Get Permission for an UNC Path

This specific requirement came to me when there was a file server migration.
having thousands of shared paths with different sets of permissions was an issue before we moved into DFS and this little script saved my time.

$path = Read-host “Enter a UNC Path: ”

write-host
"File Sharing Permissions Report - $path"
Write-Host
 
$acl = Get-Acl $path
 
Write-Host "File/NTFS Permissions"
Write-Host
 
foreach($accessRule in $acl.Access)
{
    Write-Host " * " $accessRule.IdentityReference $accessRule.FileSystemRights
}

Export all users in AD

This could be very helpful for reports, where management loves reports 😛

$users = @()
$pathtosave1 = "Path to save.csv"
Add-Content -Path $pathtosave1 -Value '"Fist Name","Last Name","SAM Name","Email Address","Enabled"'

$users += Get-ADUser -Filter * -SearchBase "give the base of the Domain" -Properties * | select givenname,surname,samaccountname,mail,enabled

foreach($user in $users)
{
 Add-Content -Path $pathtosave1 -value ($user.givenname+","+$user.surname+","+$user.samaccountname+","+$user.mail+","+$user.enabled)
}

Get All users in a specific OU

This comes quite handy in an organization where OU structure is properly maintained
or even in a messy organization if you are trying to sort it.

$ou = "OU you want to get the users from"
$arr = @()
$pathtosave = "path to save.csv"

Add-Content -Path $pathtosave -Value '"First Name","Last Name","SAM Name","Description","OU"'

$arr = get-aduser -SearchBase $ou -Properties * -Filter * | select givenname,surname,samaccountname,Description,DistinguishedName,Enabled  |? {$_.enabled -eq $true}

foreach($unit in $arr){
Add-Content -Path $pathtosave -value ($unit.givenname+","+$unit.surname+","+$unit.samaccountname+","+$unit.Description+","+$unit.DistinguishedName)
}

Get All Users Excluding an OU

Getting all the user in AD is quite easy but excluding an OU could be bit of a challenging.

The below script will be able to help you achieve you this.

$OUDN = "Organization Unit Distinguished name that you want to exclude"
$arr1 = @()

$pathtosave = "Save location .csv"

Add-Content -Path $pathtosave -Value '"Fist Name","Last Name","SAM Name","Description","OU"'


$arr1 += Get-ADUser -Filter {Enabled -eq $true} | select givenname,surname,samaccountname,Description,DistinguishedName | Where-Object { $_.DistinguishedName -notlike "*,$OUDN" }

foreach($unit in $arr1){
Add-Content -Path $pathtosave -value ($unit.givenname+","+$unit.surname+","+$unit.samaccountname+","+$unit.Description+","+$unit.DistinguishedName)
}

Get Machines Name starting/ending with

This Scenario is mostly common when it comes to quick reports on Datacenter,department,floor,team etc.. Most of the organizations have naming convention to identify machine by the name with a specific set of letter in the name

For instance: MI-PDC-L2-R1-MGT01 this is a server name. To make it clear let me breakdown
MI = Melbourne
PDC = Primary Data Center
L2 = Level 2
R1 = Rack 1
MGT01 = Management Server 01

You can use the below script to find the machines that are in any of the above criteria

Get-ADComputer -Filter * | Where-Object {$_.Name -like “*machine name *”} | Select -Property Name,enabled 

To export it as a report

Get-ADComputer -Filter * | Where-Object {$_.Name -like "*machine name *"} | Select -Property Name,enabled >> "Output path.txt"

Check if a user/s is enabled or disable

this task is very straight forward. The script below achieves this.

Import-Module activedirectory

$reader = [System.IO.File]::OpenText("parse user list.txt")

while($null -ne ($user= $reader.ReadLine())) {

$checkeduser= Get-ADUser -Identity $user
write-host
"------------------------"
"User " + $checkeduser.SamAccountName + " is Enabled : " + $checkeduser.Enabled
"OU Path is : " + $checkeduser.distinguishedname
"------------------------"
}

Check a Machine is installed with an Update

Everyone loves quick wins,

The script below will tell you if a machine or more than one is being installed with a specific update.

 Get-Hotfix -computername 'Machine name'| where {$_.HotfixID -eq "KB######"} | Select-Object HotfixID

Check if a device is up through IP address

Checking if a machine is up can be a task similar to eating a cake. Only if other teams decide to send you a list of IP address and ask you to check if the IP is pingable. The script below will come hand for this purpose.

$machines = 'IP Addresses'

foreach ($machine in $machines) { 
        if (test-Connection -ComputerName $machine -Count 2 -Quiet ) {  
         
            write-Host "$machine is alive and Pinging " -ForegroundColor Green 
                     
                    } else 
                     
                    { Write-Warning "$machine seems dead not pinging" 
             
                    }     
}

Check if an update has been installed

Windows update! – Patching Tuesday!

The 2 words any system admin would not love to hear 😛 the process of installing the updates is no the hardest job. it’s that random compliance check from the Security team which make you run like headless chickens.

Below script will save the time by getting the Machines in an OU and cross check it against the given KB######## and will let you know if the machine is compliant or not.

$machines= Get-ADComputer -Filter * -Searchbase "Specific OU" -Properties *| Select name | sort asc


$UpdateNo = 'Update number KB######'
foreach ($machine in $machines) { 

        if (test-Connection -ComputerName $machine -Count 2 -Quiet ) {  
         $PatchCheck = Get-Hotfix -computername $machine | where {$_.HotfixID -eq $UpdateNo} | Select-Object HotfixID 
            Try{
                $ErrorActionPreference = 'stop'
                if($PatchCheck.HotfixID.Contains($UpdateNo)-eq $true){
                write-Host "$machine is Alive and Updated with $UpdateNo patch." -ForegroundColor Green
                }
            }catch{
                $ErrorActionPreference = 'continue'
                Write-Host "$machine Is Up and Not Patched!!" -ForegroundColor Red
            }
               
         }else{ 
         Write-Warning "$machine seems dead not pinging"     
         }     
}

If you have only a handful of machines that needs a quick check the script will still be able to help you with that 


$machines= Get-content -path "list of machine names.txt"

$UpdateNo = 'Update number KB######'
foreach ($machine in $machines) { 

        if (test-Connection -ComputerName $machine -Count 2 -Quiet ) {  
         $PatchCheck = Get-Hotfix -computername $machine | where {$_.HotfixID -eq $UpdateNo} | Select-Object HotfixID 
            Try{
                $ErrorActionPreference = 'stop'
                if($PatchCheck.HotfixID.Contains($UpdateNo)-eq $true){
                write-Host "$machine is Alive and Updated with $UpdateNo patch." -ForegroundColor Green
                }
            }catch{
                $ErrorActionPreference = 'continue'
                Write-Host "$machine Is Up and Not Patched!!" -ForegroundColor Red
            }
               
         }else{ 
         Write-Warning "$machine seems dead not pinging"     
         }     
}

Check C Drive Space

In a co-operate environment checking Drive space is challenging job when it comes to patching. like i said in the previous blog checking one machine could be a easy job but checking in a bulk could be challenging.

Majority of the patches that gets failed – primary reason could be not enough space in the C Drive to it to be installed.

having a clear picture of this issue would give an upper hand. Script below will be able to let you know the free space in the drive.

To show the result in the screen

$Computername = [System.IO.File]::OpenText("machines name in a file.txt")

while($null -ne ($Computer= $Computername.ReadLine())) {

    if($?){
        Get-WmiObject –ComputerName $Computer–Class Win32_Volume `
              |ft –auto $line,`
                        DriveLetter,`
                        Computer,`
                        Label,`
                         @{Label=”Free(GB)”;Expression={'{0:N0}’ –F ($_.FreeSpace/1GB)}}
     }     
 }
 $Computername.Close()

To export to the result to a file use the below.

$Computername = [System.IO.File]::OpenText("machines name in a file.txt")

while($null -ne ($Computer= $Computername.ReadLine())) {

    if($?){
        Get-WmiObject –ComputerName $Computer–Class Win32_Volume `
              |ft –auto $line,`
                        DriveLetter,`
                        Computer,`
                        Label,`
                         @{Label=”Free(GB)”;Expression={'{0:N0}’ –F ($_.FreeSpace/1GB)}} >> "Output path .txt"
     }     
 }
 $Computername.Close()