Powershell

Script to check multiple servers which services are using specific accounts

2 Jul, 2014 in IT / Powershell / Uncategorized tagged Powershell by Xander

A client wanted to rename a specific account, but they were afraid to change this specific account because it could be used as a service account for several services running on a number of servers. Because I didn’t want to logon to all those servers manually I decided to create a powershell script.

Hereby the source code :

$DefineSaveLocation=&quot;f:\powershell&quot;
$SaveLocaPath=Test-Path $DefineSaveLocation
if ($SaveLocaPath -eq $False)
    {New-Item -ItemType directory -Path $DefineSaveLocation}
cd $DefineSaveLocation

Foreach ($Server in Get-Content &quot;F:\powershell\inputfile.txt&quot; )
 {
  Write-Host &quot;Retrieving Servers for $Server &quot;    
  Get-WmiObject win32_service -ComputerName $Server  | select Name,
  @{N=&quot;Startup Type&quot;;E={$_.StartMode}},
  @{N=&quot;Service Account&quot;;E={$_.StartName}},
  @{N=&quot;System Name&quot;;E={$_.Systemname}} | Sort-Object &quot;Name&quot; &gt; &quot;.\$Server -Services.txt&quot;
 }

$DefineSaveLocation="f:\powershell"

$SaveLocaPath=Test-Path $DefineSaveLocation

if ($SaveLocaPath -eq $False)

{New-Item -ItemType directory -Path $DefineSaveLocation}

cd $DefineSaveLocation

Foreach ($Server in Get-Content "F:\powershell\inputfile.txt" )

{

Write-Host "Retrieving Servers for $Server "

Get-WmiObject win32_service -ComputerName $Server | select Name,

@{N="Startup Type";E={$_.StartMode}},

@{N="Service Account";E={$_.StartName}},

@{N="System Name";E={$_.Systemname}} | Sort-Object "Name" > ".\$Server -Services.txt"

}

This script uses a inputfile containing the servernames. You can use for example use rvtools or an WMI query to create this file.

After running the script the output is as follows :

(Click the picture for a full view)

I imported this file into excel and from now it’s easy to check for accounts being used etc.

Make sure to run powershell in elevated mode and don’t forget the set-executionpolicy unrestricted option.

Exchange & Lync : Find and fix broken inheritance

23 Feb, 2013 in Exchange / IT / Lync / Uncategorized tagged Exchange / Lync / Powershell by Xander

Many times I’ve ran into the following error :

(Error : unsufficient access rights to perform the operation) while moving Lync users of moving mailboxes in Exchange.

This is due to the following :

Include inheritable permissions MUST BE ENABLED. (Also for other tasks)

When this is one or a couple of users this is no problem. When you have >100 users then you don’t want to do this manually.

This is how to script this :

First check witch users are having this problem using the following command :

Get-QADUser -SizeLimit 0 | where {$_.DirectoryEntry.psbase.ObjectSecurity.AreAccessRulesProtected}

Example :

You see the accounts which are having this problem. Nothing is fixed yet. Therefore you need to run the following command :

Get-QADUser -SizeLimit 0 | where {$_.DirectoryEntry.psbase.ObjectSecurity.AreAccessRulesProtected} | Set-QADObjectSecurity -UnlockInheritance

M	T	W	T	F	S	S
« Jul
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

vWorld.nl

Because IT's a virtual World!

Because IT's a virtual World!

Script to check multiple servers which services are using specific accounts

Exchange & Lync : Find and fix broken inheritance