events

Extract dates from string and convert it to UTC

Today I want to show you how to extract dates from string. Recently I posted article about getting IP address from log file. This time its a little bit more compliacted as date format in string is invalid. Extract date from string Extracting dates from string is pretty simple if you know the regex pattern. In my case I had to get all dates from string and use it as …

lockout source

Get lockout source for currently locked users

Todays articile is about getting lockout source and checking who is currently locked in your environment. Script is based on ActiveDirectory module and Get-WinEvent commands. Currently locked users First we need to check how many users are locked. Below you can find simple script for checking that. Script is using Search-ADAccount command with LockedOut parameter. Find lockout source Next part is to find lockout source for each users. To do …

SCOM UR

Installing SCOM UR patch on remote computers

In this short articile you will find out how to install SCOM UR patch remotely. In one of the previous articile you can check also how to get information about UR version from remote machines. Installing SCOM UR Below you can find simple example for installing patch 2012 R2 UR14: In my case patch with .msp extension was located on d: drive: First script will create folder d:\temp on remote …

SCOM

End SCOM maintenance mode on multiple servers

Today I would like to share with you a one of SCOM scripts which I use on regular basis. Some of you are working in large scale environment and have to put large amount of servers in SCOM maintenance mode. In this article you will find out how to stop it for some specific machines. End SCOM maintenance mode In one of the previous articles I was describing how to …

remove

Remove user from specific AD groups using PowerShell

If you are looking for simple AD group member removal script this article is for you. Today I want to share few examples about getting group membership and removing one specific user from multiple groups. I was using commands form ActiveDirectory module. Get user group membership Below you can find several commands which helps to get user direct group mmebership: Remove user group membership Removing user from specific group is …

Get-Process

Get process remotely including username using PowerShell

In today’s article I would like to describe how to get process remotelty used by some specific username. Most of PowerShell admins are familiar with this command but no all knows its paramter called IncludeUserName. Recently I had to check processes under some username on bunch of servers. Below you can find few helpful examples. Get process locally Get all processes for some specific user is not difficult. Paramter -IncludeUserName …

group

Add users to local group remotely using PowerShell

How to add users to local group on remote servers? The easiest way for me was to create simple PowerShell script 🙂 Some time ago we posted article about adding group – link. In this article I want to show you how to add mutliple users to some specific group. Get Members First you should know how to verify who is currently added to group. To get members from remote …

Log lines

Extract IP address from log lines using PowerShell

Recently I had to extract IP Addresses from log file and check their hostnames. The easiest way to get this was using regex pattern in Select-String command. Extract IP Address Lets says that we have a log file which contains lines like: AUDIT “2018-06-19 00:14:16.481 GMT+0200” 10.13.11.7 Server01:1812 0 0 “text=Access GRANTED cloudId=pawel.janowicz To extract IP Address from it we can use Select-String command with the following regex pattern “\d{1,3}(\.\d{1,3}){3}”>: …

Update Rollup

Get SCOM update rollup version remotely

Checking SCOM update rollup version using console is pretty simple. Things are getting a little bit complicated if we want to get this from server. Using WMI or PowerShell commands like Get-Hotfix probably we will not get this information. Update Rollup To check this locally we have to get FileVersion for OMAgentTraceTMFVer.Dll file. Each version is assosiated with one of the Update Rollups. For more information you can visit System …

Shadow Copy

PowerShell one-liner: Shadow Copy Backup date

This short article is about getting last Active Directory Shadow Copy Backup date. To check this we just have to scan event log for specific event id. AD Backup Information about Shadow Copy Backup is located in logname called ‘Directory Service’ and event id ‘1917’: “The shadow copy backup for Active Directory Domain Services was successful.” One of the command that we could use here is Get-WinEvent where we can …