Collecting information about workstations via Powershell
Collecting information about workstations via Powershell .
This post will be devoted to the work of writing scripts on Powershell . Further, I assume that the reader has already encountered scripting in windows environments. So:
I had the task to collect some information on user workstations in the organization. All stations in AD and users too, which simplifies the task. There is a container where all the stations are located, so you need to go through all, taking the information of interest, and display the result. If so, then write the script. When writing, I try to do the script in parts. IMHO for me is easier and more understandable.
')
1. Need a list of stations. It can easily be taken from AD with this command:
Get-ADComputer -filter * -SearchBase "OU = Computers, ou = some-OU, dc = some-dc, dc = en"
It will return all objects from the container with all properties, etc. I did not need everything and I chose from them those that are not turned off ( Diasabled ). We put in the pipeline cmdlet
Where-Object {$ _. Enabled -eq $ true}
which selects objects whose enable property is true , that is, they are enabled. Next, I do not need all the properties of each object, so I will only select the Name property, putting the cmdlet in the pipeline
Select-Object -Property Name
The list is still useful, so let's create an array of $ enablePCs from it. The ultimate team will be like this
$ enablePCs = Get-ADComputer -filter * -SearchBase "OU = Computers, ou = ru-moscow, ou = cee, dc = alico, dc = corp" | Where-Object {$ _. Enabled -eq $ true} | Select-Object -Property Name
Now, if you type in the console $ enablePCs , the output will be a list of the names of all computers.
Further, you might think that you can work with this list, but no. Parts of these computers are long gone, some are off. So, you need to handle sort the list below. I went along the following path: If the name of the workstation cannot be resolved to the ip address, it means that there is no such station anymore, if it succeeds, then you can ping it. If not pinged, then most likely the station is turned off. Thus, you can make a list of currently active stations in order not to try totalk to the wall to contact inactive hosts. To resolve, I used the resolve method for the [System.net.dns] function. It turned out this line:
$ dnsresult = [System.Net.Dns] :: resolve ("$ computername")
About $ computername will be written below. After, you need to extract the actual IP address from the result
$ ipaddress = $ dnsresult.AddressList
Next, we check the address for accessibility using the standard system function [system.net.nnetworkinformation.ping] applying the send method to it. The command is as follows:
$ pingfunc = (New-Object system.net.networkinformation.ping) .send ("$ ipaddress")
The command returns the result, and if its status is success , the workstation is available and you can access it. There is already to your taste, any available actions within your administrator's powers. For example, I’ll show how I checked which workstation has Chrome installed:
$ chrome = dir "\\ $ ipaddress \ C $ \ Program Files (x86) \ Google \ Chrome \ Application \ chrome.exe"
if ($ chrome -ne $ null) {write-host "Host $ computername is reacheble, use Chrome, and have ip $ ipaddress"
$ sumchrome ++}
else {write-host "$ computername is reacheble, do not use Chrome, and have ip $ ipaddress"
$ pcwithoutchrome ++}
The $ sumchrome and $ pcwithoutchrome variables are needed to count the total number of stations. Now, first look at the logic of the entire script.
<img src = "
"alt =" image "/>
Now a complete script with comments.
$ enablePCs = Get-ADComputer -filter * -SearchBase "OU = Computers, ou = someou, dc = somedomain, dc = corp" | Where-Object {$ _. Enabled -eq $ true} | Select-Object -Property Name
$ sumunresolvePC = 0
$ sumchrome = 0
$ sumreacheblePC = 0
$ sumunreacheblePC = 0
$ pcwithoutchrome = 0
foreach ($ i in $ enablePCs) # start the object processing loop in the $ enablePCs array
{
$ error.Clear () # clear the Powershell error buffer
$ erroractionpreference = "silentlycontinue" # suppress console error output
$ dnsresult = 0
$ computername = $ i.name # retrieve the name of the station
$ dnsresult = [System.Net.Dns] :: resolve ("$ computername")
if (! $ error) # condition if the previous command was not completed with an error
{
$ ipaddress = $ dnsresult.AddressList
$ pingfunc = (New-Object system.net.networkinformation.ping) .send ("$ ipaddress") #ping
if ($ pingfunc.Status -eq "success")
{
$ sumreacheblepc ++ # plus the total number of available stations
$ chrome = dir \\ $ ipaddress \ C $ \ Program Files (x86) \ Google \ Chrome \ Application \ chrome.exe # check for Chrome
If ($ chrome -ne $ null) {write-host "Host $ computername is reachable, use Chrome, and have ip $ ipaddress"
$ sumchrome ++ # plus the number of stations with chrome
}
else {
Write-host "$ computername is reachable, do not use Chrome, and have ip $ ipaddress"
$ pcwithoutchrome ++ # plus the number of stations without chrome
}
}
else {
$ sumunreacheblePC ++ # plus the number of inaccessible stations
Write-Host "Host $ computername is unreachable now ip $ ipaddress"
}
}
else
{$ sumunresolvePC ++ # plus the number of unresolved stations
write "I cannot resolve $ computername :("}
}
Write-Host "Total enabled PC =" $ enablePCs.count
Write-Host "Total PC with Chrome = $ sumchrome"
Write-Host "Total reachable PC = $ sumreacheblePC"
Write-Host "Total Unreachable PC = $ sumunreacheblePC"
Write-Host "Total PC Without Chrome = $ pcwithoutchrome"
write-host "Total unresolved PC = $ sumunresolvepc"
Well that's all. I described the availability of Chrome as an example. There you can also include a lot of checks and other useful things that can not be written in logonscript. I just began to learn powershell itself, if there are ideas on optimization, write, discuss.
This post will be devoted to the work of writing scripts on Powershell . Further, I assume that the reader has already encountered scripting in windows environments. So:
I had the task to collect some information on user workstations in the organization. All stations in AD and users too, which simplifies the task. There is a container where all the stations are located, so you need to go through all, taking the information of interest, and display the result. If so, then write the script. When writing, I try to do the script in parts. IMHO for me is easier and more understandable.
')
1. Need a list of stations. It can easily be taken from AD with this command:
Get-ADComputer -filter * -SearchBase "OU = Computers, ou = some-OU, dc = some-dc, dc = en"
It will return all objects from the container with all properties, etc. I did not need everything and I chose from them those that are not turned off ( Diasabled ). We put in the pipeline cmdlet
Where-Object {$ _. Enabled -eq $ true}
which selects objects whose enable property is true , that is, they are enabled. Next, I do not need all the properties of each object, so I will only select the Name property, putting the cmdlet in the pipeline
Select-Object -Property Name
The list is still useful, so let's create an array of $ enablePCs from it. The ultimate team will be like this
$ enablePCs = Get-ADComputer -filter * -SearchBase "OU = Computers, ou = ru-moscow, ou = cee, dc = alico, dc = corp" | Where-Object {$ _. Enabled -eq $ true} | Select-Object -Property Name
Now, if you type in the console $ enablePCs , the output will be a list of the names of all computers.
Further, you might think that you can work with this list, but no. Parts of these computers are long gone, some are off. So, you need to handle sort the list below. I went along the following path: If the name of the workstation cannot be resolved to the ip address, it means that there is no such station anymore, if it succeeds, then you can ping it. If not pinged, then most likely the station is turned off. Thus, you can make a list of currently active stations in order not to try to
$ dnsresult = [System.Net.Dns] :: resolve ("$ computername")
About $ computername will be written below. After, you need to extract the actual IP address from the result
$ ipaddress = $ dnsresult.AddressList
Next, we check the address for accessibility using the standard system function [system.net.nnetworkinformation.ping] applying the send method to it. The command is as follows:
$ pingfunc = (New-Object system.net.networkinformation.ping) .send ("$ ipaddress")
The command returns the result, and if its status is success , the workstation is available and you can access it. There is already to your taste, any available actions within your administrator's powers. For example, I’ll show how I checked which workstation has Chrome installed:
$ chrome = dir "\\ $ ipaddress \ C $ \ Program Files (x86) \ Google \ Chrome \ Application \ chrome.exe"
if ($ chrome -ne $ null) {write-host "Host $ computername is reacheble, use Chrome, and have ip $ ipaddress"
$ sumchrome ++}
else {write-host "$ computername is reacheble, do not use Chrome, and have ip $ ipaddress"
$ pcwithoutchrome ++}
The $ sumchrome and $ pcwithoutchrome variables are needed to count the total number of stations. Now, first look at the logic of the entire script.
<img src = "
"alt =" image "/>Now a complete script with comments.
$ enablePCs = Get-ADComputer -filter * -SearchBase "OU = Computers, ou = someou, dc = somedomain, dc = corp" | Where-Object {$ _. Enabled -eq $ true} | Select-Object -Property Name
$ sumunresolvePC = 0
$ sumchrome = 0
$ sumreacheblePC = 0
$ sumunreacheblePC = 0
$ pcwithoutchrome = 0
foreach ($ i in $ enablePCs) # start the object processing loop in the $ enablePCs array
{
$ error.Clear () # clear the Powershell error buffer
$ erroractionpreference = "silentlycontinue" # suppress console error output
$ dnsresult = 0
$ computername = $ i.name # retrieve the name of the station
$ dnsresult = [System.Net.Dns] :: resolve ("$ computername")
if (! $ error) # condition if the previous command was not completed with an error
{
$ ipaddress = $ dnsresult.AddressList
$ pingfunc = (New-Object system.net.networkinformation.ping) .send ("$ ipaddress") #ping
if ($ pingfunc.Status -eq "success")
{
$ sumreacheblepc ++ # plus the total number of available stations
$ chrome = dir \\ $ ipaddress \ C $ \ Program Files (x86) \ Google \ Chrome \ Application \ chrome.exe # check for Chrome
If ($ chrome -ne $ null) {write-host "Host $ computername is reachable, use Chrome, and have ip $ ipaddress"
$ sumchrome ++ # plus the number of stations with chrome
}
else {
Write-host "$ computername is reachable, do not use Chrome, and have ip $ ipaddress"
$ pcwithoutchrome ++ # plus the number of stations without chrome
}
}
else {
$ sumunreacheblePC ++ # plus the number of inaccessible stations
Write-Host "Host $ computername is unreachable now ip $ ipaddress"
}
}
else
{$ sumunresolvePC ++ # plus the number of unresolved stations
write "I cannot resolve $ computername :("}
}
Write-Host "Total enabled PC =" $ enablePCs.count
Write-Host "Total PC with Chrome = $ sumchrome"
Write-Host "Total reachable PC = $ sumreacheblePC"
Write-Host "Total Unreachable PC = $ sumunreacheblePC"
Write-Host "Total PC Without Chrome = $ pcwithoutchrome"
write-host "Total unresolved PC = $ sumunresolvepc"
Well that's all. I described the availability of Chrome as an example. There you can also include a lot of checks and other useful things that can not be written in logonscript. I just began to learn powershell itself, if there are ideas on optimization, write, discuss.
Source: https://habr.com/ru/post/245899/
All Articles