In this post you will learn how to query SCOM RMS server name of a specific SCOM group using powershell script.

In all my SCOM scripts that I wrote so far, I hardcoded the SCOM RMS server name. Recently I came across a situation where RMS role is moved to another management server in same SCOM group. With this change, obviously all my scripts will fail because the hard coded server is not a RMS server anymore and it has no intelligence to redirect my query to the current RMS sever.

That means we should have a dynamic way using which we can get RMS server automatically from some reliable source. SCOM installations creates a SCP(Service Connection Point) in Active directory for each SCOM group. So now I will show you how to query this SCP using powershell and get the RMS server name.

We can either choose to use build-in Activedirectory module or Quest AD Cmdlets to get information. The below code is based on activedirectory module which is available with Windows 2008 and Windows 7.

function Get-ScomRMSServer {            
            
Import-Module ActiveDirectory            
$Domainname = (Get-ADDomain).DistinguishedName.tostring()            
$SCOMObj = Get-ADObject -Filter "Name -eq 'SDKServiceSCP'" -SearchBase $domainname `
-Properties ServiceDNSName, ServiceClassName            
$SCOMObj | select serviceclassname, serviceDNSName            
            
}

Thanks to my colleague(Deepesh) who helped with finding this.

I just came across a interesting tip that might help in your powershell scripting. It is about creating the temp file. In your script, if you want to create some temp file for processing and then it is right choice. The advantage with this approach is, it directly creates a file in %temp% of user profile and returns the path. Another good thing is, if you run it multiple times, it returns a new temp file each time.

[System.IO.Path]::GetTempFileName()

Hope this tiny one helps…

In today’s post, let us see how to get the BIOS details of remote computer. When I say BIOS details, the most important parameters one will look for is, version and serial number. These are the most two parameters System administrators often want to know. To get this information, I have written a little function which makes a WMI query to remote computer using Get-WMIObject cmdlet for Win32_BIOS class to get the required details.

Here you go for the script. Hope this helps…

function Get-BIOSDetails {            
param($Computer)            

$output = "" | select ComputerName, BIOSVersion, SerialNumber            
$obj = Get-WMIObject -Class Win32_BIOS -ComputerName $Computer             
$output.ComputerName = $Computer.ToUpper()            
$output.BIOSVersion = $obj.SMBIOSBIOSVersion            
$output.SerialNumber = $obj.SerialNumber            

$output            

}

I will continue writing more and more when I find some time.

We all know how to change a string to lower case or upper case. It is as good as invoking .Toupper() or .Tolower() methods of the string variable.

For example…

PS C:\> “TechiBee”.toupper()
TECHIBEE
PS C:\> “TechiBee”.tolower()
techibee
PS C:\>

But when it comes to changing to Title case where first letter of the word is in capital and remaining letter in world in lower case, people are using variety methods. Some people are using substring method to identify the first character to upper and remaining to lower case and then combining them to get the title case of original word/string.

Actually, It is not that hard. PowerShell has very powerfull features and you should be doing it with very easy procedures. Let us see how to do it.

PS C:\> (Get-Culture).textinfo.totitlecase(“TechiBee.com”.tolower())
Techibee.Com
PS C:\>

In the above example, I am using the ToTitleCase method that is available with Get-Culture cmdlet. All we need to do is pass the string as argument to this function to get it converted to title case. I passed “TechiBee.com” for demonstration and you can see the output. You might have noticed that “com” in “TechiBee.com” also got changed it to title case as this is also a different word in the given string. You might want to ask why we need to change it to lower case before performing the conversion. I too don’t have a answer for it but the thing is, if the given string/word has all capital letters, then this method is not changing the string to title case. Hence I used ToLower() method. You can see the below demonstration for clarity.

Hope this helps…

Well, I explored Win32_Service WMI class a bit more and found some more concepts which are useful to Windows Administrators. In this article, I will show you how to get the list of services which are running with a specific windows account. You can get this information from both local and remote computers with the code that I am going to provide.

CODE:

function Get-ServiceLogonAccount {
[cmdletbinding()]            

param (
$ComputerName = $env:computername,
$LogonAccount
)            

    if($logonAccount) {
        Get-WmiObject -Class Win32_Service -ComputerName $ComputerName |`          
? { $_.StartName -match $LogonAccount } | select DisplayName, StartName, State            

    } else {            

        Get-WmiObject -Class Win32_Service -ComputerName $ComputerName | `         
select DisplayName, StartName, State
    }            

}

So it is clear what the above function does. It takes two parameters, computername and logonaccount. You should provide computer name if you would like to query the services on remote computer otherwise just ignore it. By default it queries local computer. Similarly, -LogonAccount is also optional parameters and you need to pass the account name that you are looking for. For example, if you are looking for DOMAIN\Useracct1 account, just pass useracc1 as parameter value.

Below are some usage examples…

Example 1: Query logon account of all services in local computer

Example 2: Get services running with “NT Authority\LocalService” account on remote computer

Hope this helps.

Hello Readers,
How many of you regularly use twitter? I guess most of you. Have ever worried about the security it is providing? You should read on if your answer is NO.

One of colleagues gave a quick demo a few days back to show how insecure the default twitter is. His demo proved that, any one sitting in same network as yours can easily hijack your twitter account and tweet on behalf of you. He was able to make it because twitter runs on http by default. Since it is http, all the data transfer will happen over wire in plain text format. So, any one in your network with a couple of  tools can spoof your MAC address can easily capture what you are sending over wire and get the twitter cookie(key for maintaining your twitter session) and tweet using your twitter account. The method that my colleague demonstrated is a simple hack any one with computer knowledge can execute it.

How to I make it secure:  Twitter provides a option to make your twitter account to use https(secure http) as default protocol. Making use of this will at least prevent your twitter account from this kind of silly hacks.

You can follow the below procedure to enable the https

• Logon to twitter account.
• Go to your profile tab and click on edit profile
• Go to Account section in your profile and check the box Always use HTTPS
• Click on Save and enter your password when prompted

• Now your twitter account is secured.

You might notice that “Logical disk space”  alert in SCOM not showing % free space and MB free space in alert description. This is because you have upgraded your base OS management pack to “V6.0.6958.0” recently. Per Kevin’s blog, this expected with latest version of Base OS MP. As part of latest MP writing, the script that fetches the disk space values was completely re-written to support consecutive samples monitoring type and the re-written script is not returning these values to the SCOM; hence you are no information about free space in alert description.

I am sure most SCOM users won’t like this. This information loss will create some ambiguity and it is difficult to distinguish between cases which just exceed the thresholds and worse cases where just few MBs of data available.

MS may come with some latest MP to fix this issue. Till then you can use the workaround created by Kevin in the his blog. He has given two monitors which you can use against 2003/2008 hosts so that you can see the details you need. These monitors are extracted from previous version of base OS MP  so the functionality will remain same.

References:

http://blogs.technet.com/b/kevinholman/archive/2011/11/17/opsmgr-logical-disk-free-space-alerts-don-t-show-percent-and-mb-free-values-in-the-alert-description.aspx

Hope this helps.

We being system administrators come across requirements to see if a port is open for connections or not. For example, to see if a web service is working, the first thing I do is, “telnet webservername 80”. Similarly every client/server application some or other port for establishing connection and communication. Since the port connectivity verification is pretty much part of system administrator’s life, I want to do it with my favorite programming language, “PowerShell”.

Below is the function that tests the port connection and returns the status.

Code:

function Test-PortConnection {            
[cmdletbinding()]            
param(                        

[parameter(mandatory=$true)]            
[string]$TargetHost,                        

[parameter(mandatory=$true)]            
[int32]$TargetPort,                        

[int32] $Timeout = 10000                        

)                        

$outputobj = New-Object -TypeName PSobject            

$outputobj | Add-Member -MemberType NoteProperty -Name TargetHostName -Value $TargetHost            

if(test-Connection -ComputerName $TargetHost -count 2) {            
    $outputobj | Add-Member -MemberType NoteProperty -Name TargetHostStatus -Value "ONLINE"            
} else {            
    $outputobj | Add-Member -MemberType NoteProperty -Name TargetHostStatus -Value "OFFLINE"            
}            

$outputobj | Add-Member -MemberType NoteProperty -Name PortNumber -Value $targetport            

$Socket = New-Object System.Net.Sockets.TCPClient            
$Connection = $Socket.BeginConnect($Targethost,$TargetPort,$null,$null)            
$Connection.AsyncWaitHandle.WaitOne($timeout,$false)  | Out-Null            

if($Socket.Connected -eq $true) {            
    $outputobj | Add-Member -MemberType NoteProperty -Name ConnectionStatus -Value "Success"            
} else {            
    $outputobj | Add-Member -MemberType NoteProperty -Name ConnectionStatus -Value "Failed"            
}            

$Socket.Close | Out-Null                        
$outputobj | select TargetHostName, TargetHostStatus, PortNumber, Connectionstatus | ft -AutoSize            

}

In this code, I am using “System.Net.Socket.TCPClient” dotnet object to verify the connection. One the script tries to establish the connection it waits for at least 10 seconds to see if the other party is responding or not on the port I am querying. It is because, based on the server responsiveness and other factors, you may get some delayed response. To facilitate such incidents, I am using 10 seconds default delay. However, if you wish you can change it to the value you want by simply passing the value through -TimeOut parameter. The script takes other two mandatory parameters. One is -TargetHost  and another is -TargetPort. The “TargetHost” parameter accepts the remote server name on which you want to test the port connectivity and Targetport is the actual port number you want to query.

Usage example:

Hope this information helps…

“Did you mean windows powers hell ?” is message you get when you search for “Windows PowerShell” in download.microsoft.com. Isn’t this funny? One of my friends noticed this. I feel MS should look at their search algorithm and make PowerShell as known word and don’t recommend “Powers hell”.

If any MVPs or Microsoft Persons happens to look at this post, please inform respective team in Microsoft to get this corrected. After all it is the first thing any one would do if they want to learn powershell.

Here is the screenshot of it.