Get SCCM collections with maintenance window set

$id = Get-CMDeviceCollection | Select -ExpandProperty CollectionID
foreach ($i in $id) {Get-CMMaintenanceWindow -CollectionID $i; $i}

Exchange 2013 DNS high availability best practices

Change internal and external URL for all virtual directories to the name of loadbalancer of CNAME DNS record (round robin), e.g.
mail.ocean.com

Then in powershell
Get-ClientAccessServer -id *2013* | fl *uri
Get-ClientAccessServer -id *2013* | set-ClientAccessServer -autodiscoverServiceInternalUri https://autodoscover.ocean.com/autodoscover/autodoscover.xml

This configures SCP (service connection point in AD)

For external autodiscover You should create DNS record that point to loadbalancer CNAME DNS record (round robin)

PowerShell display SCOM warnings generated by specific rule

These below are for only one specific computer *011sql* :
Get-SCOMAlert -criteria 'ResolutionState = "0" AND Severity = "1"'| where-object{($_.MonitoringObjectFullName -eq "Microsoft.SystemCenter.HealthService:SCOM_name.ocean.com" -AND $_.Description -like "*011sql*")} | select -ExpandProperty Description

And below I want to remove some text from the Description filed to get only computer name for the description field:
(((Get-SCOMAlert -criteria 'ResolutionState = "0" AND Severity = "1"'| where-object{($_.MonitoringObjectFull
Name -eq "Microsoft.SystemCenter.HealthService:SCOM.ocean.com" -AND $_.Description -like "*011sql*")}
 | select -ExpandProperty Description | Out-String).trim("Computer verification failure for Machine Name:")).Trim()).Trim(" is 0x800706BA. The RPC server is unavailable.")




This below is for all computers:
(Get-SCOMAlert -criteria 'ResolutionState = "0" AND Severity = "1"'| where-object{($_.MonitoringObjectFullNa
me -eq "Microsoft.SystemCenter.HealthService:SCOM.ocean.com" )} | select -ExpandProperty Description | Out-String) | foreach {$_ -replace "Computer verification failure for Machine Name: " -replace " is 0x800706BA.*"} >> scomWarComps.txt

Resolve all this specific warnings using below script:
$comps = gc scomWarComps.txt
foreach ($e in $comps) {
Get-SCOMAlert -criteria 'ResolutionState = "0" AND Severity = "1"'| where-object{($_.MonitoringObjectFullName -eq "Microsoft.SystemCenter.HealthService:SCOM.ocean.com" -AND $_.Description -like "*$e*")} | set-SCOMAlert -ResolutionState 255
}

Get all computers with IIS role installed using SCOM

Get-SCOMGroup -DisplayName "IIS 2003 c*" | Get-SCOMClassInstance | sort displayname | select -ExpandProperty displayname

Or using ServerManager module
Get-ADComputer  -SearchBase "OU=Windows Servers V2,OU=Servere,DC=ocean,DC=com" -filter * | format-table Name >> server_list.txt

$comp = gc "server_list.txt"
foreach ($entry in $comp) {
 write-host $entry
 Get-WindowsFeature -ComputerName $entry -Name "Web-Server" -ErrorAction SilentlyContinue
}

This one below gets events from event log (from each computer from iis2003.txt file generated in the previous script)

$comp = gc "iis2003.txt"

$path = "c:\temp\logs"

$Oct16 = get-date 10/16/2014

$Oct15 = get-date 10/15/2014

foreach ($entry in $comp) {

$fullname = $path + "\" + $entry + ".txt"

Get-EventLog -LogName system -ComputerName $entry -after $Oct15 -before $Oct16 | Where-Object {$_.eventID -eq '19'} | format-table -wrap >> $fullname

Get-EventLog -LogName system -ComputerName $entry -after $Oct15 -before $Oct16 | Where-Object {$_.eventID -eq '7036' -AND $_.Message -like "The World Wide Web Publishing Service service entered the stopped state."} | format-table -wrap >> $fullname

}

Suppress SCOM alerts - Windows Updates reboot

http://operatingquadrant.com/2009/08/15/scom-automatically-starting-maintenance-mode-when-servers-are-rebooted-for-patching/

Get SCCM site maintenance tasks from powershell (SCCM 2012)

1. Run 32-bit Powershell
2. Import-Module $env:SMS_ADMIN_UI_PATH\..\ConfigurationManager.psd1
3. Set-Location NSP:
note: NSP stands for SCCM Site Code
4. Get-CMSiteMaintenanceTask

Get and parse specific event logs from a list of computers

Below script is getting 4733 event (message field only) from security log from a list of computers

$comp = gc "server_list.txt"
$path = "c:\temp\logs"
foreach ($entry in $comp) {
$fullname = $path + "\" + $entry + ".txt"
Get-EventLog -LogName security -ComputerName $entry | Where-Object {$_.eventID -eq '4733'} | format-table -wrap -property Message >> $fullname
}

Then next script is used to parse these logs:

$comp = gc "c:\temp\nonEmpty.txt"

$path = "c:\temp\logs\nonEmpty"

foreach ($entry in $comp) {

$fullname = $path + "\" + $entry + ".txt"

$sid = gc $fullname | Select-String "Member:" -context 0,1 | % {$_.Context.PostContext}

$sidonly = foreach ($s in $sid) {

$s.remove(0,24)

}

$sid_tmp = $path + "\" + $entry + "_tmp.txt"

$sidonly | sort | get-unique | out-file -filepath $sid_tmp

$sid_path = $path + "\" + $entry + "_sid.ps1"

gc $sid_tmp | foreach {$_.TrimEnd()} | foreach {"([System.Security.Principal.SecurityIdentifier](""" + $_ +""")).Translate([System.Security.Principal.NTAccount]).Value"} | set-content $sid_path

}

As the output of this script there is a list of ps1 files created. When You lunch such file the output give You a list of user\group which was removed from local administrators group on specific server

Vritual Machine Manager 2012 R2 vs Vmware vCenter

VMM 2012 R2	vCenter
Dynamic Optimization	vSphere DRS
Power Optimization	vSphere DPM
Logical Switches	Distributed switches

Change partition letters using diskaprt script

cmd.exe /c diskpart /s "%scriptroot%\changepart.txt"

changepart.txt could looks like below:
select disk 1
online disk noerr
attributes disk clear readonly noerr
select volume 0
assign letter=Z noerr
select volume 2
assign letter=D noerr
exit

Rename administrator account using powershell script

powershell.exe -Command "set-ExecutionPolicy RemoteSigned -Force; cpi '%DEPLOYROOT%\Applications\RenameAccounts\RenameAccounts.ps1' -destination c:\; c:\RenameAccounts.ps1; ri c:\*.ps1 -Force"

Reboot remote computers

Tested psshutdown.exe and there is a problem on 64bit machines - the message for users is not displayed. This is known case (http://forum.sysinternals.com/psshutdown-no-message-displayed_topic21119.html) Good to know before trying to do it on production:)

We can workaround this using

PsExec.exe -d -i 1 -u admin -p P@ssw0rd \\10.176.6.171 "c:\windows\system32\shutdown.exe" -r -f -t 3600 -c "Your computer will reboot within one hour. You can reboot it by Yourself now if You are ready"

PsExec.exe -d means non-interactive

PsExec.exe -i is the number of session in which message will be displayed (users usually are loged in to session 1 also if they are connected via RDP)

I tested it on Windows 7 both 32 and 64 bits machines.

Ping list of computers and get shor information

$comp = gc "ips.txt"
$ping = new-object system.net.networkinformation.ping
$pingreturns = @()

foreach ($entry in $comp) {
  $pingreturns += $ping.send($entry)
}

$pingreturns | ? {$_.status –eq “success”} | select address

Get list of computers which have c$ share

Get-Content "list_ip.txt" | `
   Select-Object @{Name='ComputerName';Expression={$_}},@{Name='Can access c$';Expression={ Test-Path "\\$_\c$"}}

Script for getting information regulary from website, grep for text and send email if something

First need to download wget, grep and mailsend (https://code.google.com/p/mailsend/downloads/list) for windows

cd "C:\Program Files (x86)\GnuWin32\bin"
wget -O c:\windows\temp\%date%.html --no-check-certificate http://www.websiteaddress.com
cd "C:\Program Files (x86)\GnuWin32\bin"
grep "Bartlomiej" "c:\windows\temp\%date%.html" >> "c:\windows\temp\%date%.txt"

cd "C:\Program Files (x86)\GnuWin32\bin"
set /p var=
mailsend.exe -smtp smtp.gmail.com -port 465 -t username@gmail.com -f username@gmail.com -sub CheckBet -v -ssl -auth -user username@gmail.com -pass PASSWORD -attach c:\windows\temp\%date%.txt