We're looking around at SAN's, because our SAN is just out of headroom performance-wise. We have oodles of space but not enough IO. One idea put forth was to shut down VMs when they aren't doing anything and then power them on well before they're needed again. "I can totally handle this", I thought, with the command shutdown-vmguest already bouncing around in my head. Shutdown-vmguest is a VMware PowerCLI command that.... shuts down guest VMs. I love how command names are so intuitive. The verb-noun system is really great.
So the next issue with creating a PowerCLI script that accomplishes this is passing credentials. I hate working with credentials in Powershell, I really do. Then, I remember that vCenter can schedule tasks on its own! I poke around in the interface, because I pretty much hang out in Hosts and Clusters all the time, with only a brief foray into the Datastores section. Lo and Behold, there are Scheduled Tasks! And setting it up was stupid easy!
The moral of the story is that sure, Powershell can do everything (yes, including your dishes). It's easy to go to it for everything, but even with its seemingly unlimited OneRing-like power, you STILL need to step back and evaluate the best tool for the job.
Happy Holidays everyone!
Monday, December 24, 2012
Saturday, December 22, 2012
Restore Deleted Items from a Public Folder
An employee exiting the organization decided to "clean up" some files they thought that no one was using. So they deleted a bunch of stuff in some public folders. Yes, we are running Exchange 2010 SP1 with fricking public folders still. Maybe next year we'll get a new fax solution that works differently, but for now we have what we have.
I found a great utility to restore files deleted from public folders and it worked great. The program is stupid easy to use, but after extraction you must follow the instructions in the readme.txt to get it to work. I'm not even going to explain how to use it.
It's called ExFolders and can be downloaded from Microsoft Technet here. You can read some in-depth analysis regarding it at the Exchange Team Blog here.
I found a great utility to restore files deleted from public folders and it worked great. The program is stupid easy to use, but after extraction you must follow the instructions in the readme.txt to get it to work. I'm not even going to explain how to use it.
It's called ExFolders and can be downloaded from Microsoft Technet here. You can read some in-depth analysis regarding it at the Exchange Team Blog here.
Thursday, December 20, 2012
Failed Login Attempts - The Second Half
So I got all giddy regarding my creation of a script that would email me the previous day's failed logins, and blogged about it before real world testing had occurred The results were that ElDump only works with Windows 2003. I tried to get a good get-eventlog dump out of my 2008R2 domain controllers for quite some time. A couple of observations: Why does it take so long to get-eventlog remotely? Also, why don't they split up sections in an event's message property to be more accessible? Perhaps every hard-return in the message field could be delineate another element in an array? But, I digress.....
In the end, it was a post I found on the Spiceworks Community (GREAT resource by the way) that gave me what I needed. The following script builds on what I found in the original post. So, a big shout-out to B-Rad2011. Ninety percent of this is his, but I will take credit for adding a column to the output telling which hostname the user failed to log in from instead of only giving the IP address. I learned how to do reverse DNS lookups here.
#Here we flesh out some variables
$Date= Get-date
$DC= "2K8R2.foo.org"
$Report= "c:\temp\report.html"
#Here we create a web template
$HTML=@"
<title>Event Logs Report</title>
<style>
BODY{background-color :#FFFFF}
TABLE{Border-width:thin;border-style: solid;border-color:Black;border-collapse: collapse;}
TH{border-width: 1px;padding: 1px;border-style: solid;border-color: black;background-color: ThreeDShadow}
TD{border-width: 1px;padding: 0px;border-style: solid;border-color: black;background-color: Transparent}
</style>
"@
#Get the event log, then extract some properties
$eventsDC = Get-Eventlog security -Computer $DC -InstanceId 4771 -After (Get-Date).AddDays(-1) |
Select TimeGenerated,ReplacementStrings |
% {
$IPAddress = (($_.ReplacementStrings[6]).Remove(0,7))
$Hostname = ([System.Net.Dns]::GetHostByAddress($IPAddress) | select Hostname)
$hostname = (($Hostname.hostname).replace(".foo.org",""))
New-Object PSObject -Property @{
UserName = $_.ReplacementStrings[0]
Source_Computer = $hostname
IP_Address = (($_.ReplacementStrings[6]).Remove(0,7))
Date = $_.TimeGenerated
} #End NewObject -Property
} #End Foreach
#Inject the object created above into an HTML page
$eventsDC | ConvertTo-Html -Property Date,Source_Computer,IP_Address,UserName -head $HTML -body "<H2>Generated On $Date</H2>"| Out-File $Report -Append
#Mail the page, and then delete the original
$Text = "Password Failures from $DC"
Send-Mailmessage -from "administrator@foo.org" -to administrator@foo.org -subject $Text -smtpserver MailServer01 -body $Text -attachments $Report
del $report
In the end, it was a post I found on the Spiceworks Community (GREAT resource by the way) that gave me what I needed. The following script builds on what I found in the original post. So, a big shout-out to B-Rad2011. Ninety percent of this is his, but I will take credit for adding a column to the output telling which hostname the user failed to log in from instead of only giving the IP address. I learned how to do reverse DNS lookups here.
#Here we flesh out some variables
$Date= Get-date
$DC= "2K8R2.foo.org"
$Report= "c:\temp\report.html"
#Here we create a web template
$HTML=@"
<title>Event Logs Report</title>
<style>
BODY{background-color :#FFFFF}
TABLE{Border-width:thin;border-style: solid;border-color:Black;border-collapse: collapse;}
TH{border-width: 1px;padding: 1px;border-style: solid;border-color: black;background-color: ThreeDShadow}
TD{border-width: 1px;padding: 0px;border-style: solid;border-color: black;background-color: Transparent}
</style>
"@
#Get the event log, then extract some properties
$eventsDC = Get-Eventlog security -Computer $DC -InstanceId 4771 -After (Get-Date).AddDays(-1) |
Select TimeGenerated,ReplacementStrings |
% {
$IPAddress = (($_.ReplacementStrings[6]).Remove(0,7))
$Hostname = ([System.Net.Dns]::GetHostByAddress($IPAddress) | select Hostname)
$hostname = (($Hostname.hostname).replace(".foo.org",""))
New-Object PSObject -Property @{
UserName = $_.ReplacementStrings[0]
Source_Computer = $hostname
IP_Address = (($_.ReplacementStrings[6]).Remove(0,7))
Date = $_.TimeGenerated
} #End NewObject -Property
} #End Foreach
#Inject the object created above into an HTML page
$eventsDC | ConvertTo-Html -Property Date,Source_Computer,IP_Address,UserName -head $HTML -body "<H2>Generated On $Date</H2>"| Out-File $Report -Append
#Mail the page, and then delete the original
$Text = "Password Failures from $DC"
Send-Mailmessage -from "administrator@foo.org" -to administrator@foo.org -subject $Text -smtpserver MailServer01 -body $Text -attachments $Report
del $report
Sunday, December 16, 2012
WSUS - Who approved THAT update?
Stumbled across a neat little tool last week. This tools goes through your WSUS log file to tell you who approved a certain update. It's called the WSUS Approval History Log.
Subscribe to:
Posts (Atom)