none
powershell append output computername and other values to CSV RRS feed

  • Question

  • Hi Everyone,

    I'm not the best with powershell so go easy on me.

    I'm currently planning the uplift of Domain Forest Functional Levels where i currently work. Up to 2008 R2. I'm currently in the process of identifying computers which my need a .net hotfix installed in order to still function correctly once the uplift has been completed. Please see reference URL below:

    http://blogs.msdn.com/b/dsadsi/archive/2014/04/03/what-is-the-deal-with-kb-2260240-and-its-cousin-kb-27242596-ms13-004.aspx

    So far I have come up with the following code:

    $computername = $env:computername
    
    [System.DirectoryServices.ActiveDirectory.DomainMode] | Get-Member -Static -MemberType Properties | select name | out-file C:\temp\"$computername"_DomainList.txt

    This runs a command that enumerates all domain functional levels that the computer is capable of, and writes the output to a textfile which has the computersname as the text file.

    I'd like to try the following:

    for the main command that enumerates the domain functional levels, output the highest level functional level available in one column of a CSV, along with the computername.

    In my current environment, this isnt a command we can execute remotely (WinRM is not properly configured in out environment at this point in time), so I'm possibly looking at having the Powershell script deployed/ran via SCCM and have the output written to a CSV located on the network somewhere.

    The idea being for any computer who does not list a Domain Mode of "Windows2008R2Domain", we would need to deploy the required hotfix in order to correct the issue prior to domain uplift.

    Is anyone able to assist me with writing up such a script?

    Thursday, October 29, 2015 5:13 AM

Answers

  • Hi,

    These should be enough for you to write the script.

    Select-String to search the result from enum, using if to decide what to do and finally use Out-File or Export-Csv to save the data on UNC with -append

    if(Select-String -InputObject $enumlist -Pattern "Windows2008R2Domain") 
    
    #Along with 
    
    Out-File -FilePath "\\Server1\Folder\StatusReport.txt "-Append 


    Regards,

    Satyajit

    Please“Vote As Helpful” if you find my contribution useful or “MarkAs Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.



    Thursday, October 29, 2015 8:03 AM

All replies

  • That is  enum and it will always return the same thing no matter what system you run it on. I get all modes on a stand alone W10 laptop.

    See this link:https://msdn.microsoft.com/en-us/library/system.directoryservices.activedirectory.domainmode%28v=vs.110%29.aspx?f=255&MSPPError=-2147217396

    It enumerates all domain  functional levels.

    On laptop

    PS C:\scripts> [enum]::GetNames([System.DirectoryServices.ActiveDirectory.DomainMode])
    Windows2000MixedDomain
    Windows2000NativeDomain
    Windows2003InterimDomain
    Windows2003Domain
    Windows2008Domain
    Windows2008R2Domain
    Windows8Domain
    Windows2012R2Domain
    Unknown
    PS C:\scripts>

    On any system with Ad services framework you will get that.  That is from Vista on.

    The highest level my laptop displays is 2012R2 -  Does that mean I can raise my laptop to an R2 DC.. Wow.  Wouldn't that be cool.


    \_(ツ)_/

    Thursday, October 29, 2015 5:55 AM
  • What yo are talking about has nothing to do with a computers ability to join a domain.  If Net is not patched, and it will be if you run Windows update,   Those patches were deployed years ago.

    \_(ツ)_/

    Thursday, October 29, 2015 5:59 AM
  • Read this:

    If the client OS is Windows Vista, Windows 2008, Windows XP or Windows 2003, you will need to insure that the hotfix is installed or that the MS13-004 update has been applied.  The hotfix is rolled into the security update MS13-004.

    If the client OS is Windows 7, Windows 2008 R2 or higher, then the fix has already been rolled up into the .net 3.5 version for that OS and you will not need this hotfix, however, if there is a version of security update MS13-004 for your particular OS it should be installed since the roll-up will contain other important security fixes as well.

    You can use WMI to retrieve to hotfix on those systems.

    Get-WmiObject win32_quickfixengineering -filter 'hotfixid='KB2260240'" -computer somepc


    \_(ツ)_/

    Thursday, October 29, 2015 6:05 AM
  • Hi,

    These should be enough for you to write the script.

    Select-String to search the result from enum, using if to decide what to do and finally use Out-File or Export-Csv to save the data on UNC with -append

    if(Select-String -InputObject $enumlist -Pattern "Windows2008R2Domain") 
    
    #Along with 
    
    Out-File -FilePath "\\Server1\Folder\StatusReport.txt "-Append 


    Regards,

    Satyajit

    Please“Vote As Helpful” if you find my contribution useful or “MarkAs Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.



    Thursday, October 29, 2015 8:03 AM
  • A little testing shows that the enum succeeds on systems that do not have the hotfix.


    \_(ツ)_/

    Thursday, October 29, 2015 8:16 AM
  • Thanks and yes I am aware of this, my requirement is to ensure that any servers (2003 and 2008 SP2) I have in my environment have the appropriate patch/update installed in order to enumerate the 2008 R2 Domain functional level. Apps that use this function can crash if they call the DFL and can't see it.

    I've managed to book some time in with my SCCM specialists to work on some discovery rule to pull the appropriate information rather than go down the scripting route.

    Thanks for your responses.

    Monday, November 9, 2015 2:22 AM
  • Thanks,

    Gave this a try and it suited my original requirements.

    Monday, November 9, 2015 2:23 AM
  • Thanks correct, however a specifc requirement needs to be met. It's in regard to GDR and LDR streams with patches.

    Please see below URL for more information:

    https://support.microsoft.com/en-us/kb/960043

    Monday, November 9, 2015 2:24 AM