Skip to main content


Showing posts from 2008

removing lines from repadmin output with powershell

i challenged a coworker to put his powershell class to good use and come up with a script that would actually have an impact, albeit little, to his day-to-day administrative work. he came up with a little script that would dump repadmin output to a text file and mail him an attachment. here’s the script: %{repadmin /replsum * /bysrc /bydest} > logfile.txt $filename = “logfile.txt” $smtpServer = “” $msg = new-object Net.Mail.MailMessage $attachment = new-object Net.Mail.Attachment($filename) $smtp = new-object Net.Mail.SmtpClient($smtpServer) $msg.From = “” $msg.To.Add(””) $msg.Subject = “Repadmin Report ” + [System.DateTime]::Now $msg.Body = “The daily Repadmin log file is attached” $msg.Attachments.Add($attachment) $smtp.Send($msg) this is okay, but opening that attachment every time would be irritating… so i thought it might be easier just to get the output into a variable and write it to the body of the

using powershell to replace “find” or “findstr”

this is one of those things i’m blogging to remind myself instead of bugging hal rottenberg . :) in order to find something inside a list of files, you can use find or findstr. what’s the difference between those? findstr is a bit more robust, accepting pattern matches with regex, for example. in most cases though, i’m just looking for a string inside of a list of text files. so here we go with find and the general output we can expect… C:\temp>find /i "wscript.echo" *.* ---------- DATE2INTEGER8.VBS ' wscript.Echo CurrentDate(Now) ' WScript.Echo CurrentDate(dDateThreshold) WScript.Echo oRecordSet.Fields( "cn" ) & ":" & oRecordSet.Fields( "displayname" ) & ":" & Integer8Date(oRecordSet.Fields( "pwdlastset" ).Value,lBias) ---------- DLNAMES.TXT ---------- DNS_DEBUG.LOG ---------- TEMP_SCRIPT.SM WScript.Echo WScript.Echo "=========================================="

discovery data manager fails while processing a ddr

seems like a good day to blog about sms.  this happened with sms 2003.  yes, i realize there’s a configmgr.  very soon, i’ll be using it!  :)  for the rest of the unfortunate few, here’s the background: i received this error in mom today.  this is one of those indicators that should immediately tell you that a great day is about to ensue. mySMSServer - SMS 2003 Perf Threshold: Site Server DDR Backlog > 10,000 over 3 hours. SMS Discovery Data Manager: Total DDRs Enqueued: value = 8700. The average over last 12 samples is 5280.83. that’s just bad.  further investigation showed that the server failed to process ddrs since 11/28/08.  i checked around to see if anything changed, but there wasn’t anything unusual.  so … off to the status messages.  here’s what i found: Microsoft SQL Server reported SQL message 242, severity 16: [22007][242][Microsoft][ODBC SQL Server Driver][SQL Server]The conversion of a char data type to a datetime data type resulted in an out-of-

using preloadpkgonsite.exe to stage compressed copies to child site distribution points

UPDATE: john marcum sent me a kind email to let me know about a problem he ran into with preloadpkgonsite.exe in the new SCCM Toolkit V2 where under certain conditions, packages will not uncompress.  if you are using the v2 toolkit, PLEASE read this blog post before proceeding.   here’s a scenario that came up on the mailing list. when confronted with a situation of large packages and wan links, it’s generally best to get the data to the other location without going over the wire. in this case, 75gb. :/ the “how” you get the files there is really not the most important thing to worry about. once they’re there and moved to the appropriate location, preloadpkgonsite.exe is required to install the compressed source files. once done, a status message goes back to the parent server which should stop the upstream server from copying the package source files over the wan to the child site. anyway, if it’s a relatively small amount of packages, you can

jalasoft and savision – that’s great teamwork…

i just got this press release.  i have to say, this is great stuff!  unless you’re near an “envisioning center” it’s really difficult to get a grasp of how all these partner products work together to form a cohesive monitoring platform with operations manager.  here’s a little blurb about it… Jalasoft and Savision team up at Microsoft Tech·Ed IT Professionals 2008 Santa Clara/Utrecht, October 27, 2008-- Jalasoft and Savision announced today that they are teaming up to provide demonstrations of their products at TechED IT Professionals 2008 this November in Barcelona.  Jalasoft’s Xian Network Manager Io and Savision’s Live Maps are both products designed to work with Microsoft System Center Operations Manager 2007. Live Map’s elaborate mapping features give Xian users the power to create network aware topologies, business process and geographical maps of your network. Additionally, Xian Network Manager adds network devices down to interface level allowing you a

southeast management user group – november 14, 2008!

hey folks, we’ve finished planning another user group and have the presenters and sponsors lined up.  acresso and securevantage were kind enough to buy us some food!  please make sure to register soon so we can get an accurate headcount to feed everyone.  :) head over to the official smug site for the agenda, located at: if you just want to register, here’s the link:   look forward to seeing you all!

ping sweeping with FOR statements …

i just wanted to familiarize myself with the for statement in powershell by playing around with a few examples.  this one, i find particularly useful in situations where for example, i’m sitting in a lab and need to know what IPs are available. back to what i was saying, to get familiar with the for statement, i thought i’d start off with what i know in cmd shell.  if you look at this this block below, you’ll see that i’m using the /L switch of the for statement to handle stepping through a sequence of numbers. for /l %i in (1,1,255) do @ping -n 1 99.206.102.%i | find /i ": bytes=" > nul && @echo Successfully pinged 99.206.102.%i Successfully pinged Successfully pinged Successfully pinged Successfully pinged     well, that worked out.  while the cmd shell has an IF statement, it doesn’t have a true if/then/else conditional statement.  you can simulate this in batch script… but you can’t do it w

executing batch files remotely with psexec …

if you’ve got a batch file of some sort (bat or cmd) sitting out somewhere that you want to execute remotely, you’ll want to make sure you’re following the right syntax to get this to work. here are some examples that DO NOT work: psexec \\myDesktop \\myServer\myShare\test.cmd   PsExec could not start \\myServer\myShare\test.cmd on myDesktop: Access is denied.   by default, psexec runs the context in localsystem.  since the system most likely doesn’t have access to the share, let’s give psexec some credentials which has access to the share: psexec \\myDesktop -u myUser -p myPassword \\myServer\myShare\test.cmd   PsExec could not start \\myServer\myShare\test.cmd on myDesktop: Access is denied.   ah, this isn’t going to work either, but we’re getting closer.  the access denied message throws me off a little since i know the password is right.  it seems the problem is that psexec will not execute the .cmd or .bat file without knowing the context in which to exec

dsmod bug when using the –c option?

UPDATE : thanks to some anonymous commenters, i have corrected my example in this post. it seems i left off the trailing %a in the for loop! oops. fixed now. i was visiting up in roanoke extolling about the boundless possibilities with command shells, scripting, etc to a near liability.  in other words, i bored them nearly to death.  :) to my surprise, it stuck.  i’ve been exchanging conversation with one of the site admins and ran across this bug while running through a sample scenario on listing members from one group and adding them to another.  typically, you could do this quite easily with the dsquery tool set. it looks something like this: dsquery group -name "myGroup" | dsget group -members | dsmod group "cn=myNewGroup,ou=etc,dc=etc,dc=etc" -addmbr –c   so what are we doing here? dsquery group –name “myGroup” – retrieves the dn of the group dsget group –members – retrieves the membership list (dn) of the group passed through the pipe dsmod group

verifying replication failure with admp and mom 2005

you’ve no doubt seen this error message if you’re monitoring active directory replication. The following DCs have not updated their MOMLatencyMonitor objects within the specified time period (8 hours). This is probably caused by either replication not occurring, or because the 'AD Replication Monitoring' script is not running on the DC. Format: DC, Naming Context, Hours since last update My-Site myDCserver, NDNC:DC=DomainDnsZones,DC=myDomain,DC=com, 16   typically, this error is generated when a DC is no longer replicating.  the ADMP script watches changes to an attribute called adminDescription.  under the container MOMLatencyMonitors off the root of the watched naming context, exist objects that represent all of the DCs for that naming context. for example: myDCserver, NDNC:DC=ForestDnsZones,DC=myDomain,DC=com, 9   this statement indicates that the domain controller myDCserver has not replicated the required value for 9 hours or more in the naming

restarting services and terminating processes with mom 2005

this particular example is for softgrid.  i thought it might be useful to generalize it for any purpose, though.  you probably already have services that may require a restart every now and then.  that’s pretty easy in mom.  you can do it by issuing a simple net stop && net start command as illustrated in this post . the general perception is that admins are lazy.  to help perpetuate this obvious lie, i tried to use the simple method above but failed.  it turns out that some services don’t terminate the processes upon stopping, as you would expect.  short of trying some ridiculously long for loop statements inside of the batch response, you have to go with a script. i really did consider going with batch script but ended up needing a bit more flexibility.  for instance, instead of blindly going through the cycle, i wanted to make sure we were still in the given condition before we went ahead with it.  to do that, we have to check the process utilization state.  any

troubleshooting device drivers with dpc problems

another little gem.  here’s what you need and some highlights: process explorer kernrate hklm\system\currentcontrolset\services run process explorer open the DPCs property check the performance graph - see if it’s high if it is, run kernrate for 30-60 seconds ctrl-c to escape and view the results the offending item should be at the top or close find the subkey associated with the offending item path is noted above modify the “start” value to 4 in order to disable it.  (at your own risk) thanks to steven daugherty … read the full article in windows it pro.

sysinternals is now a suite

suite?  sweet.  i thought it was always a complete pain in the ass to have to download different utilities in the suite.  now you can get the entire zip all at once.

renaming files with powershell or for loop …

i have a directory of scripts with names like mom_myScript.vbs or sms_myScript.vbs.  this is all so that i can do a relatively simple directory search to see what kind of scripts i have for a particular technology i’m working with.  the problem is, i flip-flip on my use of hyphens and underscores and have apparently done it often enough to warrant a little a clean up. first, the old way i would have done this in cmd shell.  it’s basically a for loop to go through the list of files in a directory that matches where the script has a hyphen.  to pull back just the file name, i’m using the dir /b command.  i’ve broken down the file name into tokens that’s separated by the hyphen and then renaming the files, positioning underscore between the tokens. for /f "tokens=1-2 delims=-" %a in ( 'dir /b mom-*.*' ) do @ren %a-%b %a_%b   here’s my new, preferred way to do it in powershell.  basically, i’m pulling back the list of files i want to work with

sql server 2005 database health script noise…

out of the box, the sql server 2005 db health script is amazingly noisy.  here’s a description of a sample event that you don’t need to see (unless you report on them). The database myDatabase in instance myInstance is in a healthy state.   aside from reporting on the value, you probably don’t care.  if you want to make this events stop for normal database state, you’ll need to modify the script sql server 2005 database health .   to begin with, look for this line: Public Function CheckDBHealth(sInstance, sHighSevDatabases)   if you search far enough down (around line 2400), you’ll see a block of code that looks like the following: Set objEvent = ScriptContext.CreateEvent() objEvent.EventSource = SCRIPT_NAME objEvent.EventNumber = iEventId objEvent.EventType = iEventType objEvent.Message = message objEvent.SetEventParameter(sInstance) objEvent.SetEventParameter(oDatabase.Name) objEvent.SetEventParameter(sState) ScriptContext.Submit objE

default refresh periods for dynamic dns

i wrote this article on dns aging/scavenging simplified awhile back.  one of my coworkers recently asked me what the default refresh period was.  wow, i had totally forgotten since i had written it and since i had forgotten to put it in the original post, it was more time on google than i wanted to spend to find it.  that means – blog it.  so here it is… the default refresh periods.  you can find this information from this article: . service default refresh period net logon 24 hours clustering 24 hours dhcp client 24 hours The DHCP Client service sends dynamic updates for the DNS records. This includes both computers that obtain a leased Internet Protocol (IP) address by using Dynamic Host Configuration Protocol (DHCP) and computers that are configured statically for TCP/IP. dhcp serve

imaged machines and the dnsapi event id 11163

i wonder if this is going to end up a long-winded post.  i never intend for that to happen because somewhere i picked up that technical information should be succinct.  however, when i started looking into this problem, it seemed like there just wasn’t good information on it. synopsis a user in your environment needs to have their machine reimaged.  as a loyal IT citizen, you promptly do so by any manner that happens to be your favorite (e.g. mdt, swimage, ghost, etc).  you bring up this machine as the same name.  later on, you try to remotely manage the machine but realize that the ip it once had is different.  you spin your wheels a bit trying to figure out why the new ip hasn’t registered in dns.  upon reviewing the event log of the machine, you discover events that look eerily similar to these: Event Type: Warning Event Source: DnsApi Event Category: None Event ID: 11163 Date: 8/12/2008 Time: 5:32:32 PM User: N/A Computer: myComputer D

show vmware snapshots script

here’s a simple, little powershell script to show all of your snapshots.  you have to use the vmware vi toolkit and virtual center to do this.  i have mine going to a html file, in this example. # ============================================================================= # NAME: VMSnapshots # AUTHOR: Marcus C. Oh, Cox Communications, Inc. # DATE : 8/5/2008 # COMMENT: A real simple script to pull back snapshots of a VM. # ============================================================================= $myVC = $Args[0] If ($Args[0] -eq $null) { Write-Warning "Please provide a server name as an argument." } else { $VCServer = Connect-VIserver -server $myVC -credential (Get-Credential $_.username) Get-VM -Server $VCServer | Get-Snapshot ` | ConvertTo-Html -Property created,quiesced,powerstate,` @{label = "Note" ;expression = {If ($_.Description -ne '' ){$_.Description} else { "None" }}},vm ` -Title

don’t roll vmware update 2 … yet (updated – fixed!)

if you’ve had the displeasure of applying update 2, here’s what you’re in for. An issue has been uncovered with ESX/ESXi 3.5 Update 2 that causes the product license to expire on August 12. VMware engineering has isolated the root cause of this issue and will reissue the various upgrade media including the ESX 3.5 Update 2 ISO, ESXi 3.5 Update 2 ISO, ESX 3.5 Update 2 upgrade tar and zip files in the next 36 hours (by noon, August 13, PST). They will be available from the page: Until then, we advise against upgrading to ESX/ESXi 3.5 Update 2. The Update patch bundles will be released separately later in the week. The issue is being tracked on KB 1006716 on WHAT TO DO: Reference this community article and have them reset your ESX clocks back. The work-around: turn off NTP (if you're using it), and then manually set the date of all ESX 3.5u2 hosts back to 1

background information on active directory

i was watching this interesting thread about the history of active directory and its roots going along the mailing list. looks like joe captured it here: if you’re interested in reading it. while i’m at it, he also posted a link to active directory’s ldap compliance. this is something, i too, lose all the time. so here it is for reference:

how to query for slash and backslash in active directory

often times when integrating with other idm solutions or using directory sync or some sort, the other system may not be able to parse the slash or backslash properly. here’s one way to root out where those objects may be residing and what they are. if you want to find objects in AD that may contain a slash (/) or a backslash (\) in the object cn, you can use a simple query like this: adfind - default -f "(|(cn=*\2f*)(cn=*\5c*))" dn cn same thing with dsquery, if you prefer that: dsquery * domainroot - filter "(|(cn=*\2f*)(cn=*\5c*))" -attr distinguishedname cn you can find this and more in the list of escapable characters at: . don’t miss joe richards ’ comment in the community section. :) and of course, you can find this information in rfc2254 . (the msdn list is more complete, oddly.)

inventory tool for dell update pulled!

in case you missed it, check out this link: it seems microsoft has pulled the ITDU scan tool.  we noticed this issue come up dell servers with perc 6 controllers.  if it hadn’t been for one of our mindful development teams, we probably wouldn’t have noticed.  it looked as if scanwrapper.exe was calling perc5.exe to interrogate the controller card.  this was causing errors to pop up in the event log indicating the mismatched condition. our quick workaround was to stop remove any servers in our collections that had perc 6 listed as the scsi controller in hardware inventory.  seems to run fine on older hardware still. here are the details from the page: Please Note: Effective July 2008 the Inventory Tool for Dell Updates file (SMS2003ITDU_ENU.exe) has been pulled due to an issue that was causing installations to fail. An updated version of the tool will be post

sql query for top user of a computer

this pulls data from the v_gs_system_console_user table to determine who the top user is.  there’s a drawback to the asset intelligence method of gathering this information that’s presented in the v_gs_system_console_usage table in that if you have applications running as service accounts performing logins, they may show up as the top user. declare @machine nvarchar(50) set @machine = 'myComputerName' select top 1 sys.name0 as 'name' , usr.systemconsoleuser0 as 'user' , usr.numberofconsolelogons0 as '# logons' , usr.totaluserconsoleminutes0 as '# mins' from v_r_system sys inner join v_gs_system_console_user usr on sys.resourceid = usr.resourceid where sys.name0 like @machine order by usr.totaluserconsoleminutes0 desc   and something for fun, i gathered from this post .  if you want the second most active or top user, then you’d run the query like this:

cmd shell is not dead: redirection and conditional execution...

sometimes, going back to your roots can be the fastest way to get something done.  i visit so often when i'm looking for things related to batch that i feel like i should be donating to it.  it's the cat's meow. here's two links to things i use often when dealing with the cmd shell: redirection conditional execution this is one of the best gems of redirection that i love.  just using a redirect in a statement will only generate half of the expected output if the application truly writes to all of the available data streams.  that's when you do something like this which will output both stdout and stderr to the same file. command > file.txt 2>&1

system center capacity planner and jonathan hardwick

i had the pleasure of going up to redmond for a couple of a days when the capacity planner team had opened up invitations for mvps.  it was pretty fun.  i was there with a couple of exchange mvps and a room full of tap customers. it looks like the product has matured quite a bit from what i saw back then.  since we’re getting ready to plan for opsmgr, i thought it might be worthwhile to try it out.  anyway, jonathan made his announcement here which i seemed to have missed.  :)  oops. that’s okay though.  it looks like i’m finding it just in time for me since the opsmgr module was released not too long ago . 

monitoring dns [revisited] …

update: i revised this script to add the “debug” parameter because i was having some issues with it reporting inaccurately about looking up domains.  if you set this parameter to true, you’ll find a log called “dns_debug.log” in your %windir%\temp directory.  anyway, i finally got it all fixed.  i went ahead and updated this post along with the post date. you might recall a previous post about monitoring dns synthetically .  after much frustration with how poorly i wrote it the first time (lacking key things like sleep and retry attempts), i decided to update it a little bit to make it work better.  instead of the previous two parameters, you’ll now need four. HostNames – comma-delimited list of hosts to query (“,,”) or whatever… LogSuccessEvent –boolean value to log successes (very noisy) Repeat – how often to try before determining the query fails Sleep – interval between queries (in milliseconds) Debug – boolean value s