Offline Domain Join - Recreating the Blob file using PowerShell

When you need to join a machine to the Active Directory It is a pretty straight forward task using either the User Interface or the PowerShell cmdlet available for that usage.

However in some situation you don't have network connectivity and need to rely on Offline Domain Join, using the Djoin.exe tool. Typically you use djoin in two phases. First you generates a provisioning file that you drop on a newly deployed machine. In the second phase you run djoin with the file as a parameter and the machine is joined to the domain without connection to the domain controller.

My problem
Using that same method, I recently had a tricky problem to solve. The environment where I was performing this was very locked down, not allowing me to copy files to the new provisioned machine.

Fortunately the system handling the deployment could perform action on other systems and gather data. I could rely on something like System Center Orchestrator (or SMA) and get the content of the Blob file over HTTP/HTTPS by invoking a runbook.

Recreating the djoin file with the content was a bit trickier. Djoin is really picky on how the file is created. (see here and here for more information)


Montreal PowerShell User Group #03 - Future of our user group

Join us for the Montreal PowerShell User Group #03 meeting on the Tuesday 24th of May 2016 from 6:00pm to 8:00pm at the Warner Brothers Games Studio.

Registration: Seats are limited, please RSVP on Meetup.com

This will be a social event, a bit different from the previous ones. We will discuss the future of the user group and gather your feedback.

There is no technical presentation planned but if the time permits it, you are welcome to show off/talk about some of your success stories using PowerShell or bring your scripts if you need help.

We plan to have some Pizza & Pop Corn!

More details on meetup.com

Hope to see you there!


Tuesday, 24th of May 2016 from 6:00pm to 8:00pm


Warner Brothers Games - 888 Maisonneuve Est - 6th Floor
Room: Jack Warner (In front of elevators)


Using Pester to test your Manifest File

In my previous post I got started with Pester and wrote my first test against the Comment Based Help of my module AdsiPS.

Next, I wanted to write a Pester test against the Manifest File of AdsiPS module. I want to make sure all the basic information of the module is referenced in this file. Mike Robbins wrote a great article on Dynamic Unit Tests where he is touching some of the points I want to cover today.

But before I get into the code, a small reminder on the Manifest file's role.

What is a Manifest File ?

A module manifest is a Windows PowerShell data file (.psd1) that describes the contents of a module and determines how a module is processed. The manifest file itself is a text file that contains a hash table of keys and values. You link a manifest file to a module by naming it the same as the module, and placing it in the root of the module directory.

For simple modules that contain only a single .psm1 or binary assembly, a module manifest is optional. However, it is recommended that you use a module manifest whenever possible, as they are useful to help you organize your code and to maintain versioning information. More info.
(You'll find at the end of this article the command that I use to generate my manifest.)


Using Pester to test your Comment Based Help

I remember attending a meeting on Pester presented by Dave Wyatt back in November 2014 during my first MVP Summit.

A couple of well known PowerShellers were there: Boe Prox, Emin Atac, Adam Driscoll, Mike Robbins, Fabien Dibot, Jan Egil Ring, Steve Murawski, ...  It was a great event, great to finally meet all those guys...

Anyway, at the time Pester looked pretty neat but since I only played with it a couple of times and never really invest or commit myself to create tests for each of my scripts or modules.

During the Microsoft MVP Summit 2014 week (Bellevue, WA, USA)
Evening event organized by Dave Wyatt on Pester.


Create a function/Cmdlet alias using the [Alias()] attribute

Just wanted to share a small PowerShell tips that Kirk Munro found.
You can declare a function or Cmdlet Alias using the following technique:

function Get-This
    PARAM (
    Write-Output "Param1 = $param1"

Get-That -Param1 "Hello World"

According to Jason Shirk this has been added in PowerShell v4.0:
"Support for the alias attribute on a function or cmdlet (works in C# too!) was added in V4.
It’s most valuable in a binary module because it’s harder to create aliases via IModuleAssemblyInitializer and when you do via that interface"


Active Directory - How to grant an account to use Sync-ADObject ?

During an onboarding process, I had to create some accounts on a remote site where the Exchange Role is installed. There, the account can be mail-enabled. We do this because the information will get replicated to Office365 faster and we will be able to proceed with other automated tasks.

Once the account is created, mail-enabled, sync to Office365, added to a couple of DLs, I needed to sync back the account to my local Domain Controller.

This can be done using the Cmdlet Sync-ADobject from the Active Directory module.

Of course you will need to give explicit permission to an account to perform this action else you will get the following message:

"Sync-ADObject : Insufficient access rights to perform the operation"

To grant permission, you'll need to launch the ADSIEdit tool and grant permission at the root of the domain for "Replication Synchronisation"

Once the permission granted, you'll see the following

Thanks for reading! If you have any questions, leave a comment or send me an email at fxcat@lazywinadmin.com. I invite you to follow me on Twitter @lazywinadm / Google+ / LinkedIn. You can also follow the LazyWinAdmin Blog on Facebook Page and Google+ Page.


PowerShell/SCSM - Get Review Activities Rejected in the last 60 days

In the following post I demonstrate how you can retrieve all the rejected Review Activities from the last 60 days. I also include the DisplayName, the Decision and the Comment of the Reviewer.

Hope this help some people out there.

# Smlets Module
Import-module -name smlets

# Capture the SR Failed Status
$RAStatusFailed = Get-SCSMEnumeration -Name ActivityStatusEnum.Failed$

# Capture the date from where we are searching
$RAModifiedDay = (get-date).Adddays(-60)

# Get the Manual Activity Class
$RAClass = Get-SCSMClass -Name System.WorkItem.Activity.ReviewActivity$

# Get the Criteria Class
$CriteriaClass = “Microsoft.EnterpriseManagement.Common.EnterpriseManagementObjectCriteria”

# Define the filter
$Filter = "Status = '$($RAStatusFailed.Id)' AND LastModified > '$RAModifiedDay'"

# Create the Criteria Object
$CriteriaObject = new-object $CriteriaClass $Filter,$RAClass

# Get the Reviewer relationship classes
$RAHasReviewerClass = Get-SCSMRelationshipClass System.ReviewActivityHasReviewer$
$ReviewerIsUserClass = Get-SCSMRelationshipClass System.ReviewerIsUser$

# Get the RA rejected in the last 60 days
Get-SCSMObject -criteria $CriteriaObject |
    ForEach-Object -Process {

        # Current Review Activity
        $RA = $_

        # Get the rejected review(s) on this RA
        $RejectedReview = Get-SCSMRelatedObject -SMObject $RA -Relationship $RAHasReviewerClass | Where {$_.decision.displayname -eq 'Rejected'}

        foreach ($item in $RejectedReview)
            # Get the reviewer information
$ReviewerObj = Get-SCSMRelatedObject -SMObject $Item -Relationship $ReviewerIsUserClass
            # Create a new PowerShell Object
                ReviewActivityName = $RA.Name
                ReviewerDisplayName = $ReviewerObj.displayname
                Decision = $item.decision.displayname
                Comments = $item.comments -as [string]
    }#| Format-List


PowerShell/SCSM - Get Manual Activities Completed per Assigned user in the last month

I wanted to expend a bit on the previous post which retrieved all the Manual Activities completed in the last month.

I want to go a step further and get the top Users who closed the most Manual Activities in that period.

# Smlets Module
Import-module -name Smlets

# Get the Manual Activity Class
$MAClass = Get-SCSMClass -Name System.WorkItem.Activity.ManualActivity$

# Get the Manual Activity Completed Status Enumeration
$MAStatusCompleted = Get-SCSMEnumeration -Name ActivityStatusEnum.Completed$

# Get the starting date from where we are searching
$MAModifiedDay = (Get-date).Adddays(-30)

# Get the Criteria Class
$CriteriaClass = "Microsoft.EnterpriseManagement.Common.EnterpriseManagementObjectCriteria"

# Define the Filter
$Filter = "Status = '$($MAStatusCompleted.Id)' AND LastModified > '$MAModifiedDay'"

# Create de Criteria Object
$CriteriaObject = new-object $CriteriaClass $Filter, $MAClass

# AssignedUser RelationshipClass
$RelationshipClass_AssignedUser = Get-SCSMRelationshipClass -Name System.WorkItemAssignedToUser$

# Search for Manual Activities, show the Ticket ID and the AssignedTo User's displayname
# Group per AssignedTo User and sort per Count
Get-SCSMObject -criteria $CriteriaObject|
    Select-Object -property Name, @{
            (Get-ScsmRelatedObject -SMObject $_ -Relationship $RelationshipClass_AssignedUser).displayname
    Group-Object -Property AssignedTo |
    Sort-Object -Property Count -Descending