Skip navigation

Category Archives: Technology

Discussion on any and all tech related items. New tech, tech usage, etc.

So I was in Tennessee on Sunday for Easter, and the conversation came up regarding scripting and programming. Now I’ve heard a lot of people discuss scripting with a sense of unapproachable grandeur and well, nothing could be further from the truth. Some scripting languages share objects/classes/methods etc. as your more robust programming languages, but quite honestly, it’s just a method for causing objects to behave in a sequenced manner according to your wishes. Not much different than a script an actor might read from.

Much like actors, who perform better for certain roles, script languages have better fits in certain areas than others. I intend for this to be a multipart post to discuss different script languages moving forward, but lets start with the basics. I’m going to break down 4 popular, widely used, scripting languages and show a few simple examples of them at work.

“Well, how is that different than a program?”

Well, the primary reason they are different is programming yields binary files. Essentially all the coding you do is then changed into unreadable machine code that performs what the developer intended.

Scripting is code that tells a binary file what to do. The binary file that reads the script is called an interpreter. So it will dynamically take code that is human readable and translate it to the computer.

Scripting is very versatile, but generally speaking you aren’t creating anything, only controlling what presently exists. More sophisticated shells (bash, PowerShell) will allow you to extend functionality of current commands etc., but generally speaking it’s still scripting unless it results in a new program all together.

In the end, the dynamic nature of scripting makes it a preferable solution for real time solutions, and automation in computer infrastructures. It’s also considerably easier to debug and resolve issues as there aren’t lengthy compile processes between build outs. However, there are times when a script just won’t cut it and you need to build an application.

Batch Editing {

Let’s start with one that a lot of people in the windows world are already very familiar with and start establishing an idea of what a script is.

With batch editing, the .bat extension identifies to the interpreter that the file is to be read as a script by the command shell. Anything you can do within the cmd prompt can be sequenced and completed in a batch file. It’s read sequentially line for line and accepts GOTO statements as well as IF clauses and LOOPs.

Let’s break down a simple batch file I use for drive mounting and dismounting at login:


@echo off
Rem —————————————————
Rem Drive Mounter
Rem Author: Daniel Belcher
Rem Modify drive letters and paths to match need
Rem Place in Startup folder for login init
Rem —————————————————

Rem Check for Corporate connection
ping -n 1 addresstoping > nul
If %errorlevel% EQU 0 (GOTO MOUNT) Else GOTO UMOUNT

Rem Drive Mounter
Rem Modify this section to match your desired paths

:MOUNT
net use /p:yes > nul
net use h: \UNCPATHONE > nul
net use i: \UNCPATHTWO > nul
GOTO END

Rem Drive Umounter
Rem Modify this section to match paths for Umount
:UMOUNT
net use /p:no > nul
net use /d h: > nul
net use /d i: > nul
GOTO END

:END


I just want to focus on 4 things here.

  1. Sequence
  2. Command usage
  3. Output usage
  4. Conditional logic

Sequence:

As a batch file is read by the command shell its read line, by line. This is equivalent to someone typing these commands one after another. If you wish to jump around in the script you can use GOTO or RETURN.

The commands “net” and “ping” should be familiar commands to any windows administrator. They are all part of the native shells command base. This is fairly standard in any shell scripting which is more akin to controlling commands than objects.

As with all scripts there is an output to be utilized. When you are building a sequence it’s important to check for a return and respond accordingly. An example of output capture here is done with %errorlevel% which is a standard output variable with the command shell. It’s also possible to declare variables inside a batch file using SET VARIABLE = STRING/ACTION/STATEMENT (that’s a bit beyond scope for what I’m covering here). You will also notice I tail most statements with a > nul. What’s being done here is called a redirect, that is, redirecting the output to a file or another command, in this case a null value which causes no console output.

Finally conditional statements. As it’s name implies, it’s a statement that checks for a certain condition. In this short script we are checking if the value of our %errorlevel% variable is equal to 0. This is defined by the conditional IF. So what we are asking the script here is, if ping has no errors GOTO MOUNT, else GOTO UMOUNT.

So what does this batch file do?

It calls the command shell, requests that it pings addresstoping 1 time and if there is no errors (destination is reachable) it goes to mount the network drives to the local machine. If the host is unreachable it clears potential instances of those drive mappings and then closes out.

If you want more information on batch commands and batch in general, read up.

} gnitidE hctaB

 

In my next post(s) I will give some examples of Bash scripting, PS scripting, and VB scripting.  I will also dedicate more focus towards them and try to explain their strong points and usages. 


Stick to the Script Parts 1 – 4:

  1. Stick to the Script…
  2. Stick to the script #!/BIN/BASH…
  3. Stick to the script CreateObject(“Wscript.Shell”)…
  4. Stick to the Script PS C:> PowerShell …

So recently we had to perform an AD cleanup of aged computer objects in our environment.  For a lot of companies this is a pretty standard procedure, for others, it’s just ignored (as was the case for us for a while).

Anyway, in the course of completing this task we had looked at a few scripts and tools that others had written/published around the internet and I inevitably got the bright idea to sit and write a tool for us to use in PowerShell.  So I setup my goals and fired up the old editor and went to work.


Objectives:

  • Identify aged objects
    • To identify aged objects, I went with the PasswordLastSet property of the object. There really isn’t a much better one to utilize, and it works off a 30 day cycle so it’s close enough.
  • Write out data for records
    • For write out I built a switch (–report) that will utilize the export-csv cmdlet to export a record of machines to the current users desktop.
  • Move objects to different OU
    • For moving objects I used the Move-ADObject cmdlet from the activedirectory module available with win 7 and server 2008 features.
  • Generic (no non standard add ins)
    • To keep it generic I chose to use the activedirectory module since we are running on 2008 servers, and migrating to windows 7. This insures future state usage, and prevents additional downloads or installs for functionality.
  • Modular (sometimes you just want a report)
    • To keep it modular, I built the (-move) switch. Unless the user explicitly defines this then the script will only report what was requested. Either to console output, or to a csv on the desktop (-report).
  • Versatile for targeting object date ranges and OUs
    • To insure versatility, I left 3 variables to be declared. $TIME, $TARGETR, $TARGETM. Date range, target OU to read, and Target OU to move respectively.
  • Script initially with potential to integrate in profile as a function
    • To build it as a standalone script, I originally had a (-help) switch that would output similar information as the get-help blah-blah –examples. Now with it functionized, I’ve removed that and added an overall function name to the code.

How it works:

Once applied to the PowerShell profile it can be called using get-adinactivecomputer.  By default it requires a date range either specified in <number>d for days or <number>y for years and a target OU to search from.  If these variables aren’t applied at the command line the function will request them at run time.

If –move and –report are specified then the function will need a target OU to move the items to and will generate a list with Object names and PasswordLastSet dates on the desktop and attempt to move them to the specified OU.  The switches must be declared at the command line but all variables are requested at run time if not stated before hand.


Now the nuts and bolts…..

admove1

First we check for the $TIME variable and request if it’s not present, then insure it’s in string format.  We’ll check that string for a d or a y to determine how to handle the string and then convert it to an appropriate integer value.  We’ll also bailout if we can’t distinguish the range (since this is a has the potential of causing serious AD harm we want to insure the user is accurate in their input).

Second we’ll check for the –report switch and if it’s present we’ll run the internal ADCLEANUP function and pipe it to export-csv $homedesktopinactivecomputers.csv.  If it’s not then we’ll just generate output to the console.  We pass the $TIME and $TARGETR variable to this function.

Third we check for the –move switch, and if it’s present run the internal function MOVEOLD and pass it the $TARGETM variable.

Fourth and final step, we nullify a global variable set during the ADCLEANUP function.

 


admove2

First step of the ADCLEANUP function is to insure the activedirectory module is loaded.  Next it verifies that a $TARGETR variable exists, if not it will prompt for one.  It then will take and search AD for the distinguished name of the OU provided. 

Next we build a date range variable using .Net Date Math.  We will subtract the total number of days by the integer value provided in $TIME from Today’s date and store that in $COMPARE. 

Now we declare a global variable $ADLIST that grabs all computer objects with PasswordLastSet property less than or equal to $COMPARE from the $TARGETR OU.

We then process those objects with a ForEach into a PSObject for reporting purposes specifying the Name and PasswordLastSet properties.  I did this mainly to guarantee a clean csv export.

 


admove3

The MOVEOLD function is fairly straight forward.  We check for the $TARGETM variable, if it doesn’t exist we prompt for an input.  We then build $TARGETM into a manageable string, then again we set it as a proper OU.  We run the $ADLIST through another ForEach statement and use Move-ADObject to relocate each $ITEM to $TARGETM.

 


I posted this script on the script center repository.  I didn’t build in any error catching which I should have, and plan to revisit that at a later date.  I enjoyed writing it so much I wanted to take some time to dissect it and discuss it a bit.  Hopefully this information proves useful to someone with similar goals and or general interest. 

For the the Microsoft.Powershell_profile.ps1 and Microsoft.PowershellISE_Profile.ps1 version of the script, perform the following steps in order:

Uncomment lines 4 and 193

Delete lines 7 through 50

Delete: ,[switch]$HELP from line 6

Delete line 46

Modify line 60 to read:                    `n`nTry get-help Get-InactiveADComputer -Examples`n";break}

For those of you who know me know, I was promoted to a new position within my company about a year and a half ago give or take a few months. I’m now a systems management and engineer for my company. With that position came the rollout of SCCM and its plunged me into an entirely different world inside the IT sector. I do a bit of everything, while still remaining highly specialized around Microsoft’s System Center Configuration Manager (sccm).

Anyway, one of the main industry culture groups I’ve become acquainted with (myitforum) houses a pretty nice collection of us from around the globe. Recently as I was perusing some of the mailing lists I found one of the Microsoft SCCM mvps lives in my same home town. Now, lets pause here a second.

1) SCCM work is very specialized and the community is small.

2) SCCM utilization allows for small teams to manage thousands of pcs fairly effectively.

3) Again, there are few of us, and even fewer still are mvps.

So I of course reached out to him and we have spent a fair amount of time talking shop, work history, industry, war stories, etc. This is something I believe a lot of people take for granted in their respective fields. We finally met together tonight in person and hashed it out for about 4+ hours before finally forcing a break.

It’s amazing the way people are brought into your life and often fill a void you didn’t fully realize was there. For a nerd like me, having someone I can truly sit and talk interests with is an incredible blessing.