Tag Archives: script

PowerShell Workflow – Check-Service script

I’ve recently needed to work with some services in a group of computers where only one service can be active at a time. This particular service I needed to work with is a printing service responsible for printing labels in a shared directory. If more than one service is enabled at a time, we get duplicate labels! (It led to a lot of confusion during user testing when a server was rebooted).

To automate the work required to make sure only one service is running when maintenance or other work occurs, I decided to write a script.

The script can be downloaded from here.

I used PowerShell workflow, as this seemed like a good bet for something that would benefit from the parallelism benefits that a workflow provides. The idea for me is to use it as part of a System Center Orchestrator Runbook to run the script on an alert from Operations Manager.

I worked on making the script take parameters for the computers to run against, the service to work on and how many services should be running at any one time.

Hopefully this also helps some people working to learn some of the basics of workflow, I’ll make sure to add some comments in the script to explain parts of it. Some things certainly confused me for a little while till I got things working!

Even more work with shadowGroupSync

There has been a couple of updates to the shadowGroupSync tool over the past few days. Apart from a bit of development, I also I went and threw it to GitHub. You can check out my previous posts on it, or grab the latest version. There’s also a development branch in the repository that lets you choose the type of group to create. UPDATE: The features from the development branch are now all in the stable version.

The stable branch has also had a few features added and a couple of little snags fixed. The main new feature is the ability to specify multiple source organisational units for inclusion into a single shadow group. These changes make the utility very useful for generating distribution lists or access groups based on whatever conditions you want; like employee type, manager, or existing group memberships.

The stable ‘master’ branch is essentially the script use myself on a day to day basis, so it should work fine for you. However, as with all things not done yet, the development branch ‘next’ may be unstable. If downloading it sets your computer/server/domain/datacenter on fire (delete as appropriate), that’s got nothing to do with me.

AD Shadow Groups with Windows PowerShell: An Update

I’ve made a fair amount of changes to the shadow group sync script, it’s a fair amount more powerful and much more flexible than the first version. You can now sync user and computer objects into groups from an OU, but with the added functionality of filters to narrow for specific user or computer attribute values. There are a few changes to the format of the CSV, detailed in the script comments, along with an example of the filters that you can use (see the Microsoft TechNet article on PowerShell Active Directory filter syntax for more information).


There’s some more changes here, the script now takes the CSV as an argument to the script file. For example:

.\shadowGroupSync.ps1 ".\TheCSVFile.csv"
.\shadowGroupSync.ps1 -file ".\TheCSVFile.csv"

are both valid ways or running the script.

As before, feel free to use it in any way you want. It’s pretty straightforward, but may contain bugs which I take no responsibility for.

Current version:

Older versions:

Thanks to i3laze for his work with this. I probably wouldn’t have made the effort to extend the script without it.

Managing AD Shadow Groups using Windows PowerShell

I’ve done a bit of work with Windows PowerShell lately, here’s a little script to sync AD OUs with ‘Shadow Groups’.

I couldn’t find a full solution that I could pick up and use, so I rolled my own to sync some OUs containing computers with some groups.

The script reads from a CSV that defines the source OUs and the group names you want to populate. Inside the script, the destination OU gets set, where the shadow groups will exist.

I’ve linked to the code below, feel free to use it in any way you want. It’s pretty straightforward, but may contain bugs which I take no responsibility for.

Download: shadowGroupSync.zip


i3laze (i3laze ‘at’ yandex ‘dot’ ru) supplied an updated script that deals with syncing mail-enabled users and child domains, and not just computers. As with the first version, I take no responsibility if the script has bugs or somehow manages to nuke your domain.

Download: i3laze-shadowGroupSync

I’ve done some work to merge the two versions, which will give the script a lot more flexibility as to the object types it will sync, but there’s still got a bit of testing to do before I post it.


Newer versions of the script are here. This post is kept as a reference to the first version of the script.