Hey, Scripting Guy! Quick-Hits Friday: The Scripting Guys Respond to a Bunch of Questions (4/2/10)


Bookmark and Share !–>!–> In this post:


How Can I Get a List of Active Directory Groups in the Local Domain and All the Users Across the Whole Forest?

Hey, Scripting Guy! Question

Hey, Scripting Guy! We need to query Active Directory (AD) and populate customer permissions tables in SQL Server. We only assign login rights to groups, so what we need from AD is a list of groups in the local domain, but we need all the users across the whole forest.

We have tried ADSI through a linked server (empty results set only), xp_logininfo (returns only local domain users, not users in other domains), and csvde.exe (returns the member information in an unusable format).

All we need are the group names and the members, but we need the members in their login format: domainuser-account. Having an expanded list of strings, which is what csvde.exe returns, will not work because the forest is too large.

— RT


Hey, Scripting Guy! AnswerHello RT,

Using the Active Directory Domain Services (AD DS) cmdlets from Windows Server 2008 R2, you can use the Get-ADGroup cmdlet. This is seen here:

Get-ADGroup –filter * | Get-AdGroupmember


The next thing you will need to do is to build up the lanman type of name. You can do it by concatenating the domain name, a backward slash, and the SamAccountName. This is shown here:

Get-ADGroup –filter * | Get-AdGroupmember | Foreach-object { “nwtraders” + $_.SamAccountName }


How Can I Gracefully Shut Down Virtual Machines Being Powered by an Uninterruptable Power Supply?
Hey, Scripting Guy! Question

Hey, Scripting Guy! I need two scripts. First, a little bit of background information. I have four virtual servers and we have a bad power problem at our office. At least a dozen times a week, if not more, the power breaker trips, which causes all of my servers to shut down hard. I am running four Windows 2003 servers per virtual host. Do you have a script that will perform a graceful shutdown of the virtual machines and the host server while the Uninterruptable Power Supply (UPS) is still powering them, instead of waiting for the UPS to drain and then crash the server? I would like to reboot groups of workstations after updates are applied.

— SE


Hey, Scripting Guy! AnswerHello SE,

Many UPS makers include software that is designed to shut down the attached server when the power goes out. There are also software packages that are designed to shut down specific applications. There is no WMI class related to a UPS that would give us the ability to perform a shutdown; therefore, I think you need to look to your UPS maker. As far as shutting down workstations after performing updates, if you are using Windows Server Update Services (WSUS), I am pretty sure you can tell Windows Update to automatically reboot or even to prompt for a reboot after the update has been installed. On the other hand, Windows PowerShell has the Stop-Computer cmdlet that I use at home. The syntax is illustrated here:

Stop-computer -computername a,b,c,d

A,b,c,d are names of computers. The computer names can come from a text file as seen here:

Stop-computer -comptername (get-content c:fsomycomputers.txt)


From a VBScript perspective, it is a bit more complex. We have several scripts on the TechNet Script Center Script Repository that are able to shutdown computers.


Who Is Ken Meyer?

Hey, Scripting Guy! Question

Hey, Scripting Guy! I notice the name Ken Meyer quite a bit in the Hey, Scripting Guy! Blog posts. Is this the same Ken Meyer that taught a Visual Basic class at EdCC back in 1994? If so I just wanted to say hi, how is it going? That VB class, along with Pascal, started my career as a developer. It used a really interesting, outside -the-box approach to teach development. 

— TM


Hey, Scripting Guy! AnswerHello TM,

What a great question! Hmmm, I am not sure if Ken Meyer used to teach at Edmonds Community College outside of Seattle or not. I know he used to be a real Microsoft person, so it might very well be possible. We have an internal fictitious name list composed of real Microsoft people who volunteer to have their names added to the list. There is an internal Web site where people can go and add their names to the list. We have that many people clamoring to be included in our Hey, Scripting Guy! posts (actually, the fictitious names list is used for all training material, public facing documents, and even Microsoft Press books). Part of that agreement is to allow Microsoft to use that name for a long time in all their training materials. Because Ken Meyer is one of the shorter names that are easy to spell, it gets used for many Scripting Guy examples. It is also possible that he was a friend of one of the previous Scripting Guys. I, unfortunately, have not had the opportunity to meet with him. This is sad because he sounds like he would be a great person to get to know. I love really interesting, outside-the-box kinds of people.



How Can I Determine If the Network Connected to a Server Is Having Latency Issues? Hey, Scripting Guy! Question

Hey, Scripting Guy! My question is not Windows PowerShell specific. If I want to look at a server in a datacenter and determine if the network that it is connected to is having latency issues (without looking at the network itself), how would I do it? Use performance counters? If so, on which thresholds should I focus?

— CM


Hey, Scripting Guy! AnswerHello CM,

When I hear questions about network performance, I generally think about using one of the WMI performance counter classes. You will probably want to leverage the Win32_PerfFormattedData_Tcpip_NetworkInterface class, which is documented on MSDN. The Win32_PerfFormattedData_Tcpip_NetworkInterface class is also seen in WbemTest in the following image.

Image of the Win32_PerfFormattedDat_Tcpip_NetworkInterface class

Performance counter classes can be a bit tricky to use in scripting. This is why the swbemRefresher object was created. Here is a Hey, Scripting Guy! Blog post that talks about using the refresher object in VBScript. From a Windows PowerShell perspective, I wrote a weeks’ worth of Hey, Scripting Guy! posts that appear beginning in November 24, 2008.

On the other hand, Windows PowerShell 2.0 includes the Get-Counter cmdlet that allows you to retrieve the same kind of information that feeds to the PerfMon utility. I talked about using that cmdlet on February 15 and February 16. The two articles build, so you will want to read the February 15 article first.



How Can I Schedule a Task to Run in Windows Server 2008 R2?

Hey, Scripting Guy! Question

Hey, Scripting Guy! Security is so tight in Windows Server 2008 R2 that my Windows PowerShell scripts will not perform if I do not log in as administrator, open Windows PowerShell as an administrator, run a script to give myself the permissions I should have in the first place (seRestore,seSecurity), and then run my script.

How can I schedule a task to run in Windows Server 2008 R2 that will allow me to elevate the administrator’s privileges and run itself in that context?

— DS


Hey, Scripting Guy! AnswerHello DS,

You can manually create a scheduled job to run your Windows PowerShell script. In the wizard, you can specify the credentials to use. I imagine you will still need to manually add in the privileges you need, depending on the account you use. If you want to script the creation of these jobs, look at this series of Hey, Scripting Guy! posts I wrote a while back on using Scheduled Tasks.


Well, this concludes another edition of Quick-Hits Friday. Join us tomorrow for the Weekend Scripter as we delve into the mysteries of…well, we will let that remain a mystery for now.

If you want to know exactly what we will be looking at tomorrow, follow us on Twitter or Facebook. If you have any questions, send e-mail to us at scripter@microsoft.com or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.


Ed Wilson and Craig Liebendorfer, Scripting Guys