSpecified: (:) [Add-QADGroupMember], ObjectNotFoundException
    + FullyQualifiedErrorId : Quest.ActiveRoles.ArsPowerShellSnapIn.DirectoryAccess.ObjectNotFoundException,Quest.Acti
   veRoles.ArsPowerShellSnapIn.Cmdlets.AddGroupMemberCmdlet2

So a Face Palm ! *KLUNK*

How to figure this out?  Actually very easy :)

Do it the “Hard way” to get some examples.   So I added a user in the Domain ROCK and the Domain ROLL into the BassPlayers DomainLocal group in my environment.  Then run a GET-QADUSER on the group to get some details.

GET-QADGROUPMEMBER BassPlayers

Name                           Type                 DN
----                               ----                    --

Geddy.Lee                   user                  CN=weenie,CN=Users,DC=techdays,DC=contoso,DC=com
ROLL\NeilYoung           foreignSecur... CN=S-1-5-21-2481523833-734975305-574286769-1118,CN=ForeignSecurityPri...

So we can see that members of the Foreign Domain are stamped different in the Domain Local Group.  Well DUH!  Of course they are!  It’s Different Domain!  There has to be SOME easy way of saying “Hey whoa!  This user’s not from our LOCAL security area!”

So KNOWING this in Advance means if we want to add users from a Foreign (BUT TRUSTED) domain to a DomainLocal Group we need to have a little bit of extra information FIRST.

Obviously, we need to know the TYPE of user.  A SELECT-OBJECT on the TYPE will show us more details and of course in greater depth

Name : ROLL\Neil.Young
Type  : foreignSecurityPrincipal
DN     : CN=S-1-5-21-2481523833-734975305-574286769-1118,CN=ForeignSecurityPrincipals,DC=ROCK,DC=com

But the DN.  Aye there’s the RUB.  The DN is UNIQUE to each user because of the SID.   So how do we pull THAT out?

Connect to the foreign domain and ASK!  Because you have a Trust (this article is about Domains with a Trust remember ;) )

GET-QADUSER Username –Service NameOrIPofForeigndomainController | select-object SID

Like

GET-QADUSER Neil.Young –Service ‘10.0.0.90’ | SELECT-OBJECT –SID

Will yield his SID which happens to be

CN=S-1-5-21-2481523833-734975305-574286769-1118

So (Gasp, pant, ack ack!) HOW DO WE USE THIS?!?!?!

Let’s think.   We have the name.  We can ask somebody information about the name and get the SID.  We know the details about the other domain. 

Let’s let POWERSHELL do ALL the Work… cuz we’re LAZ…… I mean EFFICIENT!

$DETAILS=GET-QADUSER Neil.Young –service ‘10.0.0.90’; 

But here’s the really tricky bit!  We have to put all those pieces together!  And THAT will be another story for AFTER the weekend :)

Sean
The Energized Tech

Elitist Programmers back off!

What the community at large has been SORELY lacking for an incredibly long and overdue time is a language REGULAR people can use.

A language Novices can get their hands dirty with.  Simple and effective to play with and get creative with BEFORE their head explodes with a GUI.

Microsoft has brought it back.   A simple system called “Small Basic”.

Manual included. 

I haven’t had a chance to dive into it yet, but the Syntax looks like what the novices need.   Simple and effective. 

Curious? 

It’s a free download under 8 meg in size.  Small enough to carry around and share with friends.

Try it, you’ll like it

Sean
the Energized Tech

Technology is changing daily.   Applications on longer need to be on the physical machine to be powerful and useful.   Sometimes it’s combination of leveraging both a physical and a virtual solution as well as extending to the cloud.   Take a dip in the waters and gaze into the Azure sky…

FROM THE CLIENT TO THE CLOUD V 2.0

Date: April 14, 2010 9:00AM - April 14, 2010 5:00PM
Language: ENG

Location:
Westin Harbor Castle
Toronto, Ontario
M5J 1A6
Show Map

General Event Information

Products: Microsoft Hyper-V, Microsoft Office, Microsoft Office 2010 suites, Microsoft Silverlight, Microsoft SQL Server, Microsoft SQL Server 2008 R2, Microsoft technologies, Microsoft Visual Studio, Microsoft Visual Studio 2010, Windows, Windows 7, Windows Azure, Windows Azure platform, Windows Mobile, Windows Mobile Smart Client Applications
Recommended Audience: Architect, IT Generalist, Pro Dev/Programmer, Tech Influencing BDM

Description:

Energize IT 2010 – Anything is Possible!

Windows Azure. Office System 2010. Visual Studio 2010. Windows Mobile. The Microsoft-based platform presents a bevy of opportunities for all of us.  Whether you are a Manager, Developer, or IT Pro knowing how these will impact you is critical, especially in the new economic reality. 

Registration is now available for you to attend this complimentary full day EnergizeIT event where we will help you to understand Microsoft’s Software+Services vision using a combination of demonstrations and break-outs.   You will find out about the possibilities that these technologies help realize and the value that they can bring to your organization and yourself.

To start the day we will explore the Microsoft-based platform through a scenario that will demonstrate different points of view - from developer to IT Pro; from consumer to the information worker.  From the client to the cloud, this fun-filled demo-intensive exploration will excite you about the possibilities of the Microsoft-based platform.  You’ll see how to build next generation applications with technology like Silverlight, .NET 4.0 and Visual Studio 2010. You will find out how to consume those applications on a variety of devices, like mobile devices running Windows Phone, netbooks and PCs running Windows 7, as well as the web.  You will learn about how the Microsoft-based platform allows you to connect with your colleagues no matter where you are –office, coffee shops, or your own living room.  You’ll also see how you and your colleagues can be even more productive with Office 2010 and SharePoint 2010.

In the afternoon we will split in two tracks focused on managing and deploying infrastructure, and the development process.  These tracks will help you answer the question “How do I get to the latest technology from my current reality?”  You’ll learn about the technical details required for you to be ready to implement some of the technologies demonstrated in the morning sessions and help offer a clear learning and experimentation roadmap, and action plan. 

EnergizeIT: From the Client to the Cloud is your opportunity to learn how to harness the power and flexibility of the Microsoft-based platform from the client to the cloud. Invite a friend and Register today for this event. Seating is limited.  

Is your city not listed? Visit www.microsoft.ca/energizeIT

To register go online to www.microsoft.ca and search with event Code 1032440621 or Click here / Register by Phone: 1-877-673-8368

A pre-amble, a beginning to the new year in IT.  Meet up with peers and get a view of all the new technology about to be unleashed and unfolded to help YOU improve your life.

COMMUNITY CONNECTION

Date: April 27, 2010 6:30PM - April 27, 2010 9:00PM
Language: ENG

Location:
Microsoft Canada Headquarters
Mississauga, Ontario
L5N 8L9
Show Map

General Event Information

Products: Microsoft Hyper-V Server, Microsoft Office, Microsoft Office 2010 suites, Microsoft Silverlight, Microsoft SQL Server, Microsoft SQL Server 2008 R2, Microsoft technologies, Microsoft Visual Studio, Microsoft Visual Studio 2010, Windows, Windows 7, Windows Azure
Recommended Audience: Architect, IT Decision Maker, IT Generalist, Pro Dev/Programmer

Description:

Energize IT: Anything is Possible.

Energize IT: Community Connection Series is an evening event series hosted by your local Community User Group.  Throughout the evening event, you will hear us, Microsoft advisors, talk about Windows Azure, Office System 2010, Visual Studio 2010, Windows Mobile.  It’s evident the Microsoft-based platform presents a bevy of opportunities for all of us.  Whether you are a Developer or an IT Pro, knowing how these will impact you is critical, especially in the new economic reality. 

This evening Energize IT: Community Connection event will help you understand Microsoft’s Software+Services vision.   You will find out about the possibilities that these technologies help realize and the value that they can bring to your organization and yourself.

We will explore the Microsoft-based platform through a scenario that will demonstrate different points of view - from developer to IT Pro, from consumer to the information worker.  From the client to the cloud, this fun-filled demo-intensive exploration will excite you about the possibilities of the Microsoft-based platform.  You’ll see how to build next generation applications with technology like Silverlight, .NET 4.0 and Visual Studio 2010. You will find out how to consume those applications on a variety of devices, like mobile devices running Windows Mobile, netbooks and PCs running Windows 7, as well as the web.  You will learn about how the Microsoft-based platform allows you to connect with your colleagues no matter where you are –office, coffee shops, or your own living room.  You’ll also see how you and your colleagues can be even more productive with Office 2010 and SharePoint 2010.

For cities that have a full day Energize IT: From the Client to the Cloud full day event, please note, the community evening event is an encore presentation of the first part of Energize 2010 daytime event.

EnergizeIT: Community Connection series is your opportunity to learn how to harness the power and flexibility of the Microsoft-based platform from the client to the cloud. Visit www.microsoft.ca/energizeIT to learn

To register go online to www.microsoft.ca and search with event Code 1032441788 or Click here

The Office 2010 Install Fest – Curious about the NEWEST version of Office being released by Microsoft ?  Want to be ahead of the crowd and be ready before ANYBODY ELSE?

HERE’S YOUR CHANCE!

OFFICE 2010 Install Fest

Date: April 15, 2010 7:00PM - April 15, 2010 9:00PM
Language: ENG

Location:
Microsoft Canada Headquarters
Mississauga, Ontario
L5N 8L9
Show Map

General Event Information

Products: Microsoft Office, Microsoft Office 2010 suites
Recommended Audience: Additional Information Worker, IT Generalist, Pro Dev/Programmer

Description:

Energize IT 2010 – Anything is Possible!
NOTE: This effort is in part of the Energize IT Program. For more information on Energize IT and its offerings in Spring 2010, visit www.microsoft.ca/energizeIT for more details.

Office 2010 is just around the corner and we want you to experience its myriad of new features in a fun-filled evening.  Come join your peers in the local community to install Office 2010 on your personal machine to discover all the new ways that Office will help improve your personal and professional life.

We, Microsoft Canada’s technical advisors along with local experts will be on-hand to assist you and share how we’re taking advantage of Office 2010.  We’ll demonstrate tips and tricks to make the most of your experience of Office 2010, as well as highlight elements relevant to you.

But it’s not just about the software.  You’ll have the opportunity to connect with your peers and exchange stories about how they’re looking to take advantage of what Office 2010 has to offer.   If you are already running Office 2010 and consider yourself a guru, let us know by emailing energize@microsoft.com and come out to help your colleagues get started.

Join us for the Install Fest for Office 2010 as part of Energize IT Week 2010.  Bring your own notebook, netbook, or desktop to install the latest available build of Office 2010 and be on your way to a whole new level of productivity.

We will provide:

• Power for your computer 
• Installation media for Office 2010
• Image with pre-installed Office 2010 (Requires Virtual PC)

To register go online to www.microsoft.ca and search with event Code 1032440866 or Click Here / Register by phone at 1-877-673-8368

It’s 2010!  The greatest sets of events to rip, rock, roar and shake apart YOUR IT foundation are COMING!

That’s right!   The one time, the greatest DAYS of DAYS are coming hear FINALLY!

ENERGIZE IT 2010!  the Days when ANYTHING is possible!

Events in Mississauga are just starting to appear!  So get ready now and Register for local ones near you!  The following events posted here are at the Mississauga, Ontario office for Microsoft.  But check on http://www.microsoft.com/canada/events/ and sort based on the province nearest *YOU* to find other EnergizeIT and AlignIT events!

Watch this blog for postings for Mississauga Ontario!

Sean
The ENERGIZED Tech :-D
Yeeeeeeeeeehaaaaaaawwwwwwwwwww!!!!!!

Here’s that chance to be Green with Envy and get a little green (or a chance at it!)

Get the Green Light

Is your application compatible with Windows® 7 and Windows Server® 2008 R2? Register and green light it before February 28, 2010, and you’ll automatically be entered in our Get the Green Light contest for a chance to win $7,000 or 1 of 5 netbooks! Plus, you’ll get exclusive access to Partner benefits.

CLICK HERE for further details!

Do it today!  Get the Green light on YOUR app and maybe pocket some Green!

Sean
The Energized Tech

There are certain characters on the keyboard that no matter how you try, they just don’t appear in a text file.

Well actually they DO but we can’t tell WHAT they are.  But there are times you need to reference those characters.   Say if you’re trying to type in something meant to be echoed to two lines?  Need to send a tab character?

Fortunately all of this is well documented online at Microsoft when working with Powershell .  For those of you who remember DOS? (*ACK WHAT?!*) it will be the same technique when typing those special characters.

You just need a little thing called the “BackTick” ----- > ` < ----- and a few special letters

`0 Null
`a Alert
`b Backspace
`f Form feed
`n New line
`r Carriage return
`t Horizontal tab
`v Vertical tab

Now a lot of us out there will neither know nor care what a “Vertical Tab” is (for the record it’s from back in the days of Consoles and Line printers) but the important thing to note is these characters are used in text files.

Sometimes you’ll get data and you need to clean it up (from say a Unix system?) and you’ll need to specify the character.

If you’re working with these special characters, the string information always has to be referenced in Double Quotes --- > “ < ---

For example

“This`nIs`nA`nTest”

will show up as

This
Is
A
Test

And if you were trying to searching for a “Tab” character in a “tab separated file” as an example you could do this now.

(GET-CONTENT FILENAME.TXT) –replace “`h”,” “

Not the best example but it does show you it’s not hard to work with.  Also remember if you have any characters that are special (Like the Double or Single Quote) that NEED to be in a string, Put the BackTick ` before them to keep them included without problems (even the backtick itself)

BTW, this trick also works if you’re on Server 2008 Core.  There are situations even there (like passwords) where certain characters need to be typed.

Sean
The Energized Tech

Adding users to a group has NEVER been easier!  In Server 2008 R2 using Active Directory Modules you have one dead simple command.

ADD-ADGROUPMEMBER

It’s easy, it’s simple, it’s intuitive……

If you have a Security Group in Active Directory called “REALLYIMPORTANTACCESS” and you need to add John.Smith or Mary.Jones to that Group? Well hold onto your seats

ADD-ADGROUPMEMBER REALLYIMPORTANTACCESS john.smith,mary.jones

DONE!  No headaches.  

Now to REMOVE a User from a Group?  Just as EASY!  If you found later on that “joe.bloe” was in that group?  No problem!

REMOVE-ADGROUPMEMBER REALLYIMPORTANTACCESS joe.bloe

Easy! And to boot it WARNS you BEFORE it performs the action.  A BUILT IN Safety!

And as always you can pass in variables to this commandlet, alternate credentials, for other domains or pipe in Data from other queries to automate your life!   All this is EASILY doable and repeatable from the comfort of your desktop.

Powershell, IT’S SCRIPTABLY DELICIOUS!

Sean
The Energized Tech

As they would say on “Wayne’s World” ---- “SCHWING!!!”

There’s a feature I just stumbled on.   It’s simple.  It’s easy.

And you DON’T need to master Powershell on any level to just USE it!

It’s called SEARCH-ADACCOUNT.

SEARCH-ADACCOUNT is a Commandlet for just what it sounds like.  Searching Active Directory.  But where it wins for new Administrators is it already has PREBUILT EASY to USE parameters!

Want to find out who’s locked out in Active Directory?  SEARCH-ADACCOUNT –LockedOut

Need to know which accounts are Disabled?  SEARCH-ADACCOUNT –AccountDisabled

How about users who’s passwords NEVER expire?  SEARCH-ADACCOUNT –PasswordNeverExpires

There’s so much more to this Commandlet like THIS sweet little line.   We COULD write up a script for this but would you like a COMMAND LINE that shows all “Idle accounts”.   (User or Computer) that basically have been wasting space?

VOILA!  IT’S in POWERSHELL in Server 2008 R2!

SEARCH-ADACCOUNT –AccountInactive –TimeSpan 90:00:00:00

There!  ALL accounts (computer and user) not used in 90 days!  And YES you can pipe THAT into a DISABLE-ADACCOUNT as well to keep the system secure and under control!

This is just the ICING on the CAKE!  For just THIS REASON ALONE you should consider Server 2008 R2 and Powershell!  As an Administrator, this is something that is part of your daily job.  Query old accounts, find who’s wasting space, determine what needs to be pruned. And now that is a simple program you can use on your WORKSTATION.   No stress, no effort.

Just time for the Pina Coladas!

Sean
the Energized Tech