{"id":5123,"date":"2012-08-15T00:01:00","date_gmt":"2012-08-15T00:01:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2012\/08\/15\/use-powershell-to-query-ad-ds-for-servers-and-then-find-hotfixes\/"},"modified":"2012-08-15T00:01:00","modified_gmt":"2012-08-15T00:01:00","slug":"use-powershell-to-query-ad-ds-for-servers-and-then-find-hotfixes","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/use-powershell-to-query-ad-ds-for-servers-and-then-find-hotfixes\/","title":{"rendered":"Use PowerShell to Query AD DS for Servers and then Find Hotfixes"},"content":{"rendered":"

Summary<\/b>: Microsoft Scripting Guy, Ed Wilson, talks about querying the AD DS module via PowerShell and using the results to find hotfixes.<\/p>\n

\"Hey, Hey, Scripting Guy!  We have a server running Windows Server 2008 R2 that is acting as one of our domain controllers. I do not have access to install the Remote Server Administration Tools (RSAT) on my workstation. However, I would like to use the Active Directory Domain Services (AD DS) cmdlets to return a listing of all servers on the network. I need to check the status of the most recent hotfix installed on all the servers. I do not have a list of servers because we are constantly adding and removing virtual servers based on load and demand, so Active Directory is the only place I feel comfortable in obtaining this information. Can you help?<\/p>\n

—BB<\/p>\n

\"Hey, Hello BB,<\/p>\n

Microsoft Scripting Guy, Ed Wilson, is here. There are over 100 people already signed up for PowerShell Saturday in Charlotte, North Carolina<\/a> on September 15, 2012. The tickets are fast disappearing, so if you want to attend this event, you should register before the event sells completely out. By the way, there are several sessions that talk about using Windows PowerShell with Active Directory on the agenda. Microsoft PFE, Ashley McGlone<\/a> will be making an excellent presentation for this track.<\/p>\n

Use Windows PowerShell remoting to load the module<\/h2>\n

If you are using Windows PowerShell 2.0 and you have access to the Active Directory module, there are several ways to load and use the module. In a particular scenario where I only need a list of server names, it is easiest to use the Invoke-Command<\/b> cmdlet and store the returned information in a variable. The command shown here accomplishes this task.<\/p>\n

$cred = Get-Credential iammred\\administrator<\/p>\n

$servers = Invoke-Command -cn dc3 -cred $cred -script {import-module ActiveDirectory;<\/p>\n

Get-ADComputer -LDAPFilter “(&(objectcategory=computer)(OperatingSystem=*server*))”}<\/p>\n

To verify that the command worked properly and that I have an array of server names, I access the count<\/b> <\/i>property. This command is shown here.<\/p>\n

$servers.Count<\/p>\n

In Windows PowerShell 3.0, I can directly access the server names by using the name<\/b> <\/i>property as shown here.<\/p>\n

$servers.name<\/p>\n

But in Windows PowerShell 2.0, I need to use a ForEach-Object<\/b> loop. This command is shown here.<\/p>\n

$servers | foreach {$_.name}<\/p>\n

The commands and the output associated with the commands are shown in the image that follows.<\/p>\n

\"Image<\/a><\/p>\n

Use Invoke-Command to do the query<\/h2>\n

When I know that I have my list of servers, it is simple to query to find the latest hotfix. I can use the computer<\/b> <\/i>parameter of the Get-Hotfix<\/b> cmdlet to do the query, but that presupposes that a large number of ports on the remote server are open, and that simply might not be the case. In Windows Server 2012, Windows PowerShell remoting is on by default, and if you are running Windows PowerShell in your environment, you should turn it on for your other servers (after the appropriate security review of course). I like using WinRM instead of RPC or DCOM on my network because WinRM uses only a single port, and the Enable-PSRemoting<\/b> command makes it really easy to set up and configure.<\/p>\n

Therefore, I use the Invoke-Command<\/b> cmdlet to get the required hotfix information. In the command listed here, I use the Invoke-Command<\/b> cmdlet, and I pass the collection of Server<\/b> objects to the CN<\/b> <\/i>parameter. I use the Windows PowerShell 3.0 syntax and pick the name<\/b> <\/i>property directly from the array of objects. I pass my credential<\/b> object to the credential<\/b> <\/i>parameter and the Get-HotFix<\/b> cmdlet in the script<\/b> block <\/i>chooses the last hotfix from the collection. The ErrorAction<\/b> gets set to 0, which means that errors do not halt operation, nor do they display. (See PowerTip: Specifying PowerShell Error Actions<\/a> for more information about error actions.) The command is shown here.<\/p>\n

Invoke-Command -cn $servers.name -cred $cred -script { get-hotfix | select -Last 1 } -ea 0<\/p>\n

It is not necessary to create a new variable to store the server names if you are using Windows PowerShell 2.0. The syntax to pick out only the server name is usable in the ComputerName<\/b> <\/i>parameter of the Invoke-Command<\/b> cmdlet. This technique is shown here.<\/p>\n

Invoke-Command -cn ($servers | % {$_.name})  -cred $cred -script { get-hotfix | select -Last 1 } -ea 0<\/p>\n

The commands and the associated output from the commands are shown in the image that follows.<\/p>\n

\"Image<\/a><\/p>\n

BB, that is all there is to using Windows PowerShell to query Active Directory Domain Services when you do not have the RSAT installed on your workstation. Join me tomorrow for more cool Windows PowerShell stuff.<\/p>\n

I invite you to follow me on Twitter<\/a> and Facebook<\/a>. If you have any questions, send email to me at scripter@microsoft.com<\/a>, or post your questions on the Official Scripting Guys Forum<\/a>. See you tomorrow. Until then, peace.<\/p>\n

Ed Wilson, Microsoft Scripting Guy<\/b> <\/p>\n","protected":false},"excerpt":{"rendered":"

Summary: Microsoft Scripting Guy, Ed Wilson, talks about querying the AD DS module via PowerShell and using the results to find hotfixes.  Hey, Scripting Guy!  We have a server running Windows Server 2008 R2 that is acting as one of our domain controllers. I do not have access to install the Remote Server Administration Tools (RSAT) on […]<\/p>\n","protected":false},"author":596,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[7,3,8,45],"class_list":["post-5123","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-active-directory","tag-scripting-guy","tag-searching-active-directory","tag-windows-powershell"],"acf":[],"blog_post_summary":"

Summary: Microsoft Scripting Guy, Ed Wilson, talks about querying the AD DS module via PowerShell and using the results to find hotfixes.  Hey, Scripting Guy!  We have a server running Windows Server 2008 R2 that is acting as one of our domain controllers. I do not have access to install the Remote Server Administration Tools (RSAT) on […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/5123","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/596"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=5123"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/5123\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=5123"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=5123"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=5123"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}