2011/01/31

Powershell - SYDI - Convert all my XML to DOC Files

SYDI is a script which collects information from your servers and networks, then writes the data to a report (XML, DOC or HTM File)

In my case i collected all the information into XML Files. Then i needed to convert those XML files to DOC files.

#


# ==============================================================================================
# 
# Microsoft PowerShell Source File
# 
# NAME: SYDI-Convert_XML_files_To_DOC.ps1
# 
# AUTHOR: [email protected]
# DATE  : 1/26/2011
# 
# COMMENT: Convert all the XML files in the folder XML to a DOC file and output in DOC folder
# 
# ==============================================================================================

###################
## CONFIGURATION ##
###################

$PathToSYDI = "c:\sydi"
$PathToXML = "c:\sydi\xml"
$PathToDOC = "c:\sydi\doc"
$PathToTOOLS = "c:\sydi\tools"
$WaitTimeSecs = 10

############
## SCRIPT ##
############

# Get listing of XML files
$XMLList=gci $PathToXML

# Get the count of files in $PathToXML
$count_xml = gci $PathToXML\ | measure
$TotalFilesXML=$count_xml.count

# Create a counter to show in the loop (foreach)
$counter = 0

# Show the count of files
Write-Host "Total XML Files:" $TotalFilesXML

# Start the Loop
Write-Host "Start - XML to DOC"
gci $PathToXML\|sort | `
foreach {
$counter++
$fichier = $_.name
$fichierBasename = $_.basename
$fichierCreatedOnYEAR=$_.lastwritetime.Year
$fichierCreatedOnMONTH=$_.lastwritetime.Month
$fichierCreatedOnDAY=$_.creationtime.Day

Write-Host "# $counter of $TotalFilesXML"
Write-Host "Current file: $fichier"
Write-Host "XML File Creation time of the $fichier is $fichierCreatedOnYEAR-$fichierCreatedOnMONTH-$fichierCreatedOnDAY"

# Run SYDI
cscript "$PathToTOOLS\ss-xml2word.vbs" "-d" "-x$PathToXML\$fichier" "-l$PathToTOOLS\lang_english.xml" "-o$PathToDOC\$fichierBasename-$fichierCreatedOnYEAR-$fichierCreatedOnMONTH-$fichierCreatedOnDAY.doc"

Write-Host "DOC File saved as: "+"$PathToDOC\$fichierBasename-$fichierCreatedOnYEAR-$fichierCreatedOnMONTH-$fichierCreatedOnDAY.doc"

# Show again the counter
Write-Host "#$counter of $TotalFilesXML"

# Timeout to make sure the sydi is done.
Write-Host "Next in $WaitTimeSecs secs..."
Start-Sleep $WaitTimeSecs

# Kill winword to make sure the script dont launch multiple process
Write-Host "Killing process winword.exe"
Stop-Process -Name "winword" -Force

}

# Count DOC Files
$count_DOC = gci $PathToDOC\ | measure
$TotalFilesDOC=$count_DOC.count

# Get listing of DOC Files
$DOCList=gci $PathToDOC

Write-Host "Total DOC Files:"$TotalFilesDOC
Write-Host "Total XML Files:"$TotalFilesXML



2011/01/28

Use PowerShell to enumerate info from your Certificate Server

Source

#
#

Function Get-CertInfo($server) {
 $CA=$Server
$CaView = New-Object -Com CertificateAuthority.View.1
$CaView.OpenConnection($CA)
$NumberOfColumns=8
$CaView.SetResultColumnCount($NumberOfColumns)
$Index0 = $CAView.GetColumnIndex($False, "CommonName")
$Index1 = $CAView.GetColumnIndex($False, "Email")
$Index2 = $CAView.GetColumnIndex($False, "NotAfter")
$Index3 = $CAView.GetColumnIndex($False, "Country")
$Index4 = $CAView.GetColumnIndex($False, "Organization")
$Index5 = $CAView.GetColumnIndex($False, "OrgUnit")
$Index6 = $CAView.GetColumnIndex($False, "DistinguishedName")
$Index7 = $CAView.GetColumnIndex($False, "Disposition")
 
$CAView.SetResultColumn($Index0)
$CAView.SetResultColumn($Index1)
$CAView.SetResultColumn($Index2)
$CAView.SetResultColumn($Index3)
$CAView.SetResultColumn($Index4)
$CAView.SetResultColumn($Index5)
$CAView.SetResultColumn($Index6)
$CAView.SetResultColumn($Index7)
 
 
$RowObj= $CAView.OpenView()
[void]$RowObj.Next()
$Cert="IssuingCA,CommonName,Email,NotAfter,Country,Organization,OrgUnit,DistinghuishedName,Disposition`n"
 
Do
{
$Cert= $Cert + $srv + ","
$ColObj = $RowObj.EnumCertViewColumn()
[void]$ColObj.Next()
 
Do {
$Cert = $Cert + $ColObj.GetValue(1) + ","
 
} Until ($ColObj.Next() -eq -1)
 
Clear-Variable ColObj
$Cert=$Cert+"`n"
 
} Until ($Rowobj.Next() -eq -1 )
  
 
Return $Cert
}
#
#



VBSCRIPT VERSION:

Const CV_OUT_BASE64 = &H1

'THIS IS THE \CAName
CAName = "MyMachine\SpatCA" '=======>> CHANGE THIS TO THE CORRECT MACHINE\CA==


'create the CAView object
set oCAView = CreateObject("CertificateAuthority.View.1")


'open the connection to the Machine\CA
oCAView.OpenConnection (CAName)

'retrieve specific columns from DB
oCAView.SetResultColumnCount(3)
Index0 = oCAView.GetColumnIndex(False, "CommonName")
Index1 = oCAView.GetColumnIndex(False, "Email")
Index2 = oCAView.GetColumnIndex(False, "NotAfter")


oCAView.SetResultColumn (Index0)
oCAView.SetResultColumn (Index1)
oCAView.SetResultColumn (Index2)


'open the view
Set RowObj= oCAView.OpenView




Do Until RowObj.Next = -1

Set ColObj = RowObj.EnumCertViewColumn()

Do Until ColObj.Next = -1
wscript.echo ColObj.GetValue(CV_OUT_BASE64) & vbcrlf
'insert logic for checking date to
'current and if near\past send mail.
'see http://www.paulsadowski.com/WSH/cdo.htm
'for a number of examples of mail send info
'Obviously you may want to use the cert email
'attribute to send the mail
Loop

Set ColObj = Nothing

Loop

Compare two users accounts

#
Add-PSSnapin Quest.ActiveRoles.ADManagement
function Compare-ADUserGroups
{
 #requires -pssnapin Quest.ActiveRoles.ADManagement
 param (
  [string] $FirstUser = $(Throw "SAMAccountName required."),
  [string] $SecondUser = $(Throw "SAMAccountName required.")
 )

 $a = (Get-QADUser $FirstUser).MemberOf
 $b = (Get-QADUser $SecondUser).MemberOf
 $c = Compare-Object -referenceObject $a -differenceObject $b
 $c
 
}


Compare-ADUserGroups -firstuser useraccount1 -SecondUser useraccount2|fl
#
#

2011/01/24

Protecting OU from accidental deletion

Source

When you create new Organizational Units in Active Directory Users And Computers (ADUC) in Server 2008 (or with RSAT on 2003 domains), ADUC gives you the option to protect the OU from accidental deletion.

ou

When this option is selected, ADUC updates the security descriptor of the object and, potentially, its parent, with Deny ACE for the Everyone domain group, which denies all administrators or users of this domain and domain controller the ability to delete this object.

Note: This setting does not provide protection against accidental deletion of a subtree that contains the protected object. Therefore, it is recommend that you enable this setting for all the protected object's containers up to the domain naming context head.

If you try to delete the OU you’ll get the following dialog:

To unprotect a container uncheck the value from the object’s Object tab in ADUC. The Object tab is visible only whenAdvanced Features is selected on the View menu. 

object

With PowerShell and Quest AD cmdlets we can enable or disable OU protection with a single line of code!

Enable OU protection on all OUs

Get-QADObject –SizeLimit 0 -Type OrganizationalUnit | Add-QADPermission -Deny -Account Everyone -ApplyTo ThisObjectOnly -Rights DeleteTree,Delete

Enable protection for specific OU

Add-QADPermission -Identity 'DistinguishedNameOfTheOU' -Deny -Account Everyone -ApplyTo ThisObjectOnly -Rights DeleteTree,Delete

Remove protection for specific OU

Get-QADPermission -Identity 'DistinguishedNameOfTheOU' -Deny -Account Everyone -ApplyTo ThisObjectOnly | Remove-QADPermission

2011/01/23

Find computers joined to the domain by a specific user

##
## Find computers joined to the domain by a specific user

$UserName = Read-Host -Prompt "Enter username"
$UserSID = (Get-QADUser -Identity $UserName -IncludeAllProperties).objectsid

Get-QADComputer -SizeLimit 0 | Where-Object {$_.'mS-DS-CreatorSid' -eq $UserSID} | `
ft Name
#
#


salut

2011/01/12

Powershell - Get files or Folder list

Directories: get-childitem . -recurse|where{$_.PsIsContainer}
Files: get-childitem . -recurse|where{!$_.PsIsContainer}

2011/01/06

Active Directory - Delegate Remote Access Permission

Here are the steps I completed to do this. And yes it works through
ADUC.

ManageDialin

 
Note: this model requires editing the C:\windows\system32\DSSEC.DAT
file on the DC that you are running ADUC on. See
http://support.microsoft.com/?id=296490 for more details. In short,
some of the rights that need to be delegated are filtered out from the
list by default. Edit the file so that these permissions are no longer
filtered (set them from 7 to a 0):
 

1. Set the following values to 0 under the [user] area in the file (not
under [computer]):
" msNPAllowDialin=0
msNPCallingStationID=0
msNPSavedCallingStationID=0
msRADIUSCallbackNumber=0
msRADIUSFramedIPAddress=0
msRADIUSFramedRoute=0
msRADIUSServiceType=0

msRASSavedCallbackNumber=0
msRASSavedFramedIPAddress=0
msRASSavedFramedRoute=0"

 

2. Save the file and then open ADUC / run delegation wizard etc as
outlined below.
3. Specify the group to delegate to (DELG Group)
4. Select Create a custom task to delegate and select Next
5. Select Only the following objects in the folder
a. User objects
6. Select Next
7. Select General and Property-specific under Show these permissions
8. Select "Read and Write Remote Access Information"
9. Select the Read and Write checkboxes for all of the following
attributes
" msNPAllowDialin
msNPCallingStationID
msNPSavedCallingStationID
msRADIUSCallbackNumber
msRADIUSFramedIPAddress
msRADIUSFramedRoute
msRADIUSServiceType
msRASSavedCallbackNumber
msRASSavedFramedIPAddress
msRASSavedFramedRoute
userParameters"

 

10. Select Next
11. Review Summary and Select Finish to complete