Shopping Cart

PowerWF News, Tutorials, and more...

Get the latest tips and tricks directly from the PowerWF development team. Find out about new releases and upcoming features.


Seamless Automation

From the Desktop to the Data Center

The PowerWF family of products are easy enough for desktop and departmental automation, yet powerful and scalable enough for the Data Center. PowerWF compliments Opalis and other RBA solutions, lets you leverage your workforce and preserves your investment as your automation needs grow.

Download Free Trial

Special - 20% Discount


In conjunction with our recently announced Silver Award from Windows IT Magazine we would like to offer our customers an opportunity to save 20% off any Devfarm product purchase through the end of the year. This includes all PowerWF products as well as Devfarm's new PowerVI product!
Request A Quote

PowerVI

vSphere Automation fueled by PowerShell


Designed for the VMware Administrator, PowerVI eases the automation of vSphere infrastructures. PowerVI includes over 100 PowerShell automation scripts that simplify everyday VMware administration tasks and PowerVI makes it easy to author new scripts.
Learn More
February 15, 2012

Domain Groups and PowerShell

Jason Hofferle has a nice post on Adding Domain Groups to Local Administrators Group with PowerShell.  Basically Jason ran into a problem adding domain groups with long names using NET.EXE, so he had to come up with a PowerShell solution.

That’s right, the NET.EXE /ADD command does not support names longer than 20 characters. If net localgroup /add is being used in a computer startup script, the groups with long names just won’t be added.

So the traditional batch file startup script was replaced with a PowerShell startup script,

(read more and get script)



October 10, 2011

PowerShell & PowerCLI One Liners

Posted:    Oct 5, 2011 
Updated:  Oct 10, 2011



October 4, 2011

PowerShell for Active Directory Primer

Scripting Guy Ed Wilson has a nice primer on the cmdlets available for Active Directory.  It starts with this problem set-up:

Hey, Scripting Guy! I recently inherited an Active Directory. By this, I mean the network administrator quit. He did not give any notice, and it appears he took any documentation he may have created vanished with him. He may have been abducted by Martians (there seems to be quite a bit of this going on at work) for all I know. Anyway, I need a good way to easily discover information about the domain, and the forest

Ed responds with a nice Active Directory primer that discusses:

  • Connecting to the Domain Controller using PowerShell Remoting
  • Using WMI to get the Operating System Information (Ed can’t write a post that doesn’t show the magic of WMI)
  • Using several cmdlets from the ActiveDirectory module
    • Get-ADForest
    • Get-ADDomain
    • Get-ADDefaultDomainPasswordPolicy
    • Get-ADDomainController


September 28, 2011

Query Key Machine Information Using PowerShell

Scripting Guy Ed Wilson wrote a couple of articles on using PowerShell and WMI to query all the machines on a network for key information.  The article makes use of:

The first article discusses getting the basic information from each machine.  Ed walks through using WMI to get processor information and querying Active Directory to find a list of machines to look at.  He also discusses testing a connection to the machines and using cached credentials to connect to the machines.

The second article uses a separate WMI query to determine operating system information.  After querying the correct information, Ed creates a custom PSObject to hold the combined hardware and software (OS) data.

Read More



September 25, 2011

Active Directory Prep for Exchange 2010 Migration

Brien Posey at SearchExchange.com has a nice article on Preparing Active Directory using PowerShell as a preliminary step in Exchange 2010 migration.

Before performing an Exchange Server 2010 migration, you have to make sure Active Directory meets certain prerequisites. Thankfully, there are a number of PowerShell cmdlets to help you prepare your Active Directory forest for the move.

Validating your Active Directory forest
Before deploying Exchange Server 2010, your Active Directory forest must meet several different conditions:

  • There must be at least one global catalog server running Windows Server 2003 SP1 or higher. This server must also exist in the same site that the Exchange server gets installed on.
  • The Active Directory forest must run forest-functional level of Windows Server 2003 or higher.
  • The domain you’re going to install Exchange in must be Windows Server 2003 or higher.
  • The server with the schema master role must run Windows Server 2003 SP1 or higher.

Brien walks through each step, showing the PowerShell cmdlets to use (NOTE: you have to scroll to the bottom of the page to see the article).  It basically comes down to:

Get-ADForest | Format-List Name, GlobalCatalogs, ForestMode, Domains, SchemaMaster, Sites

Get-ADForest | Set-ADForestMode –ForestMode Windows2003Forest –Confirm:$True

Get-ADComputer –Filter {SamAccountName –EQ “<server name>$”} –Properties OperatingSystem, OperatingSystemServicePack | Format-List Name, OperatingSystem, OperatingSystemServicePack

Set-ADDomainMode –Identity <your domain’s FQDN> –DomainMode Windows2003Domain

Get-ExchangeServer | Format-List Name, ServerRole, Edition, AdminDisplayVersion

Basically this checks your current configuration and then sets it to the desired configuration. You should really read the whole article for details about what each cmdlet does and why these steps are performed.



August 24, 2011

PowerShell One Liner - Remove Expired AD Certificates

At the PowerShell Crypto Guy’s weblog, Vadims Podans has a nice PowerShell one liner for removing expired certificates from Active Directory.

Get-QADUser | Remove-QADCertificate -Valid:$false

Note: this requires the Quest Active Directory PowerShell Module.

Quick summary -

By default when user requests an authentication and/or encryption certificate from an Enterprise CA it is published to userCertificate property under user account in Active Directory. Published authentication certificate is used for certificate mapping to a user account (or group) and are used by domain controllers during certificate-based authentication. Encryption certificates can be used to provide an access to certain encrypted content. In the case of secure email, sender retrieves recipient’s certificate from Active Directory and uses it for mail message encryption purposes. The same process occurs when a user want to provide an access to encrypted file (EFS) for another user. Retrieved certificate is used to re-encrypt symmetric encryption key material.

The negative side here is that certificates sometime expires. If existing certificate is renewed it is added to the userCertificate attribute and expired certificates are not replaced. Certain applications can filter expired certificates and display/select only valid certificates. However other applications may not. In the large environments expired certificates increases Active Directory replication traffic. As the result certain companies performs sanity certificate cleanup on a regular basis.



Terms of Use  - Privacy Policy -  ©2010 Devfarm Software. All rights reserved.