Wednesday, December 02, 2015

PowerShell + SCCM : Run CM cmdlets remotely

Today I saw a tweet about using implicit remoting to load the Configuration Manager on my machine by Justin Mathews. It caught my eye as I have never really tried it, but theoretically it can be done.

Note - The second tweet says "Cannot find a provider with the name CMSite", resolution to which is in the Troubleshooting section at the end.

Sunday, November 08, 2015

PowerShell + SCCM : WMI Scripting

Why should I use WMI, when there is a PowerShell module available for Configuration Manager (CM Module) already?

Well the cmdlets behind the scene interact with the WMI layer and if you know which WMI classes the corresponding cmdlet work with , it can be of help in future by :

  1. Switching to native WMI calls when the CM cmdlets fail for some reason (probably bug in the CM Module).
  2. Making your scripts more efficient by optimizing the WMI (WQL query) calls, the cmdlet will query all the properties for an Object (select *) you can select only ones you need. 
  3. Lastly no dependency on the CM Module, you can run these automation scripts from a machine not having the CM console installed (needed for CM module).
Moreover ConfigMgr uses WMI extensively, you already have this knowledge leveraging it with PowerShell shouldn't surprise you. This post assumes you have been working with CM cmdlets (you already are versed with PowerShell), know where the WMI namespace for ConfigMgr resides and the basics of WMI.

Example Problem:

I will use one of the problem people have been commenting about a lot on the below post

PowerShell + SCCM 2012 R2 : Create an Application (from MSI) & Deploy it

What they want to do is specify multiple app-categories to an application while creating these apps using PowerShell ?

This seemed trivial at first as the help for the Set-CMApplication cmdlet which is used to set the app category for an application accepts a string array. Probably a bug in the cmdlet (as this seems to be working on the most recent CM module). See below the comment screenshot from the post :

Saturday, October 24, 2015

PowerShell + AD + Pester : create new user using template Part 2

It seems like it has taken me forever to post this one. I had this one almost ready but then I asked few questions around, read a lot of posts and had to rewrite the pieces of the post, to sum it all it has been an eye opening when trying to test PowerShell code which interacts with Infrastructure.

Below pic depicts my state at this point ( revelation to a whole new world).

[ credits : movie "V for Vendetta"]

In the last post, we laid the foundation for our Function. Go back and check the code their as we start from where we left off.

In this post we dive straight into the third context for our Pester tests :
  1. Context "User Creation"
      It should return Object when -Passthru specified (New addition)
      It should take OU Path from template User.
      It should only copy allowed set of attributes from the User (by default).
      It should allow copying a subset of allowed set of attributes
Note - I have added one more test to the context, which is in green. Why rest of the functions are marked in Red :O ? Answer to this follows in the conclusion section.

Friday, October 02, 2015

PSConfAsia : My experience

Since it has been few weeks after PowerShell conference Asia, I have finally kicked of the laziness and made up my mind to blog about my experience around it.

PowerShell Conference Asia

Saturday, September 12, 2015

PowerShell + AD + Pester : Create new user using template - Day 1

I did a blog post, way back to create new users in AD using already existing user as a template, but many people commented about using the template didn't copy the Home Directory, logon script path, group membership etc. So finally I tried my hands on writing a Function which does a better job at this.

The idea is to write a New-ADUserFromTemplate function, to which you specify all the properties you want copied while creating a User from an existing User (template User).

Let's make it fun and write the code using the Behavior Driven development approach using Pester. This will probably a 2 part series :

  • Day 1 - Getting the Ground Work ready, Pester tests for Parameter, Help & Module dependency.
  • Day 2 - Write Pester tests and code for the actual function. Refactoring the Code.

So we plan to do BDD or TDD here which means we write tests first and then follow the below cycle :

Thursday, August 20, 2015

PowerShell + Server 2016 TP3: Deploy using Azure Automation

With an awesome and exciting features being shipped in Server 2016 TP3, I am sure you are going to take a crack at it.

What better way  to deploy it n cloud in few minutes using Azure Automation Runbook. I did something similar a while back and have updated the Script to expose new parameters and by default use the Server 2016 TP3 image for now (you can override this value).

Also if you are an ITPro like me and have a test LAB running on Azure then you can pass in the arguments to -DomainName and -DomainCredName parameters and the Runbook actually retrieves the Automation Credential Asset and joins the Server 2016 TP3 VM to the AD domain you have running on Azure (make sure the VM is in a Subnet which is reachable to your DC and the DNS is configured properly for the name resolution.

Sunday, August 09, 2015

PowerShell + SCCM 2012 : Create Packages & Programs

It has been a while, since I chartered the waters of WMI and Configuration Manager, so pardon any silly mistakes made. One of my friend from PSBUG asked me few questions revolving around creating packages & programs in ConfigMgr using PowerShell.

Every ConfigMgr admin knows that new Application model has been introduced in ConfigMgr 12 but the Packages are here to stay for a while. Packages and Programs are ideal for deploying Scripts (one time or reoccurring ones) and better suited for deploying apps during OSD (heard this one).

ConfigMgr ideally has 3 ways of working with it and below is the pic which says it all :

The post is broken up in 3 parts (based on how you use ConfigMgr):

  1. GUI Way - Doing this to show background on how we do it manually.
  2. Cmdlet Way - using the CM cmdlets to create the package and program
  3. WMI Way - exploring WMI to do the same.

Friday, July 10, 2015

PowerShell + Azure + Python : Use Project Custom Settings


First to set up the background [bit reaching on the Dev side] on the post, quick introduction to what is an Azure Cloud service along with some terms Dev like to throw around:

Cloud Service :
PaaS offering , running VMs on Microsoft Azure. You have control over these VMs as you can remote into them and customize them to run your apps. A typical cloud service contains:

  • Web Role - Windows Server running IIS on top of it.
  • Worker Role - Windows Server.
Now using Visual Studio one can configure the Cloud Service as per ones need (Check Resources at the bottom). There are typically 2 files in your project definition which need tweaking (source : MSDN - link in Resources section) :

  • ServiceDefinition.csdef  : The service definition file defines the runtime settings for your cloud service including what roles are required, endpoints, and virtual machine size. None of the data stored in this file can be changed when your role is running.
  • ServiceConfiguration.cscfg : The service configuration file configures how many instances of a role are run and the values of the settings defined for a role. The data stored in this file can be changed while your role is running.

Thursday, July 02, 2015

PowerShell MVP 2015

I received the official notification yesterday that my PowerShell MVP award has been renewed !!

Thursday, June 04, 2015

PowerShell + Pester + Jenkins : Journey to Continuous Integration

Continuous Integration, huh ?

Simply put CI is running all the tests (against your code, system etc) frequently in order to perform code validation and see everything is integrating well with each other. For Example - If I check in Code then CI runs all the tests to see if the commit did break anything.

Why are we doing this CI stuff anyway ?

To check if something failed on regular basis, so that it is easy to fix it at the earlier stage.

- I am a mere mortal and follower of DevOps (much broader term) but have started to appreciate the simplicity all these concepts bring in. Don't mistake me for an expert here ;)

A little background on why I explored using Jenkins as the CI solution, the Project recently I started working on requires me to code in Python/ PowerShell and the team already uses Jenkins for other projects in Python, Java, Ruby etc so we needed to integrate running of Pester tests from Jenkins for our PowerShell codebase.

Saturday, May 16, 2015

PowerShell + Azure : Validate ResourceGroup Tags

Recently been working on some DevOps stuff in Azure using Python & PowerShell, so would be doing few posts revolving around that.

Why I have added the below pic ?
Python is what I have been picking from the Dev world (currently) and PowerShell is what I have picked from the Ops world.

In Azure Resource Manager, one can add tags to the Resource Groups (check out the new Azure Portal to explore ResourceGroups ). Last week had to script a way to check that there is a Tag on the resource group with a valid set of values. Python Azure SDK doesn't yet support Azure Resource Manager operations so had to turn to the Ops side (PowerShell way).

Don't worry if you have no idea what a tag is, the validation code is pretty neat.

For Example - the Resource Group should have a tag named "Environment" on it with the valid values of "Dev","QA" & "Prod" .

Thursday, April 16, 2015

PowerShell : Hunt CheckBox of Doom

I had posted a while back about the dreaded Checkbox of Doom which is a real pain in the Migration Scenarios where few AD Users might be marked as protected (Admincount = 1) but we don't really know which Group membership (marked as protected) might be causing this. 

Shout out to MVP Ace Fekay for providing his insights on the topic :)

It becomes a pain when the Groups are nested multiple levels and to determine which Portected Groups membership the User have which might be causing the Inheritance disabled (checkbox of doom).

[Update]  Fellow friend and MVP Guido Oliveira highlighted that he had come across an issue where the AdminCount was once set to 1 when the User was part of a Protected Group. Once he was removed from the Group as per the Wiki Link shared at the end the AdminCount and the Inheritance will still be disabled so this Function can hunt those accounts too.

Function is up for download @Technet : Click Here

Read below on how to use the Script and the Scenario it tackles.


I have 2 groups named NestedGroup1 & NestedGroup2 which are nested like below in the Server Operators (Protected Group) , also they have a User xyzabc & test123 added respectively to each as shown below :

Wednesday, April 01, 2015

PowerShell Tip : Comment/Uncomment Code

Many people who use plain Vanilla ISE are not familiar with this small trick which was added in PowerShell v3.

In PowerShell v3 ISE you can comment/uncomment lines of code without installing any Add-Ons :

Comment Code :

  • Press Alt + Shift + Up/Down arrow key to select lines
  • Once lines are selected, Press "#" to comment

Uncomment Code :

  • Follow the same Key shortcut to select text [Alt + Shift + Up/Down].
  • Once selected , Press Delete.

Below is a animated GIF showing this in Action :

Tuesday, March 31, 2015

PowerShell + Azure Automation : Add-DataDiskToVM

This will be a quick and short post on using Azure Automation Runbook to add a Data Disk to one of the Azure VMs already provisioned on Azure and then initialize-format the Disk added using the Storage cmdlets available on Server 2012 onwards.

The Workflow is available @Technet >> Download
[Blog-Ad] Please check two of my earlier posts revolving around Azure Automation, if you are trying to use this feature for first tim:

Below is the explanation of the Workflow:

Monday, March 30, 2015

PowerShell + SCCM : Get Resource Collection Membership

Recently at our PowerShell Bangalore User group, we had fun participating in a one day PowerShell + ConfigMgr Hackathon event. Where we had a bunch of ConfigMgr admins worked on using Azure to deploy a full fledged ConfigMgr Lab, also we had fun interacting with each other.

Below pic was the theme for the event, says it all ;)

My friend Harjit  suggested few ideas for the Hackathon. Below is one of the ideas:

"Script that can tell me which collections a particular system or several Systems belong to"

The Final Script is available @Technet for Download 


Tuesday, March 17, 2015

PowerShell + EAS + MSExchange - FolderSync

This is the third post in series of poking around EAS protocol using PowerShell, find the first 2 posts below :

  1. PowerShell + EAS : Getting Started
  2. PowerShell + EAS + MSExchange : Autodiscovery

If you are a interested in looking at the C# code samples then checkout posts in the Resources section at the bottom.

Once you have discovered the URL of the EAS endpoint to connect to, it is time to follow below 3 requests in order to establish an ActiveSync Partnership with Exchange Server:

Monday, March 02, 2015

PowerShell + EAS + MSExchange : Autodiscovery

This post is going to be on how to use PowerShell to get an insight in the Autodiscovery process which the EAS Mail clients use.

Second entry in my #PowerShell + #EAS posts:

  1. PowerShell + EAS : Getting Started

Once you enter Email Address and Password in the Mail setup in the device, the Autodiscovery process kicks in. Remember there is no such thing as the mail account getting magically configured :)

To explain the process is not my intent, Please refer to the MSDN blog post here.

In short the Autodiscovery process tries to get a valid XML response from 4 sources (based on the workflow explained at the MSDN blog ). In this post we will be looking at a way to make those 4 requests and study the responses we get back using PowerShell. This is a more of a hands on approach here.

I will be taking an account for the demo, for which we will see the discovery process in action :
  • TestUser Account on Office365  (

The EAS client looks at your email address and then parses it to get the domain name, below is how to do it in PowerShell using the split operator and multiple assignment:

$email = ''
#Split the email address to get the Username and the domain name
$username, $fqdn = $email -split '@'

Thursday, February 26, 2015

PowerShell + EAS : Getting Started

This is the first post on a series of blog posts concentrated around understanding Exchange ActiveSync Protocol as this is the underlying protocol which Mobile devices use in order to connect to the Exchange Server.

The whole idea is to be able to craft EAS requests and parse the Server responses using PowerShell in order to understand the protocol better.

Hint - Take a look at the cmdlet Invoke-WebRequest, it will be used to craft the Web requests later on.

Why I want to do this ?
Because when you start poking around you learn the Product better :).

This is a getting started post and I am following and porting most of the code already written in C# at to PowerShell.

This post is about giving you a hang of how to make Web Requests to an Exchange Server's EAS endpoint and parse them to get insight in the process.

Now if you setup mail for a User in a Mobile device and use Fiddler as reverse proxy to analyze the communication , you will see the below :

Skip Verification Checks

Add the below line of code to your Script if you don't bother to perform the Server certificate validation, this is only for testing Environments.


[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}

Tuesday, January 20, 2015

PowerShell + REST API : Basic, CMS & CMSURL Authentication

While working with the REST API endpoints exposed by the leaders in MDM space (Hint - VMware acquired them) , I picked up few things on how to authenticate to the REST endpoints and would like to document those here.

The post is generic about how to use the below Authentication schemes:
  • Basic Authentication
  • Certificate Based Authentication

Basic Authentication

In Basic authentication, we base 64 encode the UserName & Password and pass it in the header.

Pretty straight forward on how to do it in PowerShell, Store the Credentials and then just encode them :

$Credential = Get-Credential
$EncodedUsernamePassword = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($('{0}:{1}' -f $Credential.UserName, $Credential.GetNetworkCredential().Password)))