Category: PowerShell

DNS commands (Command Prompt vs PowerShell)

Recently I discovered Windows PowerShell has the ability to clear the local DNS on a machine, just like the traditional Command Prompt. Below is a table of the most common commands I personally use on a day-to-day basis and its PowerShell equivalent(s). Of course there are more PowerShell cmdlets, see the URL below for the complete list.

Command Prompt PowerShell Description
ipconfig /flushdns Clear-DnsClientCache Clears the contents of the DNS client cache.
ipconfig /registerdns Register-DnsClient Registers all of the IP addresses on the computer onto the configured DNS server.
ipconfig /displaydns Get-DnsClientCache Retrieves the contents of the DNS client cache.
 

(more…)

Advertisements

Flush DNS Cache with PowerShell

For years I have always been using Windows’s command prompt to flush the DNS cache on a local machine. As we know, that command is pretty well known, “ipconfig /flushdns“. Turns out there is an equivalent command we can run within the PowerShell console, and that is, “Clear-DnsClientCache“. Clear-DnsClientCache does exactly what it states, it clears the contents of the DNS client cache/local machine. Consider this next time you need to flush the local machine’s DNS cache.

Clear-DnsClientCache

Enabling SCOM 2016 Agent Proxy

Not too much has changed when it comes to SCOM 2012R2 and SCOM 2016. This post is a similar post to SCOM 2012R2, but applicable to SCOM 2016. (See that post here).

You could go to the computer that SCOM is complaining about and manually enable the agent proxy via Administration > Managed Computers, and modifying its properties, see below:

2

Or…… you could make your life easier, and do this…

The fix is easy, and the explanation are both below:

To resolve the “Agent proxy not enabled” alert for all machines in your current environment, run the following PowerShell code in the SCOM PowerShell Console:

get-SCOMagent | where {$_.ProxyingEnabled -match "False"} | Enable-SCOMAgentProxy

To prevent this alert in the future, run the following below:

add-pssnapin "Microsoft.EnterpriseManagement.OperationsManager.Client"; new-managementGroupConnection -ConnectionString:<strong>yourSCOMMGMTserverFQDNhere</strong>; set-location "OperationsManagerMonitoring::"; Set-DefaultSetting -Name HealthService\ProxyingEnabled -Value True

 

How To Disable Azure AD Connect via PowerShell

Recently I came across an environment where Exchange was being migrated to Office 365. As you may know, DirSync is no longer supported for Exchange/O365 migrations and Microsoft recommends you now use Azure AD Connect.

With that said, recently in a PoC environment, using Azure AD Connect, the domain controller that was running the Azure AD Connect utility was never uninstalled, and the VM was shortly deleted. Well, as a result, the O365 admins are now getting reminded daily that their AD Sync has failed to connect.

As of today, there is no way to disable Azure AD Connect via the Azure Resource Manager (ARM) portal, but this can be done with some PowerShell. If you take a look at the ARM portal, there is no option to currently disable the directory synchronization.

First, you will need to install the Azure Active Directory Connection utility, the download for that can be found HERE. This will provide you the PowerShell cmdlet’s needed to run the code below. No, AzureADPreview V2 will not work (yet…).

Once installed, launch the PowerShell console and we will need to connect to Azure AD and trigger the Directory Sync to false. Below are the commands you will need to get this done. Note, you will need an Azure global admin account with the *@*.onmicrosoft.com domain to successfully sign into Azure AD via PowerShell.

#specify credentials for azure ad connect
$Msolcred = Get-credential
#connect to azure ad
Connect-MsolService -Credential $MsolCred
#disable AD Connect / Dir Sync
Set-MsolDirSyncEnabled –EnableDirSync $false 
#confirm AD Connect / Dir Sync disabled
(Get-MSOLCompanyInformation).DirectorySynchronizationEnabled 

If you choose to re-enable the AD Connect, just change the flag to TRUE.

Set-MsolDirSyncEnabled –EnableDirSync $true 

Once complete, we can now verify the Directory Sync has now been disabled in ARM.

For more on Azure AD PowerShell cmdlets, visit the following page, HERE.

Transfer Active Directory FSMO Roles via PowerShell

Sometimes a domain controller (DC) just needs to be decommissioned for whatever reason, let’s say an upgrade, or corrupted VM and the roles are now seized.. nevertheless, moving the FSMO (Flexible single master operation) roles can be done via the UI, however if you want to speed things up and do it with PowerShell, here is how to that.

In my scenario, I am decommissioning my Hyper-V server which at the time was acting as the primary DC. Now that it is being decomm’ed I need to transfer the FSMO roles to another DC. The destination DC is “DC01” in this case.

Move-ADDirectoryServerOperationMasterRole -Identity "DESTINATION DC" -OperationMasterRole 0,1,2,3,4

You have the option here to specify a numerical value or specifying the role itself. See below for the number assoicated to each roles. You could input each role, or as I did, just input the number(s).

PDCEmulator or 0
RIDMaster or 1
InfrastructureMaster or 2
SchemaMaster or 3
DomainNamingMaster or 4

To verify the FSMO roles have been transferred, run the netdom query fsmo command.

netdom query fsmo

Installing SCOM 2016 License Key

Launch the PowerShell console, and Run as Administrator:

Import-Module OperationsManager
Set-SCOMLicense -ProductId "XXXXX-XXXXX-XXXXX-XXXXX-XXXXX"
Start-Sleep -s 10
Restart-Service healthservice, omsdk, cshost

capture

Don’t forget, in order for the Product Key to be applied, you will need to restart all SCOM Services, (or you can run the code above (there is a 10 second delay after the key is applied before the services are restarted)):

  • Microsoft Monitoring Agent (healthservice)
  • System Center Data Access Service (OMSDK)
  • System Center Management Configuration (cshost)

 

Cheers!

How to enable Azure Backup to Canada (Central)

Earlier in 2016, Microsoft increased the number of  Canadian Data Centers to two: Canada East and Canada Central. With most of my customers being within Canada, naturally they want their Azure Backup data stored within the Canada Data Centers/Regions — makes sense for many (legal) reasons. Only problem is, Azure backup is still very limited to specific locations (see chart below).

Fellow Canadian and MVP — Stéphane Lapointe, was able to get this working with some PowerShell magic — Please visit his blog to get the more details of his workaround. The PowerShell code below is workaround to get Azure Backup services bound to the Canadian Regions/Data Centers, specifically the Canada Central region (note, this is still in Preview state), until Microsoft officially allows all Monitoring/ASR services (along with others) to be generally available. This will allow you to create new Azure Backup services and bound them to Canada Central. For more information on this announcement and code details, please visit Microsoft’s announcement.

Also, worth noting, this will only allow you to use Canada Central region for new setup/configurations. It will not change current setups to Canada Central.

Execute the following code on your machine (Run As Administrator…)

Import-Module AzureRM -Force 

#azure account login stuff
$username = ""
$cred = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $username, $password
Login-AzureRmAccount -Credential $cred
$SubscriptionName = 'Visual Studio Enterprise'

#update recovery services to Canada Central from whatever region it may be (US East, US Central, etc.)
$ErrorActionPreference = 'Stop'
Get-AzureRmSubscription –SubscriptionName $SubscriptionName | Select-AzureRmSubscription
Register-AzureRmResourceProvider -ProviderNamespace Microsoft.RecoveryServices
Register-AzureRmProviderFeature -FeatureName RecoveryServicesCanada -ProviderNamespace Microsoft.RecoveryServices

powershell-result

After about 5 minutes, I re-ran the query, and the Recovery Services were registered to Canada! Sweet..eh? 🙂

powershell-result-2

Now you can create new Azure Backup services bound to the Canada Central region:

arm

(more…)