Draft of powershell script to sync information between Veeam Backup and Replication and vcsa

Below you can find the sample of the script, which reads information about done backups from VBR server and writes it into custom attributes of each backed up VM in vcsa (considered that custom attributes are named as “05-last-backup”, “06-vbr-restore-points”, “07-vbr-job-options”; vcsa is named as  “vcsa.itforce.local”; VBR is named as “veeambr.itforce.local”)

To pre-create custom attributes for each VM in your vcsa:

connect-viserver vcsa.itforce.local
New-CustomAttribute -TargetType "VirtualMachine" -Name "05-last-backup"
New-CustomAttribute -TargetType "VirtualMachine" -Name "06-vbr-restore-points"
New-CustomAttribute -TargetType "VirtualMachine" -Name "07-vbr-job-options"

The script prerequisites:

  1. script easier to run directly from veeambr server.
  2. veeambr server should have network access to vcsa by 443 port
Read the rest

How to get list of all AD users in AD group

To list all members of one AD security group:

Get-AdGroupMember -identity "Domain Admins" | get-aduser -Properties * | ft name, samaccountname, whencreated

To list all sec. groups of one AD user (member of what groups):

Get-ADUser -Identity [someone'-samaccountname] -Properties memberof|Select-Object -ExpandProperty memberof

To copy all groups from one AD user to other:

Get-ADUser -Identity [source-user-samaccountname] -Properties memberof|Select-Object -ExpandProperty memberof|Add-ADGroupMember -Members [target-user-samaccountname]

# all groups of [source-user-samaccountname] will be copied to [target-user-samaccountname]… Read the rest

Recommendations for powershell profile

As i showed in my post about creation of powershell profile you can add into profile your own frequently used functions.

I recommend to name them with permanent prefix. For example i create all my functions as moguy-cdp, moguy-esxi and so on.

In this case you don’t need to remember the name of your function to run, just start typing as moguy… and autocompletion will show you all your functions.

for example:

function moguy-vms


Get-VMHost | Get-VM | Select-Object Name, PowerState, NumCpu, MemoryMB, VMhost, @{N="Datastore";E={Get-Datastore -vm $_}}, UsedSpaceGB, ProvisionedSpaceGB, @{Name='ToolsVersion';Expression={$_.Guest.ToolsVersion}}, @{Name=’VMHostVersion’;Expression={$_.VMHost.Version}},Version, @{N="IP Address";E={@($_.guest.IPAddress[0])}},@{Name=’Cluster’;Expression={$_.VMHost.Parent}}, @{N="PortGroup";E={Get-VirtualPortGroup -VM $_}}, @{N="owner1";E={$_.customfields.item("owner1")}} | Export-Csv 
Read the rest

powershell script notification about expiration of password for AD user

#Import AD Module
Import-Module ActiveDirectory

#Create warning dates for future password expiration
$SevenDayWarnDate = (get-date).adddays(7).ToLongDateString()
$ThreeDayWarnDate = (get-date).adddays(3).ToLongDateString()
$OneDayWarnDate = (get-date).adddays(1).ToLongDateString()

#Email Variables
$MailSender = " Password AutoBot <password-alerter@itforce.com>"
$Subject = 'FYI - Your account password will expire soon'
$EmailStub1 = 'I am a bot and performed this action automatically. I am here to inform you that the password for'
$EmailStub2 = 'will expire in'
$EmailStub3 = 'days on'
$EmailStub4 = '. Please contact the helpdesk if you need assistance changing your password. DO NOT REPLY TO THIS EMAIL.'
$SMTPServer = 'smtp.itforce.local'

#Find accounts that are enabled and 
Read the rest

How configure ssh_config for windows openssh client, for example for PubkeyAcceptedKeyTypes=+ssh-dss

Since win10 you have openssh ssh.exe in


So to use passwordless ssh connection you maybe need to provide ssh.exe “PubkeyAcceptedKeyTypes=+ssh-dss”

For this you can create ssh_config file anywhere (for example in c:\users\yourname\.ssh near your id_dsa private key file) with only one line:


so now you can:

ssh yourname@ -F "c:\users\yourname\.ssh\ssh_config"

where for example your ssh server, san_switch, HPE virtual connect manager, nimble storage and so on

the same is true for openssh server installed from home site on win2016 server
only ssh.exe file will be in
“C:\Program Files\OpenSSH-Win64” (by default installation)… Read the rest

Use powershell module to automate Nimble storage administration

Install Nimble module for powershell

Install-Module -Name HPENimblePowerShellToolkit -RequiredVersion 3.0.0

Use below script to connect to nimble SAN storage, and create LUN, Access InitiatorGroup and assign the LUN access group

import-module HPENimblePowerShellToolkit
#this section for inputs, what should be changed
$arrayname = "nimble-group02.itforce.local"
$nm_uid = "admin"
$nm_password = ConvertTo-SecureString -String "[your-password]" -AsPlainText -Force
$nm_cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $nm_uid,$nm_password
Connect-NSGroup -group $arrayname -credential $nm_cred -IgnoreServerCertificate

# The following commands are used if creating an FC connection

$description="Initiator Group for ”+$servername
$performancepolicyid=Get-NSPerformancePolicy -name default | select -ExpandProperty id

New-NSInitiatorGroup –name $servername –access_protocol fc –description 
Read the rest

how properly enter into maintenance mode on Exchange2016/2013 DAG

Let’s assume that we have

ex01.itforce.local and ex02.itforce.local Exchange 2016 servers in DAG cluster. We need to install new CU on this cluster without downtime. (assumed that all CAS, smtp protocols are properly loadbalanced). So we need:

  1. at first disable all workloads/switch to maintenance mode on the node ex01,
  2. install CU on ex01,
  3. reboot ex01
  4. exit from maintenance mode on ex01
  5. enter into maintenance mode on ex02
  6. install CU on ex02,
  7. reboot ex02
  8. exit from maintenance mode on ex02
  9. equally spread workload on both nodes again
#goto ex01
#run in elevated mode powershell for exchange

#prepare smtp transport:
Set-ServerComponentState ex01 
Read the rest

How to report all hidden mailboxes with related AD user Enable status

# find all hidden mailboxes for whole AD  and show AD user’s Enabled/Disabled status, plus with location (in what OU)

get-mailbox -resultsize unlimited | where {($_.IsMailboxEnabled -eq "True") -and ($_.HiddenFromAddressListsEnabled -eq "True" )} | select-object name, samaccountname, @{N="ADAccount-Is-Enabled"; E={(get-aduser -Identity $_.samaccountname).enabled}}, PrimarySmtpAddress, IsMailboxEnabled , HiddenFromAddressListsEnabled, OrganizationalUnit| export-csv -path c:\temp\hidden.csv -NoTypeInformation
Read the rest