Configuring PowerShell for Server Administration
Like so many others, I’ve recently been learning just how powerful and useful Microsoft’s PowerShell can be. One of its best attributes is how extensible it is. There are a ton of 3rd party plugins and modules that allow you do to amazing things, very easily. As I use the tool more and more, I’ve found a core set of extensions that are vital for my daily work. Besides that, there’s some client side configuration that I do in order to automatically load those modules and snapins when I start PowerShell. Admittedly, it does make the PowerShell window take a little bit longer to open, but when I’m using those tools 90%+ of the time, I figure that it’s better to just grab them by default. So, here is how I like to configure my administrative workstation’s PowerShell.
The first thing that I do is upgrade to PowerShell 3.0. Microsoft has PowerShell 3.0 Installation Instructions available; make sure that you follow them. If you don’t have the correct version of .NET Framework, the PowerShell 3.0 installation will probably silently fail. PowerShell 3.0 introduces some performance improvements and some great new features (send-mailmessage and more robust PowerShell Remote Session support, amongst others).
Next, I install the RSAT (Remote Server Administration Toolkit) from Microsoft. That toolkit has a bunch of great stuff for system administration (ADUC, GPMC, etc.), but from the PowerShell perspective, the real diamond is the Active Directory PowerShell module. After you’ve installed the RSAT, you’ll want to follow this guide in order to turn the RSAT features on.
Once my basic AD management pieces are in place, I install the Quest ActiveRoles modules. These are a bunch of enhanced scripts for working with Active Directory. For example, how do you find all of the groups that a user is a member of? You can use the Microsoft get-aduser cmdlet and look at the .MemberOf property (and the .PrimaryGroup property) of the object… but those only show first order groups. What if one of those groups is a member of another group which is a member of another group, etc? In that case, you’re out of luck, as get-aduser doesn’t recurs in that way (or I’ve not learned how to make it do so). The Quest cmdlet, get-qaduser, on the other hand, returns objects with the .AllMemberOf property. True to its name, it contains all of the groups (nested and first order) that the user object belongs to.
Next, I install my bread and butter – the VMware PowerCLI. This is a massive set of plugins that contain tons of amazing cmdlets for managing just about every aspect of your virtual infrastructure and the VMs that reside therein.
Once all of those cool tools are installed, how do you use them? PowerCLI is nice enough to give you a new shortcut, but there’s a bunch of other tools that aren’t so easy to get to. You’ll need to load those snapins and modules in your PowerShell session in order to make use of them. Within any PowerShell session, you could use these 3 commands to load them all:
• Import-Module ActiveDirectory
• Add-PSSnapin VM*
• Add-PSSnapin Quest*
But doing that every time I open a PowerShell window gets a little arduous for my tastes. Instead, I put those lines into a script and I set PowerShell to run that script every time it starts up by creating a custom PowerShell Profile. There’s a great TechNet Article about Powershell Profiles that I encourage you to read. The long and short of it is that you should put those three commands into a file called Microsoft.PowerShell_profiles.ps1 and store that file at %windir%\system32\Windows-PowerShell\v1.0\Microsoft.PowerShell_profile.ps1. By doing so, you’ll set that system to automatically load up that module and add those snapins for every Microsoft PowerShell session on that computer. Sessions opened by other, vendor specific, PowerShell prompts will ignore the script (so you don’t have to worry about it trying to load the VMware snapins twice or anything).
And that’s it; now the system should be ready to go and a feature rich set of tools are available! What other good system administration plugins do you guys like?
The first thing that I do is upgrade to PowerShell 3.0. Microsoft has PowerShell 3.0 Installation Instructions available; make sure that you follow them. If you don’t have the correct version of .NET Framework, the PowerShell 3.0 installation will probably silently fail. PowerShell 3.0 introduces some performance improvements and some great new features (send-mailmessage and more robust PowerShell Remote Session support, amongst others).
Next, I install the RSAT (Remote Server Administration Toolkit) from Microsoft. That toolkit has a bunch of great stuff for system administration (ADUC, GPMC, etc.), but from the PowerShell perspective, the real diamond is the Active Directory PowerShell module. After you’ve installed the RSAT, you’ll want to follow this guide in order to turn the RSAT features on.
Once my basic AD management pieces are in place, I install the Quest ActiveRoles modules. These are a bunch of enhanced scripts for working with Active Directory. For example, how do you find all of the groups that a user is a member of? You can use the Microsoft get-aduser cmdlet and look at the .MemberOf property (and the .PrimaryGroup property) of the object… but those only show first order groups. What if one of those groups is a member of another group which is a member of another group, etc? In that case, you’re out of luck, as get-aduser doesn’t recurs in that way (or I’ve not learned how to make it do so). The Quest cmdlet, get-qaduser, on the other hand, returns objects with the .AllMemberOf property. True to its name, it contains all of the groups (nested and first order) that the user object belongs to.
Next, I install my bread and butter – the VMware PowerCLI. This is a massive set of plugins that contain tons of amazing cmdlets for managing just about every aspect of your virtual infrastructure and the VMs that reside therein.
Once all of those cool tools are installed, how do you use them? PowerCLI is nice enough to give you a new shortcut, but there’s a bunch of other tools that aren’t so easy to get to. You’ll need to load those snapins and modules in your PowerShell session in order to make use of them. Within any PowerShell session, you could use these 3 commands to load them all:
• Import-Module ActiveDirectory
• Add-PSSnapin VM*
• Add-PSSnapin Quest*
But doing that every time I open a PowerShell window gets a little arduous for my tastes. Instead, I put those lines into a script and I set PowerShell to run that script every time it starts up by creating a custom PowerShell Profile. There’s a great TechNet Article about Powershell Profiles that I encourage you to read. The long and short of it is that you should put those three commands into a file called Microsoft.PowerShell_profiles.ps1 and store that file at %windir%\system32\Windows-PowerShell\v1.0\Microsoft.PowerShell_profile.ps1. By doing so, you’ll set that system to automatically load up that module and add those snapins for every Microsoft PowerShell session on that computer. Sessions opened by other, vendor specific, PowerShell prompts will ignore the script (so you don’t have to worry about it trying to load the VMware snapins twice or anything).
And that’s it; now the system should be ready to go and a feature rich set of tools are available! What other good system administration plugins do you guys like?
Comments
Post a Comment
Sorry guys, I've been getting a lot of spam recently, so I've had to turn on comment moderation. I'll do my best to moderate them swiftly after they're submitted,