When follow instructions in this link to recover a deleted object, I got error message "illegal modify operation". One of the workaround in the comment worked for me (the restore-adobject method): add a -NewName argument in the restore-adobject statement.
LDAP method didn't work well as it showed only first 1000 objects under "deleted objects" container while we had way more that number.
Search This Blog
May 31, 2012
Apr 3, 2012
WMI Association Class
There is a special type of WMI class called "association class". This type of class binds two normal, related classes together. A typical example is association class for NIC-related classes. For each NIC in a system, there are two WMI classes for it: Win32_NetworkAdapter & Win32_NetworkAdapterConfiguration. The former mainly includes NIC hardware info, such as speed, MAC, media connection status, etc; the later mainly includes configuration info on a NIC, such as IP, DHCP, DNS, etc. More than often, you need to obtain info from both classes, and that's where association class comes to help.
Still using NIC as our example, windows defines an association class called Win32_NetworkAdapterSetting, through which you can access info from both above-mentioned classes. An association class include two members, one called element, the other called setting. Not surprisingly, element links to a Win32_NetworkAdapter object (because it is the element) and setting links to a Win32_NetworkAdapterConfiguration object (because it is the setting stuff). Below is how you use it:
$ac = Get-WmiObject -Class win32_NetworkAdapterSetting #gets all NIC info
$connectedAdapters = $ac | where {([wmi]$_.element).netConnectionStatus -eq 2}
$connectedAdapters | foreach {([wmi]$_.setting)|select caption, dhcpEnabled,IPaddress,dnsServerSearchOrder }
Still using NIC as our example, windows defines an association class called Win32_NetworkAdapterSetting, through which you can access info from both above-mentioned classes. An association class include two members, one called element, the other called setting. Not surprisingly, element links to a Win32_NetworkAdapter object (because it is the element) and setting links to a Win32_NetworkAdapterConfiguration object (because it is the setting stuff). Below is how you use it:
$ac = Get-WmiObject -Class win32_NetworkAdapterSetting #gets all NIC info
$connectedAdapters = $ac | where {([wmi]$_.element).netConnectionStatus -eq 2}
$connectedAdapters | foreach {([wmi]$_.setting)|select caption, dhcpEnabled,IPaddress,dnsServerSearchOrder }
Mar 8, 2012
[Powershell] Try-Catch fails to catch an exception?
I was running a script that does WMI query and found that my try-catch-final statement seemed not working. The exception was still shown on console instead of handled by my catch block.
It turns out that exceptions are categorized into two groups, terminating exceptions and non-terminating exceptions. By default, try-catch intercepts only terminating exceptions. No surprisingly, get-WMIobject exceptions are non-terminating exceptions.
There are two ways to make it work. One is to make all exception terminating by below assignment:
$ErrorActionPreference = "Stop"; #Make all errors terminating
Remember to reset the preference at the end of your script as this is global.
$ErrorActionPreference = "Continue"
Or right after get-WMIobject statement, check the value of $?
if ($?){
#processing block
}
else {
throw $error[0].exception
}
It turns out that exceptions are categorized into two groups, terminating exceptions and non-terminating exceptions. By default, try-catch intercepts only terminating exceptions. No surprisingly, get-WMIobject exceptions are non-terminating exceptions.
There are two ways to make it work. One is to make all exception terminating by below assignment:
$ErrorActionPreference = "Stop"; #Make all errors terminating
Remember to reset the preference at the end of your script as this is global.
$ErrorActionPreference = "Continue"
Or right after get-WMIobject statement, check the value of $?
if ($?){
#processing block
}
else {
throw $error[0].exception
}
Retrieving Terminal Server Configuration Settings Using Powershell
It was quite easy for Windows 2003 TS servers with Win32_TerminalServiceSetting WMI class, there are tons of documents on the Net. It took me some time, however, to find out that MS change the class considerably for Windows 2008.
It's now under a different name space root\cimv2\TerminalServices. It also requires you to specify an authentication flavour before you can gain access.
In short, you get info with below commands (w2k3 and w2k8 respectively):
gwmi Win32_TerminalServiceSetting -computername -namespace root/cimv2/TerminalServices -authentication 6
or
gwmi Win32_TerminalServiceSetting -computername [-namespace root/cimv2]
It's now under a different name space root\cimv2\TerminalServices. It also requires you to specify an authentication flavour before you can gain access.
In short, you get info with below commands (w2k3 and w2k8 respectively):
gwmi Win32_TerminalServiceSetting -computername
or
gwmi Win32_TerminalServiceSetting -computername
Feb 23, 2012
Enable LDAP over SSL Using Certificate Generated From A Different Machine
The procedure is pretty simple and well documented in KB 321051, so there is nothing special here. However the tricky part is you have to submit the request from the same DC in order to make LDAPS work because this way ensures you have the private key for the certificate.
In some cases, it could take quite a while to obtain a certificate so you want to submit the request way ahead of time - so long ahead of time that you may not have the hardware yet at the time you have to send the request.
A workaround is to submit the request from another machine - any other machine as long as you make the request right. Once you get the certifiate, install it on the requesting machine, then export it with private key, finally import onto your new DC.
In some cases, it could take quite a while to obtain a certificate so you want to submit the request way ahead of time - so long ahead of time that you may not have the hardware yet at the time you have to send the request.
A workaround is to submit the request from another machine - any other machine as long as you make the request right. Once you get the certifiate, install it on the requesting machine, then export it with private key, finally import onto your new DC.
Jan 22, 2012
Attempt to remove glue record on delegated zone crashes DNS console
- Windows 2008 R2
- 2 domains, parent-child
- 2 DNS zones respectively. Child zone delegated from parent zone
- Connect to parent DNS server, wrong IP listed for a name server in delegated zone properties window
- When try to remove or edit it, after confirmation, the MMC freezes
There are a few other people had same issue, seems to be a bug as far as I see it.
Resolution:
- ADSIedit, connect to parent DNS server
- Drill down to the delegated zone node
- In right hand pane, find the name server in question, remove the wrong IP from "dnsRecord(?)" attribute (you have to change the view to be "decimal" to see which entry is the wrong IP.
Update Nov 20, 2012:
Never mind the above, I found a hotfix http://support.microsoft.com/kb/2581690 that is exactly for this bug. This KB was published in 2011, I wonder why I didn't find it earlier - I consider myself an expert finding KBs :-). Not to mention why the Microsoft engineer I worked with didn't find this either.
- 2 domains, parent-child
- 2 DNS zones respectively. Child zone delegated from parent zone
- Connect to parent DNS server, wrong IP listed for a name server in delegated zone properties window
- When try to remove or edit it, after confirmation, the MMC freezes
There are a few other people had same issue, seems to be a bug as far as I see it.
Resolution:
- ADSIedit, connect to parent DNS server
- Drill down to the delegated zone node
- In right hand pane, find the name server in question, remove the wrong IP from "dnsRecord(?)" attribute (you have to change the view to be "decimal" to see which entry is the wrong IP.
Update Nov 20, 2012:
Never mind the above, I found a hotfix http://support.microsoft.com/kb/2581690 that is exactly for this bug. This KB was published in 2011, I wonder why I didn't find it earlier - I consider myself an expert finding KBs :-). Not to mention why the Microsoft engineer I worked with didn't find this either.
Subscribe to:
Posts (Atom)