PowerShell: Add Users to Active Directory Group from Text File

Posted on July 24, 2014 by pcgeek86

A customer recently requested a PowerShell script, to add Active Directory users to a security group. The list of users would come from a text file that resides on the filesystem. To that end, I wrote a short PowerShell script that does just that, complete with parameter validation.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

#requires -version 4.0
#requires -Module ActiveDirectory
param (
[Parameter(Mandatory = $true)]
[ValidateScript({ if (Get-ADGroup -Identity $PSItem) { $true; }; })]
[string] $GroupName
, [Parameter(Mandatory = $true)]
[ValidateScript({ Test-Path -Path $PSItem; })]
[System.IO.FileInfo] $Path
)

$UserList = Get-Content -Path $Path;
foreach ($User in $UserList) {
$ADUser = Get-ADUser -Identity $User -ErrorAction SilentlyContinue;
if ($ADUser) {
Add-ADGroupMember -Identity $GroupName -Members $ADUser;
}
$ADUser = $null;
}

Using the Script

Running script from PowerShell ISE

To use the script from PowerShell Integrated Scripting Editor (ISE), follow these steps:

Create a text file (eg. c:\test\UserList.txt) and add one user account to each line
Launch the PowerShell ISE
Copy and paste the script into the PowerShell ISE, and press F5 to invoke it
You will be prompted for the Active Directory security group’s name
You will be prompted for the full path to the text file that contains the list of users

Alternatively, you can follow these steps to execute the script from the PowerShell console:

Create a text file (eg. c:\test\UserList.txt) and add one user account to each line
Save the script to a file with a .ps1 extension (eg. c:\test\AddADGroupMembers.ps1)
From a PowerShell console prompt, use either call operator (& or .) to invoke the script
You will be prompted for the Active Directory security group’s name
You will be prompted for the full path to the text file that contains the list of users

1	& c:\test\AddADGroupMembers.ps1

PowerShell 4.0: Obscure DSC Errors

Posted on July 22, 2014 by pcgeek86

WS-Management Error

DSC Error – Unrecognized Argument

While playing around with PowerShell’s Desired State Configuration (DSC) feature this evening, I discovered a rather odd error message. I was developing a custom DSC resource, and attempting to use it in a Configuration block. When attempting to call Start-DscConfiguration, the error I received was:

The WS-Management service cannot process the request. The object contains an
unrecognized argument: “ConfigurationData”. Verify that the spelling of the
argument name is correct.
+ CategoryInfo : ProtocolError: (root/Microsoft/…gurationManager:St
ring) [], CimException
+ FullyQualifiedErrorId : HRESULT 0×80338041
+ PSComputerName : client01

While it doesn’t seem very clear, it seems that this error crops up if you’re running PowerShell ISE as a non-administrator. Make sure that you launch your PowerShell host, whichever application that might be, as Administrator, when you call Start-DscConfiguration.

Access Denied

Another somewhat similar situation is when you’re running PowerShell ISE as non-administrator, you’ll get a much more friendly error message that indicates access is denied.

The WS-Management service cannot process the request. The WMI service returned an ‘access denied’ error.
+ CategoryInfo : PermissionDenied: (root/Microsoft/…gurationManager
:String) [], CimException
+ FullyQualifiedErrorId : HRESULT 0×80338104
+ PSComputerName : client01

Get-TargetResource Error

After launching PowerShell ISE as Administrator, to resolve the two earlier DSC error messages, I came across another error. This one was fairly self-explanatory, but kinda hard to figure out the root cause of. I came across a post by Steven Murawski, who suggested that it was a problem with the new-line characters in Git. Coincidentally, I had my custom DSC resource in a Git repository, so it is quite possible that this is true. However, I couldn’t seem to fix my module manifest to make PowerShell happy, so instead I simply removed the module manifest file (.psd1) for the time being. The error message was:

Failed to get exported command Get-TargetResource from module ConfigMgr_Application. Please check the module definition.
+ CategoryInfo : InvalidOperation: (root/Microsoft/…gurationManager:String) [], CimException
+ FullyQualifiedErrorId : GetTargetResourceCommandNotFound
+ PSComputerName : client01

Could Not Get Module

Yet another error message I came across has pretty sparse information about it, but was successfully resolved by rebooting the Windows operating system on the problematic machine. In this case, it was a vanilla Windows 8.1 client (virtual machine) running PowerShell 4.0. It’s crazy that rebooting a system can resolve transient error messages these days, but … it is what it is, I guess. Here is Jacob Benson’s blog, which mentions the error.

Could not get the module with the following name: ConfigMgr_Application. Check if the module exists under PSModulePath.

Decentralized Revision Control Tooling on Windows

Posted on July 2, 2014 by pcgeek86

Today I’d like to take a few minutes to talk about setting up Git for your development projects on the Windows platform. I’ve long been a fan of Mercurial, because the installation process is easy, and the tooling is native to the Windows platform. While Git and Mercurial are very similar version control tools, GitHub appears to be a stronger community hub, compared to Mercurial hosting sites like CodePlex and Bitbucket, and it’s worthwhile getting familiar with it.

Mercurial Tooling

As I stated before, Mercurial is very easy to install on Windows, and it doesn’t have any additional dependencies that you have to worry about manually installing. While Mercurial itself is a command line tool, there’s also a project called TortoiseHg that offers GUI screens to perform common source control tasks, including: commits, file adds/removes, branching, repository configuration, and so on. In addition, TortoiseHg enables some handy Windows Explorer integration, namely overlay icons and context-sensitive context menu tools! Continue reading →

CU2 for System Center 2012 R2 Configuration Manager

Posted on June 27, 2014 by pcgeek86

Microsoft has just released Cumulative Update 2 (CU2) for System Center 2012 R2 Configuration Manager! I discovered this via a tweet from Robert Marshall, a Microsoft MVP in Enterprise Client Management (ECM). There are two Microsoft Support documents that detail the changes in CU2:

General fixes in the Configuration Manager product (KB2970177)
Improvements to the Configuration Manager PowerShell module (KB2962855)

Highlights

Some of the highlighted fixed/improvements from CU2 are as follows:

Content Management: Fix for an issue where Configuration Manager clients do not properly fall back to Distribution Points that are not preferred.
Content Management: Fix for: Driver packages cannot be downloaded to Pull Distribution Points when the name of the source share ends in a backslash character.
Remote Control: Fix for: A paste operation fails when you try to copy files from a Windows Server 2012 R2 computer to a Windows 8.1 client computer in a Configuration Manager Remote Control session
Admin Console: When you view the Primary Device that is associated with a user, you may see other devices that have the same name, even if they are associated with a different user.

Automating the Lync Client with PowerShell

Posted on June 26, 2014 by pcgeek86

You love PowerShell, right? And you love the Microsoft .NET Framework? Are you setting out to automate the Microsoft Office 2013 Lync Client with PowerShell? If you answered “yes” to the last three questions, then you’ve come to the right place! We’re going to take a look at how to get started automating the Lync 2013 client using PowerShell! Thanks to PowerShell’s direct support for Microsoft .NET Framework types, we can easily manage Lync Client functions from PowerShell, much in the way that C# developers can!

Download and Install the SDK

The first thing you need to do is go out to Microsoft’s download site and grab the Lync 2013 SDK. The installation process is fairly painless, so just click “Next” through it. By default, the installation path is: %ProgramFiles(x86)%\Microsoft Office\Office15\LyncSDK.

The root folder of the Lync 2013 SDK.

When you install the Microsoft Lync 2013 SDK, what you get is basically a series of Microsoft .NET assemblies (aka. .NET libraries) that allow you to perform automation functions on the Lync 2013 Client! Additionally, there is a CHM (compiled HTML help) file that contains some detailed documentation on how to utilize the SDK. If you’re interested in developing, get used to reading documentation!

Continue reading →

ConfigMgr OSD: Dynamically Named WIM Captures with PowerShell

Posted on May 22, 2014 by pcgeek86

In the context of the Operating System Deployment (OSD) feature in Microsoft System Center Configuration Manager (ConfigMgr), it is common that customers will perform a “build & capture” of their target operating system, and then deploy new computers using that reference (aka. “gold” or “base”) WIM image. This process is typically automated through a build & capture task sequence. The last step of a build & capture task sequence is typically the Capture Operating System task sequence item.

Capture Operating System

Within the configuration of the Capture Operating System task sequence step, most users of ConfigMgr will simply specify a static path to the destination of the resulting WIM image. This static naming can cause conflicts if the task sequence is executed multiple times, without first renaming the target file. Additionally, the same scenario can occur if the build & capture task sequence is executed on multiple, distinct systems simultaneously.

Continue reading →

Failure connecting to Azure point-to-site VPN

Posted on May 6, 2014 by pcgeek86

I’m trying to set up an Azure point-to-site VPN connection, and I’m receiving the following error: “The remote access connection completed, but authentication failed because the certificate that authenticates the client to the server is not valid. Ensure that the certificate used for authentication is valid. (Error 853).” I ran through the MSDN documentation that talks about generating a self-signed root certificate, and then generating a client VPN certificate (with a private key / PFX), from that self-signed root.

Azure Virtual Network Point-to-Site Failure For some reason, it seems that the VPN connection is not finding the correct certificate to use for establishing a secure tunnel.

I found some directions on the Microsoft TechNet forums to manually create a VPN connection, instead of using the pre-packaged VPN settings from the Azure Portal. When using a manually created VPN connection, that points to the Azure gateway DNS address, you have the option of selecting a certificate, from the CurrentUser certificate store, to use during the connection. I like this method better than using the Azure VPN package, because it feels more “native” to the Windows operating system. When you’re using the Azure automatically-created VPN connection, you don’t get the same level of control over the VPN connection configuration. 2014-05-06 EapHost Certificate Error Azure VPN

When establishing the VPN connection, here’s what it looks like in Windows 8.1:

When I explored the EapHost event log in the event viewer, I noticed the following error:

EapHostPeerGetResult returned a failure.
Eap Method Friendly Name: Microsoft: Smart Card or other certificate
Reason code: 2148074252
Root Cause String: The authentication failed because the user certificate required for this network on this computer is invalid

Repair String: Choose a different and valid certificate for authentication with this network.
If this is not helpful, contact your network administrator for further assistance.

As of this point, I have not come up with a solution to this problem, and cannot find much information online about it. When I find a solution, I will be sure to update this post.

UPDATE: The problem seems to have fixed itself. I am now able to connect to the Virtual Network.

Cheers,
Trevor Sullivan
Microsoft PowerShell MVP

Microsoft Azure Visio Stencils

Posted on May 5, 2014 by pcgeek86

Are you looking for Microsoft Office Visio stencils, or PNG icon sets, for Microsoft Azure? Perhaps you’re building an architectural diagram or writing technical documentation. Either way, Microsoft has recently made available an updated set of Visio stencils, PNG icons, and a Microsoft PowerPoint slide deck to preview them all! Head over to the Microsoft download page, and get them while they’re fresh!

PLA Blog Entries

Posted on March 10, 2014 by pcgeek86

Over the past eight months or so, I’ve posted some articles over at the Project Leadership Associates (PLA) blog. This post is a listing of them, and direct links to each post.

Microsoft Windows General

Fixing Windows Remote Management on Domain Controllers
Windows 8.1: Disable SkyDrive (now known as Microsoft OneDrive)
Lync 2013 Client: Missing DLL

System Center 2012 Configuration Manager

System Center 2012 Configuration Manager Reporting Problem
Microsoft System Center 2012: Testing Configuration Manager Endpoint Protection
Configuration Manager 2012 SP1 & PowerShell Remoting
System Center 2012 Configuration Manager Global Conditions
Adventures in ConfigMgr 2012 Application Uninstallation
Using WinPE 5.0 with Configuration Manager 2012
System Center 2012: Configuration Manager Global Condition for Group Membership

ConfigMgr: A Couple of Client Tweaks via PowerShell

Posted on May 22, 2013 by pcgeek86

Disable WINS Lookup via PowerShell & WMI

If you’re running Microsoft System Center Configuration Manager, you probably don’t need to be using the WINS lookup for Server Locator Points. Normally, you’d have to de-install the ConfigMgr client, and then re-install it with the SMSDIRECTORYLOOKUP=NOWINS MSI property. If you don’t want to do that, and want to disable the WINS lookup feature on your existing client base, you can use PowerShell to achieve this.

1
2
3

$DirectoryLookup = Get-WmiObject -Namespace root\ccm\policy\machine\actualconfig -Class CCM_DirectoryLookup_Configuration;
$DirectoryLookup.LookupFlags = 1;
$DirectoryLookup.Put();

Verification

After configuring this setting, you can restart the SMS Agent Host service by running the following command:

1	Restart-Service -Name ccmexec;

Open up the LocationServices.log client log file, and search for the text: Policy disallows failing over to WINS..

If you see that message showing up in the logs, then you should be all set!

Enabling Verbose Logging via PowerShell & WMI

Another post-installation trick you can do for Microsoft System Center Configuration Manager clients is enable verbose logging via the Windows Management Instrumentation (WMI) service. Check out this quick PowerShell script to achieve this: