Oct 14, 2014

boosting the powershell ise with ise steroids

Ever since the PowerShell ISE was released, I slowly moved away from using some of the other things I was pretty fond of like PowerShellPlus and PrimalScript. It’s mostly because it’s super convenient.

Along came ISE Steroids. I can’t really speak to 1.0 since I just started on 2.0 and just started very recently, actually. So far, I’m pretty impressed. The best part of using it, is it doesn’t force the convenience factor to change at all. Installing it is as simple as unzipping the files to your module path ($env:PSModulePath -split ';'). After that, you launch it with Start-Steroids. That gives me the convenience of using the plain ol’ ISE or switching into a hyper-capable ISE.

I’ve only begun scratching the surface of its capabilities though here are some things I’ve been using so far:


Help. I love this feature. Anything I click on in a script, the help add-on will attempt to look up and present relevant information.


Variables. This is another feature I love. Having a variables window makes debugging so much easier.



Is there someone on your team that codes in a manner that only their mother could love? If so, you might benefit from using the Refactor process. It’s basically a series of scripts that will comb the hair and wash behind the ears of your PowerShell script. It’s not perfect, but it performs admirably. It’s also configurable if you need to tune things down from default. Here’s an example:


foreach ($item in $smsobjects){
#write-host $item.name
$machinesfromSMS = $machinesfromSMS + $item.name}

foreach ($item in $sms2012objects){
#write-host $item.name
$machinesfromSMS = $machinesfromSMS + $item.name}


foreach ($item in $smsobjects)
    #write-host $item.name
    $machinesfromsms = $machinesfromsms + $item.name

foreach ($item in $sms2012objects)
    #write-host $item.name
    $machinesfromsms = $machinesfromsms + $item.name

Which would you rather read and interpret?


I would love to see the context sensitive help add-on retrieve things from the console or at least a search box to look up information manually. At this time, I have an empty script where I type in the command to make it show me help information.


ISE Steroids isn’t a new shell, a giant development environment, or anything that fancy. It’s a lot of little things that tunes out the default PowerShell ISE into a highly functional shell and scripting environment. It’s extensible with other add-ons and supports launching applications from the ISE. (ILSpy and WinMerge come loaded.)

It’s my new favorite. I’m hooked. If you like the PowerShell ISE environment, you should check it out. There are many more features I haven’t brought up (signing, version control, wizards, etc.)

Oct 8, 2014

using netsh to capture packets

Outages. Aside from the massive pressure of having to restore service, they can be pretty useful to learn new things. One recent discovery that was news to me is that you can use netsh to capture network traces. WHAT?! Yeah1.

It appears on modern-ish operating systems (Windows 7/Windows 2008 R2 and above) you no longer need to install your favorite packet tracing application to capture packets. Who doesn’t like to cuddle up with a nice packet trace, eh? Obviously if you’re on a desktop OS, you should just load packet capturing utility of choice (and it had better be Network Monitor if you intend to open the .ETL trace) -- unless you like to read it in some other way. That would mean your skillz are simply amazing and are wasting your time here!



The most basic way to start and stop a trace is by performing the following commands:

As you can see, netsh displays the trace configuration as well. It’s not the full configuration of defaults though.

netsh trace start capture=yes

Trace configuration:
Status:             Running
Trace File:         C:\Users\me\AppData\Local\Temp\NetTraces\NetTrace.etl
Append:             Off
Circular:           On
Max Size:           250 MB
Report:             Off

netsh trace stop


Pulling the help file (trace start help) will provide the list of defaults if you run the command as indicated above. I have them illustrated here for reference.

capture=no (specifies whether packet capture is enabled in addition to trace events)
report=no (specifies whether a complementing report will be generated along with the trace file)
persistent=no (specifies whether the tracing session continues across reboots, and is on until netsh trace stop is issued)
maxSize=250 MB (specifies the maximum trace file size, 0=no maximum)
overwrite=yes (specifies whether an existing trace output file will be overwritten)
correlation=yes (specifies whether related events will be correlated and grouped together)
traceFile=%LOCALAPPDATA%\Temp\NetTraces\NetTrace.etl (specifies location of the output file)

I have highlighted the defaults which do not show up in the trace file output.



Message Analyzer. You can open the file in Message Analyzer quite simply. (It’s also a brilliant tool.) By simply, I mean, just open the file once you have it running. This is my favorite way.


Network Monitor. You can expect the same results in Network Monitor but will need to do one additional step. Even without doing it, you’ll be able to read the frame details. The frame summary won’t make much sense though.

  1. Go to Tools | Options | Parser Profiles.
  2. Choose Windows and select Set As Active.

Wireshark. You are pretty much on your own. There are ways2 to convert .ETL to .CAP or whatever if you really need to stick that much to your guns.


I’m not really sure why I used this photo. Maybe it’s because it looks like a tangled mess of grapevines when in reality, it’s stacked. It’s a matter of perspective, I suppose. Right, LouisG?

1 Probably as strange as just realizing I wrote this blog post with capitalization.





2 http://blogs.technet.com/b/yongrhee/archive/2013/08/16/so-you-want-to-use-wireshark-to-read-the-netsh-trace-output-etl.aspx

Oct 1, 2014

Microsoft Most Valuable Professional (MVP) 2015

Hello everyone. I received the news today that my MVP award has been renewed. I feel privileged to receive such a distinguished honor in company with some of the brightest minds in technology. Congratulations to all of my fellow MVPs who were also renewed today.

imageIt is with great pride we announce that Marcus Oh has been awarded as a Microsoft® Most Valuable Professional (MVP) for 10/1/2014 - 10/1/2015. The Microsoft MVP Award is an annual award that recognizes exceptional technology community leaders worldwide who actively share their high quality, real world expertise with users and Microsoft. All of us at Microsoft recognize and appreciate Marcus’s extraordinary contributions and want to take this opportunity to share our appreciation with you.

With fewer than 4,000 awardees worldwide, Microsoft MVPs represent a highly select group of experts. MVPs share a deep commitment to community and a willingness to help others. They represent the diversity of today’s technical communities. MVPs are present in over 90 countries, spanning more than 30 languages, and over 70 Microsoft technologies. MVPs share a passion for technology, a willingness to help others, and a commitment to community. These are the qualities that make MVPs exceptional community leaders. MVPs’ efforts enhance people’s lives and contribute to our industry’s success in many ways. By sharing their knowledge and experiences, and providing objective feedback, they help people solve problems and discover new capabilities every day. MVPs are technology’s best and brightest, and we are honored to welcome Marcus as one of them.

To recognize the contributions they make, MVPs from around the world have the opportunity to meet Microsoft executives, network with peers, and position themselves as technical community leaders. This is accomplished through speaking engagements, one on one customer event participation and technical content development. MVPs also receive early access to technology through a variety of programs offered by Microsoft, which keeps them on the cutting edge of the software and hardware industry.

As a recipient of this year’s Microsoft MVP award, Marcus joins an exceptional group of individuals from around the world who have demonstrated a willingness to reach out, share their technical expertise with others and help individuals maximize their use of technology.

Rich Kaplan
Corporate Vice President
Customer and Partner Advocacy
Microsoft Corporation


If interested, this is my MVP profile: http://mvp.microsoft.com/en-us/mvp/Marcus%20C.%20Oh-10604

Sep 26, 2014

atlanta systems management user group 10.03.14

I cannot honestly believe it’s already time for our user group meeting. It’s one week from now. It’s kind of crazy how fast time goes by. It’s also a lot more effort to put these together than you would expect.

So for that, I am grateful to all of the folks that help keep this going, all of the sponsors that help keep us eating, our perpetual sponsors that give us lots of great giveaways and benefits, all of the speakers that bring great content, and all of the people, like you, that come share your knowledge.

At our last user group meeting, we took an opportunity to use the space in the MTC side of the Microsoft office. What we discovered was the interaction was entirely different than the classroom spaces. It provided a better environment for interaction which is ultimately what we’ve always strived for -- networking, meeting your peers in the industry, and sharing knowledge. That’s the benefit of tying into a user community. You grow your access to knowledge exponentially.

Shavlik is our sponsor this quarter. Their product addresses the big hole of patch management where Windows patching ends -- third party. Here’s a little blurb:

Today, it's not Windows that represents the most vulnerabilities, but instead it's the applications that run on Windows that expose businesses to holes in computing security. The National Vulnerability Database reports that 86% of reported vulnerabilities come from third party applications. With Shavlik Patch for Microsoft System Center, administrators have the ability to automate the patching of third party applications within the System Center Configuration Manager console, providing confidence that third party application vulnerabilities are covered.

Here’s the rest of the schedule:


We have three seats left by last count. The drawback to using the MTC space is we lose some room so we’ll be running a tight ship trying to maximize all the seating available. If you haven’t registered yet, there’s still time! Get all the details here, including the registration link: http://www.atlsmug.org/events/atlanta-systems-management-user-group-100314

See you there!

Sep 25, 2014

powershell: limitation on retrieving members of a group

If you have large group memberships, you might have already run into a limitation with Get-ADGroupMember where the cmdlet will fail with this message:

get-adgroupmember : The size limit for this request was exceeded
At line:1 char:1

(Don’t believe me? Go ahead; try it. I’ll wait.)

It seems the limitation comes up when you query a group with more than 5000 members. The easiest way to get around this would be for Microsoft to come up with a switch that let’s you set the size limit. That’s probably also the longest wait. :) Not to worry, there are ways to get around it.


Get-QADGroupMember. Remember this cmdlet? It’s a part of the Quest AD cmdlets. Of course, Quest no longer exists after being gobbled up by Dell so your mileage may vary. It does include a –SizeLimit switch so you can merrily bypass the limitations with it.

Get-ADGroup. If you query the group for its member property and expand it, you can get around the size limit. Here’s how it’s done:

Get-ADGroup myLargeGroup -Properties member | Select-Object -ExpandProperty member


Get-ADObject. This AD cmdlet to retrieve objects generically is useful also to get around this limitation. It’s pretty much the same as above. Just use Select-Object to expand the property.

Get-ADObject -LDAPFilter "(&(objectcategory=group)(name=myLargeGroup))" -Properties Member | Select-Object -ExpandProperty member


DirectorySearcher. I wouldn’t recommend doing this unless you actually feel like you need to or want a challenge. It’ll be more typing (or realistically, more cutting and pasting) than you want to do. It does seem much faster. Haven’t timed it though.

([adsisearcher]"name=myLargeGroup").FindOne() | % { $_.GetDirectoryEntry() | Select-Object –ExpandProperty member} 


Active Directory Web Service. The last thing you can do is modify the webservice.exe.config file and change the MaxGroupOrMemberEntries value. This will affect the behavior of other cmdlets as well. I haven’t tried this myself since the other workarounds are fine for me so make sure you read Jason Yoder’s post on this and TEST it out: http://mctexpert.blogspot.com/2013/07/how-to-exceed-maximum-number-of-allowed.html