Rodney Buike - Founder and original lazy admin.

Daniel Nerenberg - Lazy admin 2.0


These postings are provided "AS IS" with no warranties, and confers no rights. You assume all risk for your use.

Discover FSMO Roles with PowerShell

With PowerShell the defacto standard for Windows management I’ve started digging into it a little more as I need to.  Recently I had to use PS to seize the FSMO roles from a failed DC.  Now in my lab I only had two DCs, DC01 and DC02.  DC01 was the first and therefore held the FSMO roles and I didn’t need to do anything to figure out where they were.

But in a larger environment you may need to run the following commands to determine where the roles are held.  There are two commands we need to use, Get-ADForest for the Schema Master and Domain Naming Master roles and Get-ADDomain for the PDC Emulator, RID Master and Infrastructure Master roles.

Now you could look the role holders up in your documentation (you have documented this right?) but it might be quicker to fire up PowerShell and run the following commands:

Get-ADForest <domain_name> |

Continue reading Discover FSMO Roles with PowerShell

Managing FSMO Roles with PowerShell

It seems like only yesterday that PowerShell was released.  Maybe because time flies when you are having fun or maybe because it is really picking up steam since Windows 2008 R2 was released.  Regardless with Windows Server 2012 now being adopted and Windows Server 2012 R2 almost shipping it is clear that PowerShell is the Windows management scripting language.

“Anything you can do in the GUI you can do in PowerShell” – Brad Anderson at the Windows Server 2012 partner Airlift keynote

Case in point, managing ADDS in Windows Server 2012.  Last week I had a drive fail in a demo server running Hyper-V 2012 with a System Center 2012 SP1 lab that includes two Windows Server 2012 DCs.  The drive that died held DC01 which was the first DC installed and contained all five of the FSMO roles.  Back in the old days it was an easy enough fix

Continue reading Managing FSMO Roles with PowerShell

XenDesktop VDI and Dynamic Memory

XenDesktop is one of the leading VDI solutions right now due to its ability to run on the three major virtualization platforms.  When running Windows 7 SP1 VDI desktops with XenDesktop you may want to take advantage of Dynamic Memory for the workloads to increase VM density.  Unfortunately this cannot be done within XenDesktop at the time but you can do so via PowerShell. 

The following script created by Vlad Borodin and edited by my colleague Alex Khassanov will find all VMs on a Hyper-V host and enable Dynamic Memory on them.  You’ll need to know the Hyper-V host name, the prefix for the VDI VMs as well as the startup, maximum and buffer settings for Dynamic Memory. 

# PowerShell Script for changing RAM settings for several machines

# Vlad Borodin (

# 05 Mar, 2011

# Modified by AK, Jan-24-2012. Enable dynamic memory, set dynamic memory params


Write-Host("This script

Continue reading XenDesktop VDI and Dynamic Memory

PowerShell and Hyper-V R3

Windows PowerShell is a “powerful” method of managing servers and in Windows 8 it becomes even more powerful.  Hyper-V R1 and R2 didn’t have native PowerShell cmdlets built in.  If you deployed SCVMM you would have access to the VMM servers cmdlets or you could download the PowerShell Management Library for Hyper-V from Codeplex.

In Windows 8 there are specific cmdlets for Hyper-V (around 150 by my count) to help you manage your Hyper-V R3 environment via the command line.  Eric Bahna from Microsoft produced this video detailing some of the things you can do with PowerShell in Hyper-V R3.

I know it is hard to see what is going on but thankfully he produced a set up guide and a step by step guide so you can reproduce this demo in your test lab.

PowerShell Basics–Part 4

The last part of this series we’ll let at some more common tasks and how you can use PowerShell to solve them.  Yes, I’m certain you have that new $50,000 inventory system that does everything…. What?  Everybody doesn’t?  Built into every Windows Powershell console is the ability to run WMI Queries EASILY.   Here’s a quick take away for you right now.  Need to know some BIOS details of a remote PC?

GET-WMIOBJECT win32_bios –computername ‘nameofcomputer’

Now how about if that computer is a DELL system?

(GET-WMIOBJECT win32_bios –computername ‘nameofcomputer’).SerialNumber

But did you need to get that information for a series of computers in your Active Directory?  Enter the Power of Shell to query All the service Tags in mysterious Division X

# Quest
GET-QADCOMPUTER –searchroot ‘Contoso.local/Division/X/Computers’ | FOREACH (GET-WMI-OBJECT win32_bios –computername $_.Name ).SerialNumber

# Microsoft
GET-ADCOMPUTER –filter ‘*’ –searchbase ‘OU=Computers,OU=X,OU=Division,DC=Contoso,DC=Local’ | FOREACH (GET-WMI-OBJECT win32_bios –computername $_.Name ).SerialNumber 


Here’s one

Continue reading PowerShell Basics–Part 4

PowerShell Basics–Part 3

In part 3 of this series we’ll look at the most common task most admins face.  Locked user accounts, forgotten passwords.  Think of how much time you spend fixing these issues.  You say your biggest challenge is the 5% of the people who tie up support with 98% of the lockouts and need to be resolved now?

# Quest

# Microsoft
UNLOCK-ADACCOUNT –identity ‘John Smith’

But wait.  Did a whole division of users from Division X have a really big party at lunch and NEED to all be unlocked NOW?  Shame on them but, hey! No challenge!

# Quest
GET-QADUSER –Searchroot ‘Contoso.local/Divisions/X/Users’ | UNLOCK-QADUSER

# Microsoft
GET-ADUSER –filter ‘*’ –SearchBase ‘OU=Users,OU=X,OU=Divisions,DC=Contoso,DC=local’ | UNLOCK-ADACCOUNT

Reset Passwords

Fred Flintstone from accounting has locked himself out! It’s the end of his world (and your day) if he can’t log into his

Continue reading PowerShell Basics–Part 3

PowerShell Basics–Part 2

In part 1 of this PowerShell series we covered off some of the basics.  In part 2 we’ll take a look at some real world tasks you can speed up with the help of Powershell.  These examples will use PowerShell as well as the free PowerShell tools from Quest.

The head of HR comes bursting in your door screaming to quickly disable the VP in Division X because an Audit has turned up some nasty details about their new “Fund Management Scheme”.   No problem for you when you simply execute a PowerShell script.

# Quest

# Microsoft
DISABLE-ADACCOUNT –identity ‘Mister X’

Or perhaps it’s that entire division at Contoso that needs to be disabled?

# Quest
GET-QADUSER –Searchroot ‘Contoso.local/Divisions/X/Users’ | DISABLE-QADUSER

# Microsoft
GET-ADUSER –filter ‘*’ –SearchBase ‘OU=Users,OU=X,OU=Divisions,DC=Contoso,DC=local’ | DISABLE-ADACCOUNT


Perhaps you’ve just taken over as the

Continue reading PowerShell Basics–Part 2

PowerShell Basics–Part 1

Guest blogger Sean Kearney, aka The Energized Tech, is back with a few posts on PowerShell.  Few people know PowerShell like Sean does and he has some great posts coming up with some tips on everyday tasks you can use today.  Telling somebody to “Use Powershell” is all fine and dandy.    Telling me it’s easy is wonderful too.  But… uh… where do I start?  Is a Network Administrator there are tasks we perform on a regular basis.   The fine details overall change for each one of us, but I believe personally there are just some things we’re ALL asked to do.  Now I’m going to be referring to a set of tools from Quest software called the ActiveRoles Management Shell for Active Directory when working with Pre Server 2008R2 environments and the newer built in ones from Microsoft.  Which should you use?  The choice is obvious. 


Continue reading PowerShell Basics–Part 1

Output PowerShell to HTML

PowerShell offers a number ways to export data, one of the easiest to read is in an HTML file. The ConvertTo-HTML cmdlet allows you to export your data requests to a portable HTML file.

In the following examples I am going to take one of the previous commands we looked at in an earlier PowerShell article called Get-Process which lists all processes running. We are going to pipe the output from that command to the ConvertTo-HTML cmdlet and specify a location to save it to.

Get-Process | ConvertTo-HTML | Set-Content c:process-report.html

We can take this one step further and sort the table so it is a little easier on the eyes.

Get-Process | ConvertTo-HTML name, path | Set-Content c:process-report.html

Finally we can add a title with the -title switch.

Get-Process | ConvertTo-HTML name, path -title “Process List” | Set-Content c:process-report.html

Go ahead and try

Continue reading Output PowerShell to HTML

MSH Profiles

MSH is highly customizable through the use of profiles. MSH profiles are not created by default, however, you can create them easily enough and customize your MSH enviroment.

To create a MSH profile, simply open up a text editor, enter in the variables you wish to include in your customization and save the file as My DocumentsMSHprofile.msh. The profile can contain any combination of MSH cmdlets and is useful for setting aliases, buffersize and providing general information when you start MSH.


The next time you start MSH, the profile will be loaded and your customizations will be available.

If you are like me, you will probably end up with a massive, complex profile. To manage this better, you can seperate the sections into seperate files, like aliases.msh, functions.msh, personal.msh etc… These multiple aliases can then be loaded into the master

Continue reading MSH Profiles