PowerShell to Clone VM’s

/ / /

I need to create a Provisioning Server of my own. We don’t want to purchase the software to do so and we may not need to do so… VMWare has PowerCLI which may provide enough to do the following:

1) Notify the VM that it needs to disable Citrix logins
2) Have the VM disable logins and then check for logins. If none are found kick-off the cloning process. Kick off consists of:
2a) Unjoin from the domain
2b) Shutdown
If users are still logged in, log them off forcefully at midnight and start the process
3) Use VMWare Templates to clone the VM with the VM name.
4) Shutdown original VM’s with the same names
5) Startup new VM’s and join to domain…


I have a script that does the cloning… I got it from this site:

I had issues with running it though. For some reason my PowerShell wouldn’t run it with the comments in it so I had to take them out:

You can run it with a command like so:

Get-VM MyVM | Clone-List

I will need to modify this script to see if I can use VMWare Templates (I think that’s the right terminology) and Citrix XA PowerShell to see if I can get this to work… We shall see 🙂

EDIT – It’s not VMWare Templates… It’s OSCustomizationSpec I think.

Read More

Cool PowerShell commands for manipulating XenApp

/ / /

After installing the XenApp 6 SDK you can do some neat PowerShell scripts to help move things around. I recently created a test farm and needed a way to move all the applications and their settings from the original farm. These commands did it:

First: Export the XenApp configuration

Copy C:testingapps.xml to the new server.
Create the folder structure:

Load your previous application settings:


Read More

Group Creation Script

/ / /

The final script:


Read More

Count Characters in a Batch File

/ / /

I have an issue where I need to ensure I don’t exceed a certain number of characters in a script. Specifically, I cannot exceed 64 characters while making a group through script in AD. To do this I came up with the following:



Read More

Cool tool!

/ / /

Mariano Sergio Cosentino created a script that will convert registry keys into ADMX template files. This is awesome as the alternative to deploying large number of registry keys and values is typically a startup script with regedit.exe /s %regfile%.

Tool is available here:

Usage is: CSCRIPT REG_2_ADMXL.vbs registry-file language [name]

I used this tool to create a ADMX template of the following registry key:
KEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWindows Messaging Subsystem

We use Microsoft fRX and it utilizes this key to determine your mail prefences if you’re using exchange. If you have the old Office 2000/2003 (IIRC) you should have this key. 2007 and greater now use a different method of storing email account information (apparently). This content is generated by using the “Mail” control panel icon. We used this tool to prestage the server name and a “Windows Messaging Profile” so that when you try to email from fRX you don’t go through a complicated wizard asking for things like “server name”. If you’re organization is like ours, your internal email server name is something users won’t know and won’t be able to guess (eg, 3-digit-company-abbr,3-digit-code-for-prod-or-dev,3-digit-code-for-virtual-or-physical,3-digit-code-for-server-role(eg EXC-exchange),3-digit-code-for-number).

Read More

LDAP query for *just* users

/ / /

We have numerous “mailbox only” user accounts in our AD. I’ve been asked for a query of all the user accounts on our domain. The query needs to exclude these accounts and disabled accounts as we’re only interested in active user accounts. This is what I came up with:

This query does the following:
Find all user accounts (objectcategory=person)(samaccountname=*)
Disabled accounts (userAccountControl:1.2.840.113556.1.4.803:=2)
Exchange Shared Mailboxes: (msExchRecipientTypeDetails=4)
Exchange Rooms: (msExchRecipientDisplayType=7)
Exchange Equipment: (msExchRecipientDisplayType=8)
Service Accounts: (extensionattribute1=Service Account)

MS Software usually adds “SERVICE ACCOUNT” to the extensionattribute1.

Read More

Change file shares via scripting

/ / /

I’ve come across a problem where users are filling up their hard disks and we need to move the highest utilization users to a new disk. In order to accomplish this I’ve setup a robocopy to move their files to a new disk and have it constantly mirrored until after-hours; where we run this script to move the file shares:

What this script does is:
1) Backs up the existing share structure
2) Queries the file shares for the specific path of the share we’re going to move
3) Using SED.exe we change the drive letter from E: to G:
4) Using reg.exe we overwrite the registry key with the new value
5) we then stop and restart the server service to get the new shares working.

And we set that up as a scheduled task to run after-hours 🙂

Read More

Saving and restoring ACL’s on OU’s

/ / /

Saving and moving OU ACLs

I’ve written a batch file that will move ACLs from one OU to another. It works by you outputting the results of a ACL from a OU to a text file, specifying the new OU in a batch file and inputting the text file you just created. I use three utilities to accomplish this: adfind.exe, sed.exe and dsacls.exe.
The command to save the text file is:

From here, you need to delete the header in the text file and the footer.
Once that is done, run this script, changing the two variables at the top:

Read More

Issue with WSH (Scripting.FileSystemObject 800A01AD)

/ / /

I recently had a Windows 2008 Server that was unable to execute a VBS script that works with other servers and other combinations of desktops. I decided to break out Process Monitor and try and see if I can figure out what’s going on…

To simplify this process, I found this vbs script that trys to utilize the Scripting.FileSystemObject in a script:


I ran that script on the affected server and, after clicking OK on the WSH Version dialog, I got this message:

I broke out Process Monitor and monitored on the File System. It sounds like it should be a file system error so we’ll scope that out first. I filtered for everything but wscript.exe (I executed all my command lines as wscript.exe test.vbs) and nothing appeared. So wscript.exe wasn’t even getting to the file system. So I enabled registry filtering and filtered for wscript.exe:

And I reran the script and got this result:

From here I went to another Windows 2008 server and added the missing registry keys (NAME NOT FOUND) and repeated the process again, finding more keys until all were added to the non-functioning server.

I ended up adding the following registry keys:


For some reason, it is launching the Wscript.exe in a 32bit process (as evidenced by WOW6432Node key). On the working 64bit server I have it is running as a 64bit process.

After entering those registry keys, here is my new result.

Success! Hopefully, if you encounter the same issue, you are not missing any more, or too many more, registry keys. I wonder why they disappeared, but I don’t have a way to trace that unfortunately.

Read More

Watch the folder redirect log live

/ / /

If you’ve enabled the folder redirect log, you can watch it on a remote computer using the tail command and SED.exe.

Currently, the fdeploy.log (for XP anyways) stores the log as a binary file with a NULL character between each character. To clean up this output you can pipe tail.exe into sed and tell sed to delete the NULL characters…


The command to watch it is now:


Read More