Finding Recently Updated Files

So I needed to find what log files were getting updated.  The files where inC:\ProgramData\VMware\vCenterServer\logs and that folder has many many folders and I wasn’t sure which one would have the files I needed. I was sure that they would have been updated recently.  So a quick little PowerShell to the rescue

Get-ChildItem -Recurse | Where {$_.LastWriteTime -gt (Get-Date).AddMinutes(-15)}

This returns all the files in the current folder and below that have been modified in the last 15 minutes.  It is easy enough to change up to look for other criteria, like *.log files int he last 5 minutes

Get-ChildItem -Recurse -Filter *.log | Where {$_.LastWriteTime -gt (Get-Date).AddMinutes(-5)}

Or all files with pid in their name

Get-ChildItem -Recurse -Filter *pid*

Powershell can be very very handy in a pinch! Hope this helps

 

Advertisements

Query Microsoft DHCP Scopes

Sometimes you just have a ton of DHCP scopes and you just need to make sure they all have some specific options set the way you want. Scanning through them by hand can be a pain, so here is a quick script to scan over them rapidly.

Param(
 [Parameter(Mandatory=$True)]
 [string]$dnsServer,
 [string]$match,
 [string]$option
)
 $scopes = Get-DhcpServerv4Scope -ComputerName $dnsServer -ErrorAction:SilentlyContinue | Where {$_.Name -like "*$match*"}
 $Report = @()

ForEach ($scope In $scopes) {
 $row = "" | Select ScopeID, Name, Option
 $OptionData = (Get-DhcpServerv4OptionValue -OptionID $option -ScopeID $scope.ScopeID -ComputerName $dnsServer -ErrorAction:SilentlyContinue).Value
 $OptionData = (Get-DhcpServerv4OptionValue -OptionID $option -ScopeID $scope.ScopeID -ComputerName $dnsServer -ErrorAction:SilentlyContinue).Value
 $row.ScopeID = $scope.ScopeID
 $row.Name = $scope.Name
 $row.Option = $OptionData -Join ","
 $Report += $row
 }
$Report

 

This script takes a couple of parameters.  Match lets you specify the name of the scope so that you can filter it down by the specific scopes, and option lets you specify the attribute number you would like to report on and dnsServer lets you specify the server.  Some usage examples:

#report on each scopes gateway where the scope name has "vlan110"
.\dhcp_query.ps1 -dnsServer dhcpServer1 -match vlan110 -option 3

#report on each scopes DNS where the scope name has "vlan110"
.\dhcp_query.ps1 -dnsServer dhcpServer1 -match vlan110 -option 6

#report and then export into a CSV
.\dhcp_query.ps1 -dnsServer dhcpServer1 -match vlan110 -option 6 | Export-CSV -Path dns_voip_options.csv -NoTypeInformation

Export Excel file to PDF

If you want to automate the conversion from XLS to PDF, then PowerShell provides a very straight forward way to do it.  Create an Excel object, load the XLS file, write to PDF.

param(
    [Parameter(Mandatory=$true)]
    [string]$InputFileName,
    [Parameter(Mandatory=$true)]
    [string]$OutputFileName
    )

$xlFixedFormat = “Microsoft.Office.Interop.Excel.xlFixedFormatType” -as [type] 

$excel = New-Object -ComObject excel.application
$workbook = $excel.workbooks.open($InputFileName, 3)
$workbook.Saved = $true
$workbook.ExportAsFixedFormat($xlFixedFormat::xlTypePDF, $OutputFileName)
$excel.Workbooks.close()
$excel.Quit()

You then run the code with two parameters, source file, and destination file.

Source: https://blogs.technet.microsoft.com/heyscriptingguy/2010/09/06/save-a-microsoft-excel-workbook-as-a-pdf-file-by-using-powershell/ 

Forcing Users to Reset their Password

Sometimes you have a list of users that have had their accounts compromised.  In a recent incident we received a list of users from Google, that were suspected of having followed links to a phishing scam.  As a precaution we advised the users to reset their passwords, but being users many ignored this.  Since our google accounts are tied to AD it was easy to find out which ones had reset their passwords, remove them from the report and then use the remaining list of email addresses to force those accounts to reset their passwords.

The following script accepts a CSV file with a column labeled “email” and then loops over it. For each email address it finds the AD account with that email address and sets the ChangePasswordAtLogon to true, forcing the users to set a new password on their next login. This script will not match aliases but that would be a relatively easy addition.

param(
[Parameter(Mandatory=$true)]
[string]$FileName
)

$addresses = Import-CSV $FileName 

ForEach ($address in $addresses) {
  #couldn't get address.email to work in the filter, so had to work around it
  $email = $address.email
  $aduser = Get-aduser -Filter "emailaddress -eq '$email'"
  try {
    Set-ADUser $aduser -ChangePasswordAtLogon $true
  } catch {
    Write-Host "Failed to update $email : $_"
  }
}

Deleting Files by Age on Linux

The command to delete files over a certain age is deceptively easy in Linux.

   find * -mtime +5 -exec rm {} \;

This finds all files over 5 days old in the current directory and deletes them. This is quite useful in a backup script run from cron.

If you want to also delete directories then you can add -rf to your rm 🙂

   find * -mtime +5 -exec rm -rf {} \;

It can also be helpful to filter on file names

   find *.log -mtime +5 -exec rm {} \;