Skip to main content

Posts

Showing posts from 2011

SharePoint 2010 Compile All Audiences

This was a pain figuring out so many posts were wrong. Thanks to Jasper (http://blog.repsaj.nl/?p=258) for the corrections needed to get this working. I am very close to having my FIM 2010 implementation call the SharePoint 2010 FIM run profiles and then compile all the audiences on a more than once a day schedule.

Update 2011-11-17: Small change, I couldn't get the compile all call to work, so I resorted to compiling each individually.
Add-PSSnapin Microsoft.SharePoint.PowerShell  $AUDIENCEJOB_START       = '1'$AUDIENCEJOB_INCREMENTAL = '0'$site          = Get-SPSite 'https://www.mywegmansconnect.com'$context       = Get-SPServiceContext $site$proxy         = $context.GetDefaultProxy([Microsoft.Office.Server.Audience.AudienceJob].Assembly.GetType('Microsoft.Office.Server.Administration.UserProfileApplicationProxy'))  $applicationId = $proxy.GetType().GetProperty('UserProfileApplication', [System.Reflection.BindingFlags]'NonPublic, Instan…

Redirect PowerShell Output Gotcha

So to run PowerShell jobs, I typically use a PSJob.cmd that executes POWERSHELL.EXE pointing to the passed in script name and redirect output using old DOS semantics (> file.log 2>&1). Well this worked fine for single threaded PowerShell scripts. However, when I started using Start-Job to get a lot of work done faster, I started getting file handle exceptions and some really weird behavior. After a couple hours trying different things, thinking it was my Start-Job script, I decided to change the way I redirected output and switched to use Out-File.

Well, long, painful story brought short is that use Out-File, not DOS output redirection. For your enjoyment, this is my PSJob.cmd script I use to kick off scripts from our enterprise scheduler.
POWERSHELL -NonInteractive -NoLogo -NoProfile -ExecutionPolicy ByPass -Comand "%~dp0%~1.ps1 | Out-File %~dp0%~1.log -Encoding ASCII -Force"EXIT /B %ERRORLEVEL%   I know, amazing right! ;)

Throttling PowerShell Jobs

I needed to multi-thread a task that had a thousand records to process and each one needed a 15 second sleep. Well as I found out, there is no built-in throttling to Start-Job, so I had 1000 powershell.exe try to launch. Not good to say the least. Anyway, after looking online I found throttling code and adapted it to something simple and sweet. All I need to do is inject a call to Throttle-Jobs before I do a Start-Job and it'll wait for the number of running jobs to drop below the maximum.
function Throttle-Jobs {  param( [int] $maximum = 25, [TimeSpan] $interval = [TimeSpan]::FromSeconds(1) )  while ( (Get-Job -State Running | Measure-Object).Count -gt $maximum ) {  Start-Sleep -Milliseconds $interval.TotalMilliseconds      }  }

Grant Registry Permissions

I needed to configure several of our severs to grant authenticated users the ability to create event log sources. I have done this in the past, but I hated the syntax, so, I created a small little function that makes it cleaner for my fellow admins to read. I really wish small things like this were built-in.
function Grant-RegistryPermission {  param(          [Parameter(Mandatory=$true)]          [string] $Path,          [Parameter(Mandatory=$true)]          [string] $Identity,          [Parameter(Mandatory=$true)]          [Security.AccessControl.RegistryRights] $Rights,          [Security.AccessControl.InheritanceFlags] $Inheritance = [Security.AccessControl.InheritanceFlags]::None,          [Security.AccessControl.PropagationFlags] $Propagation = [Security.AccessControl.PropagationFlags]::None      )  $rule = New-Object Security.AccessControl.RegistryAccessRule $Identity,$Rights,$Inheritance,$Propagation,Allow  $acl = Get-Acl$Path$acl.AddAccessRule($rule)  Set-Acl -Path $Path -Acl …

Asynchronous FIM Run Profile Execution

Update 2011-09-21: I updated the output of the job to be a custom PSObject with more detail about the job.

I am finally to the point in my FIM project where I need to start automating tasks. I took a look at several examples of using PowerShell to start FIM Run Profiles. I wasn't quite satisfied with them as I knew I could do imports async to save time. Finally, a real reason to look into using the Start-Job cmdlet. I am hoping I can use async for exports as well. I imagine others can use this example to multi-thread other processes since it handles most of the basics.
function Start-FIMRunProfile {  param (          [Parameter(Mandatory = $true)]          [ValidateNotNullOrEmpty()]          [Alias('MA')]          [string] $MaName,          [Parameter(Mandatory = $true)]          [ValidateNotNullOrEmpty()]          [Alias('Profile')]          [Alias('Run')]          [string] $RunProfile,          [ValidateNotNullOrEmpty()]          [Alias('Computer')…

PowerShell DPE for SSRS

I came across this interesting project on CodePlex that allows you to use PowerShell scripts to generate data for SSRS reports. There is huge potential for use here as a sysadmin that may need to generate reports for users based on PowerShell accessible data (e.g. Exchange, SharePoint, Active Directory).

http://psdpe.codeplex.com/

FIM 2010 - PowerShell Extension

Update 2011-07-01: I have moved the code, docs, scripts to http://fim.codeplex.com

I have been busy, thus why I haven't posted here in a while, learning FIM 2010. One of the features that are nice about FIM 2010 is the codeless provisioning you can do. However, you will reach a point where you need more than what is available out of the box. I don't want to have to write .NET code everytime I need to customize an attribute flow. So, I built a simple extension class that loads PowerShell scripts for the MA's data directory and runs the commands via that. FIM 2010 has a long way to go to being perfect, but with this simple extension code, customization is slightly less painful than banging your head against the wall trying to figure out how to use as much out of the box as possible...

Example scripts are below:

[Deprovision.ps1]
param($csentry)  $ADS_UF_ACCOUNTDISABLE = 0x002  $ADS_UF_NORMAL_ACCOUNT = 0x200  switch ($csentry.ObjectType)  {  'user'    {  if ($csentry.D…

Is was nice knowing you Reflector...

When it was announced that Reflector was being acquired by RedGate I knew it was only a matter of time before this free tool became a paid one. What I was looking for instead of a free tool was an open source one. The good people over at SharpDevelop have provided just such a tool, ILSpy. While the tool isn't as full of features as Reflector had become, it is at least functional at the basic level, and open source.

The one thing I dislike about all these tools, I have to download them to multiple workstations. I wonder if I could find/start a web-based .NET decompiler service... one that uses PowerShell for plugins.

ASP.NET MVC Authorization via PowerShell

I have devised a way to build a PowerShell authorization script for ASP.NET MVC using a custom AuthorizeAttribute. It's ok, I'll give you a minute to let that settle in your mind...

Get over to the github and download the latest drop of PowerShell for ASP.NET. The System.Web.Mvc.PowerShellAuthorizationAttribute class provides you with the ability to run a PowerShell script to perform the authorization of the action or controller.

Usage is simple add the attribute to your action or controller like so:
[PowerShellAuthorization("~/App_Data/Authorize-KillProcess.ps1")]  public ActionResult Kill(string computerName, uint pid)...   And create a simple PowerShell script that returns $true or $false:
param(      [Parameter(Mandatory = $true)]  $HttpContext,      [Parameter(Mandatory = $true)]  $Principal,      [Parameter(Mandatory = $true)]  $Action,      [Parameter(Mandatory = $true)]  $RouteValues,      [switch] $Test = $false)  process {      [int]$RouteValues.pid -gt 4 `   …

I <3 PowerShell

I finally have found a topic I want to blog about: PowerShell. If you don't know what PowerShell is then I suggest you do some lite reading about it or just keep reading here and I'm sure the mental light bulb will turn on shortly.

So, why blog about PowerShell out of all the other things I could blog about, and probably will blog about? I am a literal dev-admin, the fusion of a developer and system administrator. For the past 10 years I have been working in the I.T. as a developer that also does system administrator work as his primary job. Having the development background I do, I am constantly looking for ways to automate my day-to-day tasks or create automation that I can have other people use if I am not around to keep the business/infrastructure running smoothly.

I started creating web-automation applications within a few months of becoming a sysadmin. Since then I have been looking for a way to make those applications easier to maintain and more powerful. If you have an…