Automating Windows Server Environment Inventory with PowerShell

As IT administrators managing complex Windows Server environments, we are often tasked with keeping track of various server configurations, services, roles, and other essential aspects of our infrastructure. Manual tracking and documentation can be time-consuming and error-prone, which is why automating the inventory process is an excellent solution. In this blog post, we’ll introduce a comprehensive PowerShell script that automates the collection of critical data about your Windows Server environment and exports the information into organized CSV files for easy analysis.

Introducing the Windows Server Environment Inventory Script

The Windows Server Environment Inventory PowerShell script is designed to help administrators efficiently gather vital information about their infrastructure. The script consolidates data about servers, services, roles, shares, SMB connections, and certificates, allowing you to keep an eye on your environment and identify potential issues quickly.

Key Features
  • Comprehensive inventory of Windows Server environments
  • Collection of server details, connectivity, services, scheduled tasks, roles, shares, SMB connections, and certificates
  • Export of inventory data into organized CSV files for easy analysis and reporting
  • Automation of data collection process to improve efficiency and accuracy

Requirements and Setup

Before running the script, make sure you have the following requirements in place:

  • PowerShell 5.1 or later
  • Active Directory PowerShell Module
  • Appropriate permissions to query Active Directory, remote servers, and export CSV files

To get started, simply clone or download the project files to a local directory and ensure the Active Directory PowerShell Module is installed on your system.

Running the Script

Open a PowerShell session with administrative privileges and navigate to the directory containing the script. Execute the script by running the following command:

PS C:\> .\InventoryWindowsServerEnvironment.ps1

The script will collect information about Windows Servers in your Active Directory environment and generate multiple CSV files in the same directory as the script. These files can be opened and analyzed using spreadsheet software or other data analysis tools.

Analyzing the Results

The generated CSV files provide comprehensive information about your Windows Server environment, including:

  1. Server connectivity details (export-connectivityreport.csv)
  2. Services running on each server (export-services.csv)
  3. Scheduled tasks on each server (export-scheduledtasks.csv)
  4. Installed roles and features on each server (export-installroles.csv)
  5. File shares and file servers (export-fileshares.csv and export-fileservers.csv)
  6. SMB connections on each server (export-smbconnections.csv)
  7. Certificates from the Computer Personal store on each server (export-personalcertificates.csv)

You can use this data to monitor and manage your Windows Server environment, identify potential issues related to connectivity, services, roles, or certificates, and ensure your infrastructure is running optimally.

Conclusion

Automating the Windows Server environment inventory process with PowerShell is a powerful way to improve efficiency, accuracy, and maintainability. The Windows Server Environment Inventory script simplifies data collection, enabling you to focus on analyzing the results and addressing any issues that arise. By leveraging this script, you can keep your finger on the pulse of your infrastructure and ensure a robust and reliable Windows Server environment.

Download it at:
Windows Server Environment Inventory from Azure DevOps

A script to list all members and owners per Team

This script will list all members and owners per team.
When you add -savedcred:$true it will save a credential file locally, which will give you automated access using that same account to your tenant.
It won’t save your credential plane text, it will use credential vault, which should be perfectly secure.
When using MFA on that service-account, make sure you use an app password.

It also list the object ID’s of both the users and the teams, which means you can use the exported CSV for other scripts (like removing a user from all teams).

The following columns are shown:

You can download it from: https://gallery.technet.microsoft.com/A-script-to-list-all-413530c6

Automatically clean folders in batch (Powershell Scripts)

Read all services and scheduled tasks in your server environment (including Server 2003)

At one point we found out that many system administrators had used their own administrator account for Windows Services and scheduled tasks.
This became a problem only when a few colleagues decided to leave for another company. 

Accounts were turned off and all kinds of services fell out.
Among other things, an SQL server that turned out to run under one of these administrator accounts. 

To know for certain where these accounts were running, I wrote a script that can help with identifying these accounts.
Because scheduled tasks can not be read out with the powershell variant on server 2003, I used a legacy command and changed the layout of the output.
The script asks a number of questions (such as the domain, among other things) on the basis of which two files are generated with all scheduled tasks and services. 

I hope this helps you clean up these scheduled tasks and services. 

Here you can download the script:
https://gallery.technet.microsoft.com/Read-and-Scheduled-tasks-f0621080 

 

 

 

Sync AD Groups with Microsoft Teams (BETA)

Microsoft Teams doesn’t allow you to define a group for membership (dynamically).
When you add an Azure AD group to a Team, all users will be added once.
Once someone is added to that group, it won’t be added to the team automatically.

For this I created this script.
You define an Active Directory group and a Microsoft Team to manage.
All users that are in the AD group, but aren’t in the Team will be added (as a member).
All users that aren’t in the AD group, but are in the Team will be removed from the Team.
Offcourse except owners.
If an owner is in the Team, but isn’t in the AD Group it will generate a warning and continue.

You can find it on Technet Gallery:
https://gallery.technet.microsoft.com/Sync-AD-Group-with-Teams-74598786

Step 1:
Create an Service Account in your Active Directory domain.
This service account needs an UPN suffix with a verified Office 365 domain.

For example: It can be user1@contoso.com, but cannot be user1@contoso.local.
Where contoso.com is added as a verified domain in Office 365.

Sync your Active Directory domain with Azure AD (it normally does every 30 minutes automatically).
Also make sure the Service Account has read-rights in your Active Directory.

Step 2:
Go to Office 365 and add an Office 365 license to the Service Account (with the Teams subscription).

Step 3:
Go to teams.microsoft.com and add the service account as an owner of the Teams you want to manage from AD.

Step 4:
Add the users of the Teams you want to manage to the AD groups you want to sync.

Step 5:
Add AD Groupname and Team name you want to sync to Teams.csv (example csv is in the zip-file), with a comma as a delimiter.
Every line is an Active Directory group and Team that needs to be synced.

WARNING: MAKE SURE YOU ADD ALL MEMBER USERS THAT ARE CURRENTLY IN THE TEAM TO THE RESPECTIVE AD GROUP, ALL MEMBERS THAT ARE IN THE TEAM BUT AREN’T THE AD GROUP ARE REMOVED FROM THE TEAM.
WITH AN EXCEPTION OF OWNERS OFFCOURSE.

Step 6:
Run Powershell as the service user and browse to the location.
run Set-SecureTeamUserInfo.ps1 and type in the credentials of the service account (UserPrincipalName, not SamAccountName).
Credentials are now securely saved in the folder so the script can sign in to Office 365.

Posted in Scripts, Teams