I've got a simple script that looks for a file across a bunch of servers. Issue is that on each server it is pegging CPU and causing issues for production workloads. How can I get this script to not DDoS my machines?!
Start-transcript C:\tools\Querylog.txt
$Servers = Get-ADComputer -Filter {(OperatingSystem -like "*windows*server*") -and (Enabled -eq "True")} -Properties OperatingSystem
Invoke-command -ComputerName $Server-ScriptBlock {Get-ChildItem -Path $_.Root -Recurse -Force -File -ErrorAction SilentlyContinue | Where-Object { $_.Name -like '*somefile-readme*' } |Out-File -FilePath <filePath>\results.txt -Append}
Stop-Transcript
Use the -Filter option with Get-ChildItem, it should be much more performant than returning all objects and filtering with Where-Object.
Also, not related to your CPU issue but in how you are crafting your Get-ADComputer call, you should use a String, not a ScriptBlock for the -Filter arguments on these cmdlets. From that answer:
-Filter doesn't support ScriptBlocks, but they Kind of Work Sometimes™ because they get ToString'd before getting evaluated. They will technically work if you use simple variable expansion like $_ or $emailAddress, but it will eventually cause you a headache, especially if you try to access an object property (like above) because it simply won't work. Use a string filter every time, and if you need to use an object property as a filter parameter, use Variable Substitution or Command Substitution.
Related
I have the following code, It's work when I use directly within powershell:
Get-WmiObject win32_operatingsystem | select #{LABEL=’LastBootUpTime’;EXPRESSION={$_.ConverttoDateTime($_.lastbootuptime)
And it returns:
LastBootUpTime
--------------
14/09/2019 10:41:50
But when I use the command within a Powershell script .ps1 with invoke-command the output returns more informations:
LastBootUpTime PSComputerName RunspaceId
-------------- -------------- ----------
9/14/2019 10:41:50 AM 192.168.0.20 af08d2d8-c4f1-4f85-9d6c-e3f4ffe475c6
Why this happen?
If possible, I'd like without the header LastBootUpTime too.
Invoke-Command will always return additional information, in this case where the command was run and the runspace id. You can always get results into a variable and simply print out the property you want.E.g.
$result = invoke-command {your-command}
$result.LastBootUpTime
or for short
(invoke-command {your-command}).LastBootupTime
Note that when you are using wmi, you do not need to necessarily use invoke-command, you can also directly pass -computer parameter to it to run the command against a remote computer:
Get-WmiObject win32_operatingsystem -computer "remote_computer_name"
Since you're ultimately only interested in the (transformed) property value, there's no need to use Select-Object (whose alias is select) at all - use ForEach-Object instead:
Get-WmiObject Win32_OperatingSystem |
ForEach-Object { $_.ConvertToDateTime($_.LastBootUpTime) }
Note: The extra properties you saw, added by a remote Invoke-Command call with a -ComputerName argument (described below), are still technically present on the result, but they won't display.
That said, the WMI cmdlets were deprecated in PowerShell version 3. Using Get-CimInstance in lieu of Get-WmiObject actually makes the .ConvertToDateTime() call unnecessary (the .LastBootUpTime now directly contains a [datetime] instance), in which case you can simply use Select-Object's -ExpandProperty parameter in order to return the property value only (rather than a [pscustomobject] instance with the requested property):
Get-CimInstance CIM_OperatingSystem | Select-Object -ExpandProperty LastBootUpTime
Note: Get-CimInstance directly supports a -ComputerName argument, so you don't need Invoke-Command -ComputerName for the invocation; unlike the firewall-unfriendly DCOM protocol that the WMI cmdlets use, the CIM cmdlets use the same, firewall-friendly transport as PowerShell remoting.
Or, more succinctly and efficiently, especially in a case such as this where the command returns only a single object, use direct property access:
(Get-CimInstance CIM_OperatingSystem).LastBootUpTime
This answer contrasts the pros and cons of these two approaches and shows other alternatives.
As for what you tried, which generally relates to:
Managing the origin properties automatically added by remote operations:
In remoting scenarios, PowerShell decorates the objects returned with additional properties that provide origin information. These properties are (mostly) of type NoteProperty and are added:
when PowerShell remoting is involved - such as via Invoke-Command -ComputerName in your case.
when CIM cmdlets such as Get-CimInstance are directly used remotely, such as with the -ComputerName parameter.
These properties are:
.PSComputerName (the name of the remote computer on which the code was executed)
Note: On objects returned from remote CIM calls, .PSComputerName appears as a regular property (type Property), not a NoteProperty.
The associated hidden .PSShowComputerName property, which defaults to $true, which explains why you saw a PSComputerName column in the display output.
If you capture the objects before printing them to the screen, you can set the property to $false on them, in which case their .PSComputerName property won't show (but will still be there) - however, the .RunspaceId property may - situationally - still show, and would have to be explicitly excluded - see below.
PowerShell remoting only (not remote CIM calls): .RunspaceId (the ID of the remote runspace)
To exclude these from local display / presence on the object, use the following techniques:
If you're only interested in select properties, make the Select-Object call locally, which, by virtue of locally constructing new [pscustomobject] instances with the properties of interest only, implicitly excludes the remoting-added properties:
Invoke-Command -ComputerName ... { ... } |
Select-Object Name, LastBootUpTime # LOCAL call to Select-Object
If you're interested in all properties except the remoting-added ones, use Select-Object -ExcludeProperty to eliminate them explicitly:
# Get remote output, then locally exclude the remoting-added properties.
Invoke-Command -ComputerName ... { ... } |
Select-Object * -ExcludeProperty PSComputerName, PSShowComputerName, RunSpaceId
Note: Select-Object generally returns [pscustomobject] instances whose properties are static copies of the input objects and which lack the input type's methods.
I found one way! if someone to need here is:
Get-WmiObject win32_operatingsystem | select #{LABEL=’LastBootUpTime’;EXPRESSION={$_.ConverttoDateTime($_.lastbootuptime)}}|Select-Object -ExpandProperty lastbootuptime
Here is how I used (I'm creating a report in HTML for my database)
write-output "<p> Horario do Ultimo boot: $(Get-WmiObject win32_operatingsystem | select #{LABEL=’LastBootUpTime’;EXPRESSION={$_.ConverttoDateTime($_.lastbootuptime)}}|Select-Object -ExpandProperty lastbootuptime)</p>"
The output was (in my language and region):
Horario do Ultimo boot: 09/14/2019 10:41:50
I have created a list of PowerShell commands for getting over 500,000 rows of directories. The goal is to get a list of the files in each of the directories specified in the PowerShell command. My syntax works perfectly if I run a small batch, but there are definitely performance issues when running them in a bulk manner. One thing I noticed is that if I run all these 500,000 rows together, I get extremely high usage (about 12GB and using 97% of memory) and it takes a while for me to even begin to generate a CSV file. Please see my code listed below on what I am using
I was thinking I can get a list of the directories I need to use into a CSV. And researching around here, I can use a CSV as a variable and a foreach. But I am stumped on putting all that together.
Get-ChildItem -Path \\MYIP\ARCHIVE\ArchiveVolumes\UniqueID\ -Exclude *.wav*,*.md5*,*.abc, -Recurse |
Select-Object FullName |
Add-Member -MemberType NoteProperty -Name Myfield -Value 123456 -PassThru |
Export-Csv -Append -Path C:\mypath\fileslist.csv -Encoding ascii -NoType
I'm hoping that I can better utilize what I am running here as I am still learning powershell. Any ideas?
I am trying to search Active Directory for deleted users with PowerShell, but am unable to return any results even though I have used the -IncludeDeletedObjects parameter. Here is the command that I used:
get-adobject -filter{Name -like "$user"} -includedeletedobjects -properties *
The answer that worked for me is the command below will list all the users that were deleted from the Active Directory if your AD recycle bin is enabled and if you have sufficient privileges on Active Directory
Get-AdObject -Filter 'ObjectClass -eq "user" -and IsDeleted -eq $True' -IncludeDeletedObjects -Properties * | Ft Name,IsDeleted,WhenCreated
If you don't have the AD Recycle Bin enabled, you won't be able to find deleted objects.
If $user is expected to an exact match, you should also be using the -eq operator, not -like. If you want a fuzzy match, -like is correct but you should surround $user with * like so: *${user}*.
If $user is supposed to be the logon name, and not the friendly name of the user, then Name isn't the correct property to filter on, you will want to check against SamAccountName, not Name:
Get-ADObject -Filter "SamAccountName -eq '$user'"
If you are only interested in user objects, and not other AD object types, consider usingGet-ADUser in lieu of Get-ADObject. The syntax for what you specified above is the same, but will guarantee you only get ADUser objects, not ADComputer, ADGroup, etc.
Also, you should avoid using -Properties * and -Filter { ScriptBlock } arguments when using the AD cmdlets. Only use the Properties you need to process later, and use a string based filter like so:
Get-ADObject -Filter "Name -like '*$user*'"
See my answer here for best practices when using the -Filter parameter with AD cmdlets (also explains why not to use -Properties *), and this answer here for more details on why you should not use ScriptBlock parameters for AD filters.
Greetings and happy holidays!
I hope this question hasn't been answered somewhere else, because I've searched Stack and Google for about an hour now and haven't yet seen examples or posts that answer exactly what I'm trying to accomplish.
I created a script that checks the WindowsUpdate and WindowsUpdate\AU registry keys and the associated values for correct data configuration. If they are inconsistent with the desired configuration, it corrects them. I'm at home, so the script below isn't exactly how I created it at the job (I obtained my registry keys / values differently), but should give you a general idea of what I'm looking to do:
param($comp, [string]$location)
switch($location)
{
"EAST" {$WUServerDesConfig = "https://myeastmp.domain.com:8531"}
"WEST" {$WUServerDesConfig = "https://mywestmp.domain.com:8531"}
}
$WUServerActual = Invoke-Command -ComputerName $comp -scriptblock {(Get-ItemProperty -Path HKLM:\\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate).WUServer}
if($WUServerActual -ne $WUServerDesConfig)
{
Invoke-Command -ComputerName $comp -ScriptBlock {Set-ItemProperty -Path HKLM:\\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate -Name WUServer -Type String -Value $WUServerDesConfig}
}
This doesn't work, and it seems that the reason behind it is that you can't pass an ordinary variable to the -value parameter for Set-ItemProperty (I believe it takes an object). Why this is, I have absolutely no idea, because if I just replace the variable with the string itself, it works without incident. The problem with this approach, however, is that, depending upon region, the server changes.
I consider myself to have only intermediate knowledge of PowerShell thus far (getting better every day though, I swear), so any assistance or suggestions on how to best accomplish this would be appreciated. Thanks!
This is an issue that most people run into when they start using invoke-command.
The most common solution is to pass the values you want in and use the $args variable like this:
Invoke-Command -ComputerName $comp -ArgumentList $WUServerDesConfig -ScriptBlock {
Set-ItemProperty -Path HKLM:\\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate -Name WUServer -Type String -Value $args[0]
}
Another common solution is to add a param block like this:
Invoke-Command -ComputerName $comp -ArgumentList $WUServerDesConfig -ScriptBlock {
param($param1)
Set-ItemProperty -Path HKLM:\\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate -Name WUServer -Type String -Value $param1
}
But there is a solution that uses scope rules that feels like a much better fit most of the time. There is a $using: scope that will give you access to your variable inside a script block like this.
Invoke-Command -ComputerName $comp -ScriptBlock {
Set-ItemProperty -Path HKLM:\\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate -Name WUServer -Type String -Value $Using:WUServerDesConfig
}
I took the time to point out the other methods to help anyone else that has this issue.
Use the -ArgumentList parameter to pass local variables to the script block:
Invoke-Command -ComputerName $comp -ScriptBlock {Set-ItemProperty -Path HKLM:\\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate -Name WUServer -Type String -Value $args[0] } -ArgumentList $WUServerDesConfig
When Running a Get CASMailbox command in the Exchange Management Shell, is there a parameter that will return a list of acttive and disabled mailboxes?
This might serve your purpose if you haven't already found the answer:
Get-CASMailbox -Filter {HasActiveSyncDevicePartnership -eq $True -and DisplayName -notlike "CAS_{*"}