Office 365 guide series – Function to resolve a users OneDrive for Business URL


 Office365logo       SP2013logo

Hi SharePoint Online PowerShellers!

This time I will give you a Quick but great function to use if you are working with OneDrive for Business:

Function to resolve a users OneDrive for Business URL

Aggklockax

Simple solution, great to have, unbelievably efficient…

Ok, this is perhaps my shortest post ever…I’ll just explain real Quick.
OneDrive for Business gets it URL from the tenantname and the users UserPrincipalName. Creating this every time can be troublesome…
This is what I use, a function I created last summer when I was tired of doing them one at the time…

It works even with users that have a different domain in the UPN than what is the tenant name.
This is it:

Function GetODfBURL($UserPrincipalName, $TenantName)
# Creates a correct ODfB URL from email and TenantName/OrgName, returns URL as a String
{
    # ConStructing OneDrive personal URL from the UPN/Email address
    $StrUser = $UserPrincipalName
    $pos= $StrUser.IndexOf("@")
    $len = $StrUser.Length -1
    $StrUser = $StrUser.SubString(0, $pos)
    $StrUser = $StrUser -replace "\.", "_"
    $Orgpos = $pos + 1
    $Orglen = $len - $pos
    $StrOrg = $UserPrincipalName.SubString($Orgpos, $Orglen)
    $StrOrgNamePos = $StrOrg.IndexOf(".")
    $StrOrgName = $StrOrg.SubString(0, $StrOrgNamePos)
    $StrOrgSuffixPos = $StrOrgNamePos +1
    $StrOrgNameLen = $StrOrg.Length - $StrOrgSuffixPos
    $StrOrgSuffix = $StrOrg.SubString($StrOrgSuffixPos, $StrOrgNameLen)
    $StrOrg = $StrOrg -replace "\.", "_"
    $PersonalOrgURL = "https://" + $TenantName + "-my.sharepoint.com/personal/"
    $SiteUrl= $PersonalOrgURL + $StrUser
    $SiteUrl= $SiteUrl+ "_" + $StrOrg
    return $SiteUrl
}
$ODfBURL = GetODfBURL "thomas.balkestahl@blksthl.se" "blksthl"

This will give the URL: https://blksthl-my.sharepoint.com/personal/thomas_balkestahl_blksthl_se

Thats it. Use it or not 🙂

 

 

References and Credits


Nope, not this time…

Credits & many thanks to

To all of you.

_________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn

Office 365 guide series – Manage files and folders with PowerShell and CSOM


 Office365logo       SP2013logo

How to manage files and folders with PowerShell and CSOM

DocLib1

How can we manage these items…?

This is a pure guide to using PowerShell to manage and manipulate files and folders, libraries and all document management related tasks in a SharePoint Online or OneDrive for Business environment.

The sections in this guide are:

– Prerequisites
– Load assemblies
– Load a CSOM Context
– Web
– List/Library
– GetFileByServerRelativeUrl and GetForlderByServerRelativeUrl
– Create a file from a local copy
– Create a folder from a local copy
– Set properties on a file
– Set properties on a folder
– ResolveUser (Function)
– GetItemProperties (Function)

Prerequisites

Before beeing able to do much in SharePoint Online or OneDrive for Business, you have to start using CSOM, or Client Side Object Model, this allows us to do pretty much everything we could do before using regular PowerShell and the SharePoint CMD’lets from the SharePoint PowerShell add-on.
Install assemblies:
Download and install ther latest version of the SharePoint Server 2013 Client Components SDK, this can be downloaded from here: http://www.microsoft.com/en-us/download/details.aspx?id=35585
After the SDK and the CSOM assembly DLL’s are in place, make sure you load the assemblies before calling them.

Load assemblies

 Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.dll"
 Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"

This will open up for usage of CSOM in PowerShell.

Load a context

$SPOUser = "administrator@blksthl.onmicrosoft.com"
# Uses a hardcoded password, use only during test/lab:
$SPOPassword = convertto-securestring "Password01" -asplaintext -force
# Better: $SPOPassword = Read-Host -Prompt "Please enter your password" -AsSecureString
$SPOODfBUrl = "https://blksthl.sharepoint.com/personal/jeffrey_lebowski_blksthl_com"
$Context = New-Object Microsoft.SharePoint.Client.ClientContext($SPOODfBUrl)
$Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($SPOUser,$SPOPassword)
$Context.RequestTimeout = 16384000
$Context.Credentials = $Credentials
$Context.ExecuteQuery()

Returns: $Context

Web

(Using $Context from the section on Context above)

$Web = $Context.Web
$Context.Load($Web)
$Context.ExecuteQuery()

Returns: $Web

List/Library

$SPODocLibName = "Documents"
$SPOList = $Web.Lists.GetByTitle($SPODocLibName)
$Context.Load($SPOList.RootFolder)
$Context.ExecuteQuery()

Returns: $SPOList

GetFileByServerRelativeUrl and GetForlderByServerRelativeUrl

In order to use the ‘Get…ByServerRelativeUrl’ methods you have to supply a relative path to the file or folder, this means a path starting from the FQDN.

Example 1
https://company.sharepoint.com/get/fileorfolder/by/relative/url
FQDN: https://company.sharepoint.com
ServerRelativeUrl: /get/fileorfolder/by/relative/url

Example 2
https://company-my.sharepoint.com/personal/firstname_lastname_company_com
FQDN: https://company-my.sharepoint.com
ServerRelativeUrl: /personal/firstname_lastname_company_com

Example file:

"/personal/jeffrey_lebowski_blksthl_com/documents/report1.xlsx"

Example folder:

 "/personal/jeffrey_lebowski_blksthl_com/documents/subfolder"

Create a file from a local copy

This can be accomplished in several ways, this is one:

1.
$LocalFile = Get-ChildItem -path "C:\Homedirs\jeff\report1.xlsx"
$FolderRelativeUrl = $SPOList.RootFolder.ServerRelativeUrl
$FileName = $LocalFile.Name
$FileUrl = $FolderRelativeUrl + "/" + $FileName
[Microsoft.SharePoint.Client.File]::SaveBinaryDirect($Web.Context, $fileUrl, $LocalFile.OpenRead(), $true)

Returns: New file created in SPO/ODfB

Create a folder from a local copy

$SPOFolder = $SPOList.RootFolder
$LocalFolder = Get-ChildItem -path "C:\Homedirs\jeff\" -Recurse -Include "folder1" 
$FolderName = $LocalFolder.Name
$NewFolder = $SPOFolder.Folders.Add($FolderName)
$Web.Context.Load($NewFolder)
$Web.Context.ExecuteQuery()

Returns: New folder created in SPO/ODfB

Set properties on a file

Input: $FileRelativeUrl, $SPOItemModifier, $SPOItemOwner, $ItemCreated, $ItemModified

$CurrentFile = $Context.web.GetFileByServerRelativeUrl($FileRelativeUrl)
$Context.Load($CurrentFile)
$Context.ExecuteQuery()
$ListItem = $CurrentFile.ListItemAllFields;
$ListItem["Editor"] = $SPOItemModifier; # Get object from ResolveUser
$Listitem["Author"] = $SPOItemOwner; # Get object from ResolveUser
$Listitem["Created"] = $ItemCreated;
$Listitem["Modified"] = $ItemModified;
$ListItem.Update()
$Context.Load($CurrentFile)
$Context.ExecuteQuery()

Returns: Folder stamped with new properties in SPO/ODfB

Set properties on a folder

Input: $FolderRelativeUrl, , $SPOItemModifier, $SPOItemOwner, $ItemCreated, $ItemModified

$CurrentFolder = $Context.web.GetFolderByServerRelativeUrl($FolderRelativeURL)
$Context.Load($CurrentFolder)
$Context.ExecuteQuery()
$SPOFolderItem = $CurrentFolder.ListItemAllFields;
$SPOItemOwner = ResolveUser $UserEmail # For ResolveUser see separate function described later in this post
$SPOFolderItem["Editor"] = $SPOItemModifier # Must be a userobject, see 'ResolveUser'
$SPOFolderItem["Author"] = $SPOItemOwner # Must be a userobject, see 'ResolveUser'
$SPOFolderItem["Created"] = $ItemCreated # In the format: "8/10/2013 7:04 PM", see 'GetItemProperties'
$SPOFolderItem["Modified"] = $ItemModified # In the format: "8/10/2013 7:04 PM", see 'GetItemProperties'
$SPOFolderItem.Update()
$Context.Load($CurrentFolder)
$Context.ExecuteQuery()

Returns: Folder stamped with new properties in SPO/ODfB

ResolveUser (Function)

Function ResolveUser ($InputUPN)
# Resolves a user to a userobject
{
    $OutputUserObject = $Web.Context.web.EnsureUser($InputUPN)
    $Web.Context.Load($OutputUserObject)
    $Web.Context.ExecuteQuery()
    Return $OutputUserObject
}

Returns: UserObject for $InputUPN (UserPrincipalName/Email)

GetItemProperties (Function)

Function GetItemProperties ($InFileObject)
# Gets basic properties to set on files and folders
{
    $Global:ItemCreated = $InFile.CreationTime
    $Global:ItemModified = $InFile.LastWriteTime
}

Returns: Global: Variables for ItemCreated and LastWriteTime of $InFileObject (File or Folder)

Thats all for now, I hope that you let me know if there is anything that seems to be wrong or does not work. The problem with describing all this in a complete way, is that it is easy to leave something out and it is also difficult to test every aspect while writing. Time is limited for all of us…
Anyway, my goal was to write a post that covered what I was myself missing…I hope that this is it. And again, please let me know if there are any mistakes in here.

References and Credits

None at this time…

Credits & many thanks to

LabCenter – you guys always publish my articles!

My family, my parents, Ia and the kids!

SP2013logo

_________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn

Office 365 guide series – Verify Provisioned OneDrives using PowerShell


 Office365logo       SP2013logo

Hi SharePoint Online administrators!

This time I will show you how to:

Verify if a provisioned OneDrive for Business site was provisioned.

AminneBrukx

 Is this really right…? What did they…(Åminne bruk, Värnamo, Sweden)

 

If you followed my previous post, Office 365 guide series – Provision OneDrive for Business using PowerShell then you will mst likely have a bunch of sites that you Think you have provisioned and are not really sure if it worked?
There are obviously ways to verify manuelly but if the list of users was long, then that is not the funniest work out there…

I suggest you use this script instead…:-)

If you have a single emaildomains in your oranization use the first one, if you have multiple emaildomains, use the second.
All you have to do is copy or retype the script to a Prompt/ps1 or ISE session, then run the script. You have the option to save some time by entering your account name in the script(see start)

 

1. Script 1 Use this script if your organization only uses one domainname as email domain. For example, if you use only ‘contoso.com’ then you should use this script.
2. Script 2 Use this script if your organization only uses multiple domainnames as email domains. For example, if you use ‘contoso.com’, ‘microsoft.com’, northwindtraders.com’ as UPN names within your O365 tenant, then use this script. You will here be asked for the domain used in the O365 tenant address.
3. Example 1 Example of a usecase with multiple emaildomains and script 2.
4. Example 2 Example of a usecase with a single emaildomain and script 1.

Note: If you copy paste the code from here into a PowerShell promt or ISE, please verify that all quotes and doublequotes are copied correctly, character coding may cause problems. 

 

Single email domain in your oranization:

***** SCRIPT 1 STARTS HERE *****

#
# By Thomas Balkeståhl - http://blog.blksthl.com
#
$o365cred = Get-Credential -Username "thomas.balkestahl@cramo.onmicrosoft.com" -Message "Supply a Office365 Admin"
$Userlist = read-host "submit your list of users that have been provisioned"
$Userlist = $Userlist -replace " ", ""
$Emails = $userlist -split ","
#Splitting list into Array
Foreach($Email in $Emails)
{
    # Constructing URL from the UPN/Email address
    $struser = $Email
    $pos= $strUser.IndexOf("@")
    $len = $struser.Length -1
    $strUser = $strUser.SubString(0, $pos)
    $strUser = $strUser -replace "\.", "_"
    $orgpos = $pos + 1
    $orglen = $len - $pos
    $strOrg = $Email.SubString($orgpos, $orglen)
    $strOrgNamePos = $strOrg.IndexOf(".")
    $strOrgName = $strOrg.SubString(0, $strOrgNamePos)
    $strOrgSuffixPos = $strOrgNamePos +1
    $strOrgNameLen = $strOrg.Length - $strOrgSuffixPos
    $strOrgSuffix = $strOrg.SubString($strOrgSuffixPos, $strOrgNameLen)
    $strOrg = $strOrg -replace "\.", "_"
    $PersonalOrgURL = "https://" + $strOrgName + "-my.sharepoint.com/personal/"
    $SiteUrl= $PersonalOrgURL + $strUser
    $SiteUrl= $SiteUrl+ "_" + $strOrg
    write-host "Verifying user:" $Email
$HTTP_Request = [System.Net.WebRequest]::Create($SiteUrl)
$HTTP_Request.UseDefaultCredentials = $true
$HTTP_Request.Credentials = $o365cred
try {
    $HTTP_Response = $HTTP_Request.GetResponse()
}
catch [System.Net.WebException] {
    $HTTP_Response = $_.Exception.Response
}
$HTTP_Status = $HTTP_Response.StatusCode
If ($HTTP_Status -eq 200 -or $HTTP_Status -eq 403 )   { 
    Write-Host -ForegroundColor Green "Site for user $Email exists!" 
}
Else {
    Write-Host -ForegroundColor Yellow "The OneDrive site for user $Email does not respond, try again later or provision it again"
}
$HTTP_Request = $null
$HTTP_Response = $null
$HTTP_Status = $Null
}

***** SCRIPT 1 ENDS HERE *****

If you have multiple email domain in your oranization, use this second script:
***** SCRIPT 2 STARTS HERE *****

#
# By Thomas Balkeståhl - http://blog.blksthl.com
#
$O365Admin = read-host "Supply your Office 365 Admin username(UPN)"
# Add you admin account below, uncomment and comment out the line above to save time...
# $O365Admin = "admin.user@domain.com"
$o365cred = Get-Credential -Username $O365Admin -Message "Supply a Office365 Admin"
$strO365OrgName = read-host "submit your O365 orgname (Only organization, like 'contoso')"
$Userlist = read-host "submit your list of users that have been provisioned"
$Userlist = $Userlist -replace " ", ""
$Emails = $userlist -split ","
#SPlitting list into Array
Foreach($Email in $Emails)
{
    # Constructing URL from the UPN/Email address
    $struser = $Email
    $pos= $strUser.IndexOf("@")
    $len = $struser.Length -1
    $strUser = $strUser.SubString(0, $pos)
    $strUser = $strUser -replace "\.", "_"
    $orgpos = $pos + 1
    $orglen = $len - $pos
    $strOrg = $Email.SubString($orgpos, $orglen)
    $strOrgNamePos = $strOrg.IndexOf(".")
    $strOrgName = $strOrg.SubString(0, $strOrgNamePos)
    $strOrgSuffixPos = $strOrgNamePos +1
    $strOrgNameLen = $strOrg.Length - $strOrgSuffixPos
    $strOrgSuffix = $strOrg.SubString($strOrgSuffixPos, $strOrgNameLen)
    $strOrg = $strOrg -replace "\.", "_"
    $PersonalOrgURL = "https://" + $strO365OrgName + "-my.sharepoint.com/personal/"
    $SiteUrl= $PersonalOrgURL + $strUser
    $SiteUrl= $SiteUrl+ "_" + $strOrg
    write-host "Verifying user:" $Email
$HTTP_Request = [System.Net.WebRequest]::Create($SiteUrl)
$HTTP_Request.UseDefaultCredentials = $true
$HTTP_Request.Credentials = $o365cred
try {
    $HTTP_Response = $HTTP_Request.GetResponse()
}
catch [System.Net.WebException] {
    $HTTP_Response = $_.Exception.Response
}
$HTTP_Status = $HTTP_Response.StatusCode
If ($HTTP_Status -eq 200 -or $HTTP_Status -eq 403 )   { 
    Write-Host -ForegroundColor Green "Site for user $Email exists!"
}
Else {
    Write-Host -ForegroundColor Yellow "The OneDrive site for user $Email does not respond, try again later or provision it again"
}
$HTTP_Request = $null
$HTTP_Response = $null
$HTTP_Status = $Null
}

***** SCRIPT 2 ENDS HERE *****

Example 1

Multiple emaildomains
O365 Orgname: contoso
Users: test.user1@contoso.com, test.user2@northwind.com, test.user3@contoso.com, test.user4@contoso.com, test.user5@contoso.com

PS1

Like you can see, the list contains users with different emaildomains, contoso and northwind. THe submitted O365 orgname is however used to verify the OneDrive site, contoso.
In this example, the user test.user@contoso.com does not seem to have the OneDrive site provisioned.

Example 2

Single emaildomain
Users: test.user1@contoso.com, test.user2@contoso.com, test.user3@contoso.com, test.user4@contoso.com, test.user5@contoso.com

PS2

Like you can see, the list contains users with only contoso as emaildomain.
In this example, the user test.user2@contoso.com does not seem to have the OneDrive site provisioned. Try to provision again/verify manuelly.

References and Credits


Office 365 guide series – Provision OneDrive for Business using PowerShell
https://blog.blksthl.com/2014/08/07/office-365-guide-series-provision-onedrive-for-business-using-powershell/

 

Credits & many thanks to

Jörgen Andersson, Xperta

Always, Mattias Gutke at CAG

 

SP2013logo

_________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn

Office 365 guide series – Provision OneDrive for Business using PowerShell


 Office365logo       SP2013logo

Hi SharePoint Online administrators!

This time I will show you how to:

Provision OneDrive for Business using only PowerShell.

Lisebergx

Get the people up there…into the Clouds…(Liseberg, Gothenburg, Sweden)

Time to roll out OneDrive for Business in the Enterprise? Or maybe you just want to implement OneDrive for Business in a controlled way, and you may not be a hardcore developer either.

If you want to do any kind of preparation before letting the users into their OneDrives, then you will need to have them created/provisioned first, after that you can go ahead and give yourself permission (separate blogpost) and migrate a users files (separate blogpost), preconfigure, brand, and so on.
I have in this guide tried to offer a way to provision the OneDrive for Business to your users in a way that do not require you to know C#, Visual Studio or any development at all, how does that sound? All you need to do is follow this guide to the letter, and you will be sucessfull.

The only way I have found so far to provision a users OneDrive for Business as a administrator is to use code developed by the Office AMS Community Project. This includes among other things, a great Visual Studio sample Project for provisioning users OneDrive for business, and this is really spot on. But…it is not that easy to get going, for a non-developer it may prove to be impossible.

I have used code developed in the samples but I will only use PowerShell to execute it. This is what will make it easy for others (such as you?) to use.
The Office AMS Project also includes the SharePoint client assemblies needed to do anything with SPO using CSOM, Client Side Object Model(Code executed on the client).

In order to get started provisioning your users OneDrive for Business sites(or we can just as well call them MySites, since this is wat they really are…), you just follow these steps:

Quickguide

1. Download Download and unpack the Office App Model Samples from Codeplex, last tested version is currently 2.0 found here: DOWNLOAD Office AMS.
2. Get assemblies Locate the Microsoft.sharepoint.client assembles in the unpacked Office App Model Samples folders, located in <unpack location>\Office App Model Samples v2.0\Assemblies\16\ Copy the files Microsoft.SharePoint.Client.dll, Microsoft.SharePoint.Client.UserProfiles.dll and Microsoft.SharePoint.Client.Runtime.dll and put them in a folder of your choice, I used C:\Temp\ in my sample. (You can also leave the files as is, but then you have to alter the PowerShell code to reference the path in the Office AMS folders)
3. Run the script In a PowerShell prompt/ISE running as admin, run the PowerShell script available below andHERE (Download as Word file), this will load the code needed to access SPO and start provisioning. (Verify and update if needed the $MyAssemblies line at the very bottom)
4. Execute Execute the code in your PowerShell prompt/ISE running as admin (It has to be the same prompt/ISE used to execute the script), use this syntax: Syntax: [OneDriveforBusiness.Provision]::Execute(<SharePointAdminURL>,<GlobalTenantAdminAccount>,<AdminAccountPassword>,<ListofUsersEmailSeparatedbyCommas>)
5. Done – Verify… Done! Verify that the sites have been provisioned by entering the address in your browser of choice.
References/Credits Reference links and credits

 

The detailed Guide:

1. Download

 

New!
Download the latest version of SharePoint Server 2013 Client Components SDK x86 or x64. This SDK contains the dll’s needed.
During the install, the dll’s will be added to the following path:
C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI\

Download the latest version (Office App Model Samples 2.0 – July 2014 – Update 1) of the Office App Model Samples, the Project has been renamed to the more formal Office365 Developer Patterns & Practices but it is still the same.
The last tested version is currently 2.0 found here: DOWNLOAD Office AMS

 

Back to Menu

2. Get the assemblies

Unpack the files to a location of choice. (The files will ironically enough not synch very well if stored in a OneDrive for Business synchronized folder – long path among other issues).
Locate the ‘assemblies\16’ folder, in this folder you will find the 3 files we need, Microsoft.SharePoint.Client.dll, Microsoft.SharePoint.Client.UserProfiles.dll and Microsoft.SharePoint.Client.Runtime.dll. Either you put these Three files in a better location, or you make a note of the path to the folder.

Back to Menu

3. Run the script

Start a PowerShell prompt/ISE running as administrator. This is where all the magic will happen. Copy the powershell script below, or download the scriptfile HERE (Word file), then add the script to the Prompt/ISE.
Before executing the script, you will need to alter one thing, the path to the assembly files. Update the line where we give a value to the $MyAssemblies to reflect where you have your SharePoint.client dll files. This is crucial since the code needs to be able to access these asseblies during execution.

$MyAssemblies = (‘C:\Temp\Microsoft.SharePoint.Client.dll’,’C:\Temp\Microsoft.SharePoint.Client.Runtime.dll’,’C:\Temp\Microsoft.SharePoint.Client.UserProfiles.dll’,’System’,’System.Security’)

Unless you have stored your SharePoint.client.dll’s in C:\Temp folder, you will have to update the Three paths to reflect where the files are stored. Example:

$MyAssemblies = (‘C:\Users\Thomas\Documents\Office App Model Samples v2.0\Assemblies\16\Microsoft.SharePoint.Client.dll’,’C:\Users\Thomas\Documents\Office App Model Samples v2.0\Assemblies\16\Microsoft.SharePoint.Client.Runtime.dll’,’C:\Users\Thomas\Documents\Office App Model Samples v2.0\Assemblies\16\Microsoft.SharePoint.Client.UserProfiles.dll’,’System’,’System.Security’)

Once this is done, you can go ahead and execute the script.

HERE (Download as Word file)

# By Thomas Balkeståhl - blog.blksthl.com August 6 2014
#
# 1. Run script to load the C# code into the Assembly
# 2. Execute using the following syntax:
#
# Syntax:  [OneDriveforBusiness.Provision]::Execute(<SharePointAdminURL>,<GlobalTenantAdminAccount>,<AdminAccountPassword>,<ListofUsersEmailSeparatedbyCommas>)
# Example: PS C:\> [OneDriveforBusiness.Provision]::Execute("https://donkeymind-admin.sharepoint.com","globaladmin@donkeymind.com","MyVerySecretPassWord1!","user1@donkeymind.com,user2@donkeymind.com,user3@donkeymind.com")
# Input:            
# adminurl = The Tenanat Admin URL for your SharePoint Online Subscription, example: "https://donkeymind-admin.sharepoint.com".
# adminuser = The Credentials of the user who has tenant admin permission, example: "admin@donkeymind.com".
# password = The password in cleartext to your tenant admin account(I know, not ideal...but it was a quick and dirty to make it work).
# users = The email IDs for users who's personal site you want to create in the form of a comma-separated string, example: "user1@donkeymind.com,user2@donkeymind.com,user3@donkeymind.com". Do not enter more than 200 users at a time.
$MyCSharpSource = @" 
using Microsoft.SharePoint.Client;
using Microsoft.SharePoint.Client.UserProfiles;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security;
using System.Text;
using System.Threading.Tasks;
namespace OneDriveforBusiness
{
    public class ProvisionOneDrive
    {
        public static void Execute(string adminurl, string adminuser, string password, string users)
        {
        
            string siteUrl = adminurl;
            string userName = adminuser;
        
            SecureString pwd = GetPassword(password);
            string[] emailIds = GetEmailId(users);
            /* End Program if no Credentials */
            if (string.IsNullOrEmpty(userName) || (pwd == null) || emailIds == null || string.IsNullOrEmpty(siteUrl))
                return;
            SharePointOnlineCredentials _creds = new SharePointOnlineCredentials(userName, pwd);
            CreatePersonalSiteUsingCSOM(_creds, siteUrl, emailIds);
            Console.Read();
        }
        public static SecureString StringToSecure(string nonSecureString)
        {
            SecureString _secureString = new SecureString();
            foreach (char _c in nonSecureString)
                _secureString.AppendChar(_c);
            return _secureString;
        }
        // tenantAdminUrl = The Tenanat Admin URL for your SharePoint Online Subscription
        // spoCredentials = The Credentials of the user who has tenant admin permission.
        // emailIDs = The email IDs for users whos personal site you want to create.
        public static void CreatePersonalSiteUsingCSOM(SharePointOnlineCredentials spoCredentials, string tenantAdminUrl, string[] emailIDs)
        {
            using (ClientContext _context = new ClientContext(tenantAdminUrl))
            {
                try
                {       
                    _context.AuthenticationMode = ClientAuthenticationMode.Default;
                    _context.Credentials = spoCredentials;
                    ProfileLoader _profileLoader = ProfileLoader.GetProfileLoader(_context);
                    _profileLoader.CreatePersonalSiteEnqueueBulk(emailIDs);
                    _profileLoader.Context.ExecuteQuery();
                    Console.Write("Provisioning of the users supplied has been initiated, please allow for the provisioning to finish, this can take up to 5 minutes.");
                }
                catch (Exception _ex)
                {
                    Console.WriteLine(string.Format("Provisioning failed, find the problem and try again. The error message is {0}", _ex.Message));
                }
            }
        }
        
        public static SecureString GetPassword(string password)
        {
            SecureString sStrPwd = new SecureString();
            foreach (char ch in password) sStrPwd.AppendChar(ch);
            return sStrPwd;
        }
        public static string[] GetEmailId(string users)
        {
            string[] emailID;
            try
            {
                string Output = "Provisioning the supplied list of users: " + users;
                Console.WriteLine(Output);
                string emailInput = users;
                if (!string.IsNullOrEmpty(emailInput))
                {
                    emailID = emailInput.Split(new char[] { ',' });
                    return emailID;
                }
                else
                {
                    return null;
                }
            }
            catch (Exception e)
            {
                Console.WriteLine(e.Message);
            }
            return null;
        }
    }
}
"@
$ass1 = [System.Reflection.Assembly]::LoadFile("c:\temp\Microsoft.SharePoint.Client.dll") 
$ass2 = [System.Reflection.Assembly]::LoadFile("c:\temp\Microsoft.SharePoint.Client.Runtime.dll") 
$ass3 = [System.Reflection.Assembly]::LoadFile("C:\temp\Microsoft.SharePoint.Client.UserProfiles.dll")
$MyAssemblies = @( $ass1.FullName, $ass2.FullName,$ass3.Fullname,"System","System.Core","System.Security")
Add-Type -ReferencedAssemblies $MyAssemblies -TypeDefinition $MyCSharpSource -Language CSharp -PassThru

HERE (Download as Word file)

Back to Menu

4 Executing the provisioning code

ISE2

We have now loaded the code into memory (a .NET Framework class in your Windows PowerShell session), where it will be available just like if we had created a C# DLL and loaded it into the GAC. Remember though, the code is now static and connot be altered. If you need to make any Changes, have a look in the references section where I will show how to be able to alter the code after it has been loaded once.

Now, we have to call on the code laoded into memory, this is done from the same prompt/ISE used to load the code, the code only exists in that prompt session so it will not be available in any other prompt.

Use the following syntax to execute:

Syntax: [OneDriveforBusiness.ProvisionOneDrive]::Execute(<SharePointAdminURL>,<GlobalTenantAdminAccount>,<AdminAccountPassword>,<ListofUsersEmailSeparatedbyCommas>)

Example: PS C:\> [OneDriveforBusiness.ProvisionOneDrive]::Execute(“https://donkeymind-admin.sharepoint.com&#8221;,”globaladmin@donkeymind.com”,”MyVerySecretPassWord1!”,”user1@donkeymind.com,user2@donkeymind.com,user3@donkeymind.com”) 

What you need to supply when running the code, is your SharePoint online admin address, a tenent admin account and password, plus a list of emailadresses to the users that will be provisioned with a OneDrive for Business.

Start by typing in this:

[OneDriveforBusiness.ProvisionOneDrive]::Execute

ISE4

What this does is call the code we just loaded from PowerShell, The Namespace is OneDriveforBusiness, the Class is ProvisionOneDrive and finally, the void or function is Execute.

<SharePointAdminURL>: The Admin address is available if you go the the Admin/SharePoint administration web. This will be visible in the address field of your browser:

Admin1x

Admin0x

Note the address: https://donkeymind-admin.sharepoint.com.

<GlobalTenantAdminAccount>: An account that is a global Office 365 Tenant Administrator.
The account must have this setting in Office 365 Admin Center/Users & Groups – User object:

Parameters1x

<AdminAccountPassword>: The password of the <GlobalTenantAdminAccount>. This will be entered in cleartext, not the ideal security solution but this is the only way I could solve it.
(Suggestions on how to prompt for the password in a secure way is welcome!)

<ListofUsersEmailSeparatedbyCommas>: This is the users that will have provisioned with OneDrive for Business. A list of UPN’s (User Principal Name) separated by commas. The UPN must be the one registered in Office 365. The UPN is in the form of a emailadress, for example: user@domain.com. Enter the string using double quotes on both sides.

This is what the string should look like: “user1@donkeymind.com, user2@donkeymind.com, user3@donkeymind.com, user4@donkeymind.com, user5@donkeymind.com”

When you have all the values in order, type in the command with your parameters and execute the provisioning:

PS C:\PSScripts> [OneDriveforBusiness.ProvisionOneDrive]::Execute(“https://donkeymind-admin.sharepoint.com&#8221;,”thomas@donkeymind.onmicrosoft.com”,”**********”,”testaccount@donkeymind.onmicrosoft.com”)

When executed ok, you will see this:

ISE9

The limit for submitting users to be provisioned have been set by Microsoft to 200 at the time. This code do allow more but it will cause issues. Better to do them 200 at the time, wait unitl done and then do 200 more, alternatively, alter the code to include a check so that every user have been provisioned ok Before moving onto the next.

Now, you can execute the commend again and again. You can also use the code obviously for other tenants. Simple provide the commend with a different account, a different admin URL and you are good to go. Good luck!

Back to Menu

5. Done! Verify….

For a tool to verify your list of users directly, check out this guide: Office 365 guide series – Verify Provisioned OneDrives using PowerShell

Verify that the sites have been provisioned by browsing to the direct URL using your admin account. The URL will look like this:

User: thomas.balkestahl@donkeymind.onmicrosoft.com
URL: https://donkeymind-my.sharepoint.com/personal/thomas_balkestahl_donkeymind_onmicrosoft_com/

User: han.solo@alliance.org
URL: https://donkeymind-my.sharepoint.com/personal/han_solo_alliance_com/

Since you are using your admin account, you have access to the private part of the OneDrive/MySite.

Note: All the steps in this guide have been verified on a Windows 8.1 Update 1 machine, using PowerShell ISE and the Office AMS July 2014 Update 1. All tests have been done during August of 2014, the functionality of Office 365 may change over time and may thus cause this guide to fail. If this happens I will try to be alert and update the guide accordingly. 

Possible errors

1. You need to alter the script, then run the script again?

You have two choices if this happens, you have loaded the code once and you need to edit it and run again. If you do this you may get the error message saying that the ‘Type has already been added’ or similar. If you get this, simply restart your PowerShell prompt/ISE, OR, Change the name of the public class:

Code1x

Add for example a number after, so that the class is called: ProvisionOneDrive1, then 2 and so on.

2. Nothing happens, no OneDrive shows up?

Verify all your values, then execute the command again. Remember though, that the time it takes for a site to show up may vary and can take up to 5 minuter PER SITE. Wait a moment longer, try it again

If you have the wrong address when verifying, you will see either of these pages depending on the URL used:

A link like:
https://donkeymind-my.sharepoint.com/personal/testuser4_donkeymind_onmicrosoft_com/_layouts/start.aspx#/Documents/Forms/All.aspx?LoadProfile=TRUE

Error1

A link like:
https://donkeymind-my.sharepoint.com/personal/testuser4_donkeymind_onmicrosoft_com

error2

404 could also just mean that the site is in queue and has not been provisioned yet.

References and Credits


Stefan Gossners old post: Using CSharp (C#) code in Powershell scripts
http://blogs.technet.com/b/stefan_gossner/archive/2010/05/07/using-csharp-c-code-in-powershell-scripts.aspx

Office365 Developer Patterns & Practices/Office App Model Samples
http://officeams.codeplex.com/

TechNet Add-Type
http://technet.microsoft.com/en-us/library/hh849914.aspx

Credits & many thanks to

Kimmo Forss, Microsoft

Jörgen Andersson, Xperta

All the contributors of Office AMS

Always, Mattias Gutke at CAG

Stefan Gossner, Microsoft (Blog) for that short and concise post written a few years back.

My love for putting up with me while solving this problem and writing this post!

SP2013logo

_________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn

The complete list of tools in Windows Server 2012


Tools Tools Tools Tools Tools….I wonder how much smaller in diskspace Windows would be without the tools? There are Tools for almost every task, just browse this list and you understand what I’m talking about.
Have you ever wondered about a commandline tool and did not find the proper explanation or the TechNet page for it?
Have you like me, had to learn what a lot of these does simply to be able to pass a certification?

IMG_0818(Oh, the Picture shows two bowls of chocolate, nothing else…)

Look no further, bookmark this page and you will find it all in one convenient place. No PowerShell here though, a lot of the stuff that can be made using these tools may or may not be performed using PowerShell CMDlets as well, but these are not listed here, this list is strictly for hardcore tools!

Do you miss any certain Windows Server 2012 tool that you feel should be here? Please let me know which it is and I’ll be sure to add it if you can convince me that it should be part of the list.

A B C D E F G H I J K L M

N O P Q R S T U V W X Y Z

Jump to References


A Back to the menu
Adprep Extends the Active Directory® schema and updates permissions as necessary to prepare a forest and domain for a domain controller that runs a later version of the Windows Server operating system than the current domain controllers in the forest or domain.
Append Allows programs to open data files in specified directories as if they were in the current directory. If used without parameters, append displays the appended directory list.
Arp Displays and modifies entries in the Address Resolution Protocol (ARP) cache, which contains one or more tables that are used to store IP addresses and their resolved Ethernet or Token Ring physical addresses. There is a separate table for each Ethernet or Token Ring network adapter installed on your computer. Used without parameters, arp displays help.
Assoc Displays or modifies file name extension associations. If used without parameters, assoc displays a list of all the current file name extension associations.
At Schedules commands and programs to run on a computer at a specified time and date. You can use at only when the Schedule service is running. Used without parameters, at lists scheduled commands.
Atmadm Monitors connections and addresses that are registered by the ATM Call Manager on an asynchronous transfer mode (ATM) network. You can use atmadm to display statistics for incoming and outgoing calls on ATM adapters. Used without parameters, atmadm displays statistics for monitoring the status of active ATM connections
Attrib Displays, sets, or removes attributes assigned to files or directories. If used without parameters, attrib displays attributes of all files in the current directory.
Auditpol Displays information about and performs functions to manipulate audit policies.
Autochk Runs when the computer is started and prior to Windows Server® 2008 R2 starting to verify the logical integrity of a file system.
Autoconv Converts file allocation table (FAT) and FAT32 volumes to the NTFS file system, leaving existing files and directories intact at startup after Autochk runs. Volumes converted to the NTFS file system cannot be converted back to FAT or FAT32.
Autofmt Formats a drive or partition when called from the Windows Recovery Console.
B Back to the menu
Bcdboot Enables you to quickly set up a system partition, or to repair the boot environment located on the system partition. The system partition is set up by copying a simple set of Boot Configuration Data (BCD) files to an existing empty partition.
Bcdedit BCDEdit is a command-line tool for managing BCD stores. It can be used for a variety of purposes, including creating new stores, modifying existing stores, adding boot menu parameters, and so on. BCDEdit serves essentially the same purpose as Bootcfg.exe on earlier versions of Windows, but with two major improvements: Exposes a wider range of boot parameters than Bootcfg.exe and has improved scripting support.
Bdehdcfg Prepares a hard drive with the partitions necessary for BitLocker Drive Encryption. Most installations of Windows 7 will not need to use this tool because BitLocker setup includes the ability to prepare and repartition drives as required.
Bitsadmin BITSAdmin is a command-line tool that you can use to create download or upload jobs and monitor their progress.
Bootcfg Configures, queries, or changes Boot.ini file settings.
Break (Deprecated) Sets or clears extended CTRL+C checking on MS-DOS systems. If used without parameters, break displays the current setting.
C  Back to the menu
Cacls Displays or modifies discretionary access control lists (DACL) on specified files.
Call Calls one batch program from another without stopping the parent batch program. The call command accepts labels as the target of the call.
Cd Displays the name of or changes the current directory. If used with only a drive letter (for example, cd C:), cd displays the names of the current directory in the specified drive. If used without parameters, cd displays the current drive and directory. (This command is the same as the chdir command.)
Certreq Certreq can be used to request certificates from a certification authority (CA), to retrieve a response to a previous request from a CA, to create a new request from an .inf file, to accept and install a response to a request, to construct a cross-certification or qualified subordination request from an existing CA certificate or request, and to sign a cross-certification or qualified subordination request.
Certutil Certutil.exe is a command-line program that is installed as part of Certificate Services. You can use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains.
Change Changes Remote Desktop Session Host (RD Session Host) server settings for logons, COM port mappings, and install mode.
Chcp Changes the active console code page. If used without parameters, chcp displays the number of the active console code page.
Chdir This command is the same as the cd command.
Chglogon Enables or disables logons from client sessions on an RD Session Host server, or displays current logon status.
Chgport Lists or changes the COM port mappings to be compatible with MS-DOS applications.
Chgusr Changes the install mode for the Remote Desktop Session Host (RD Session Host) server.
Chkdsk Checks the file system and file system metadata of a volume for logical and physical errors. If used without parameters, chkdsk displays only the status of the volume and does not fix any errors. If used with the /f, /r, /x, or /b parameters, it fixes errors on the volume.
Chkntfs Displays or modifies automatic disk checking when the computer is started. If used without options, chkntfs displays the file system of the specified volume. If automatic file checking is scheduled to run, chkntfs displays whether the specified volume is dirty or is scheduled to be checked the next time the computer is started.
Choice Prompts the user to select one item from a list of single-character choices in a batch program, and then returns the index of the selected choice. If used without parameters, choice displays the default choices Y and N.
Cipher Displays or alters the encryption of directories and files on NTFS volumes. If used without parameters, cipher displays the encryption state of the current directory and any files it contains.
Clip Redirects command output from the command line to the Windows clipboard. You can then paste this text output into other programs.
Cls Clears the Command Prompt window.
Cluadmin Enables you to connect to a failover cluster (formerly known as server cluster). Used without parameters, cluadmin starts Cluster Administrator, the tool used to configure and manage failover clusters.
Cluster Creates a new cluster or configures an existing cluster.
Cmd Starts a new instance of the command interpreter, Cmd.exe. If used without parameters, cmd displays the version and copyright information of the operating system.
Cmdkey Creates, lists, and deletes stored user names and passwords or credentials.
Cmstp Installs or removes a Connection Manager service profile. Used without optional parameters, cmstp installs a service profile with default settings appropriate to the operating system and to the user’s permissions.
Color Changes the foreground and background colors in the Command Prompt window for the current session. If used without parameters, color restores the default Command Prompt window foreground and background colors.
Comp Compares the contents of two files or sets of files byte-by-byte. If used without parameters, comp prompts you to enter the files to compare.
Compact Displays or alters the compression of files or directories on NTFS partitions. If used without parameters, compact displays the compression state of the current directory and the files it contains.
Convert Converts file allocation table (FAT) and FAT32 volumes to the NTFS file system, leaving existing files and directories intact. Volumes converted to the NTFS file system cannot be converted back to FAT or FAT32.
Copy Copies one or more files from one location to another.
Cprofile Cprofile – Cprofile is deprecated, and is not guaranteed to be supported in future releases of Windows.
Cscript Starts a script so that it runs in a command-line environment.
Csvde Imports and exports data from Active Directory Domain Services (AD DS) using files that store data in the comma-separated value (CSV) format. You can also support batch operations based on the CSV file format standard.
D  Back to the menu
Date Displays or sets the system date. If used without parameters, date displays the current system date setting and prompts you to enter a new date.
Dcdiag Analyzes the state of domain controllers in a forest or enterprise and reports any problems to help in troubleshooting.
Dcgpofix Recreates the default Group Policy Objects (GPOs) for a domain.
Dcpromo Installs and removes Active Directory Domain Services (AD DS). (Preferred method is Server Manager, but dcpromo should be used for RODC’s and Server core)
Defrag Locates and consolidates fragmented files on local volumes to improve system performance.
Del Deletes one or more files. This command is the same as the erase command.
Dfscmd Configures DFS folders and folder targets in a DFS namespace.
Dfsrmig The dfsrmig command migrates SYSVOL replication from File Replication Service (FRS) to Distributed File System (DFS) Replication, provides information about the progress of the migration, and modifies Active Directory Domain Services (AD DS) objects to support the migration.
Diantz This command is the same as the makecab command.
Dir Displays a list of a directory’s files and subdirectories. If used without parameters, dir displays the disk’s volume label and serial number, followed by a list of directories and files on the disk (including their names and the date and time each was last modified). For files, dir displays the name extension and the size in bytes. Dir also displays the total number of files and directories listed, their cumulative size, and the free space (in bytes) remaining on the disk.
Dirquota The dirquota command-line tool is installed with File Server Resource Manager and includes subcommands for creating and managing quotas, auto apply quotas, and quota templates, as well as configuring general administrative options for working with quotas.
Diskcomp Compares the contents of two floppy disks. If used without parameters, diskcomp uses the current drive to compare both disks.
Diskcopy Copies the contents of the floppy disk in the source drive to a formatted or unformatted floppy disk in the destination drive. If used without parameters, diskcopy uses the current drive for the source disk and the destination disk.
Diskedit diskedit has been deprecated since Windows Server 2003 – not available in Windows Server 2012
DiskPart diskpart is a text-mode command interpreter that enables you to manage objects (disks, partitions, volumes, or virtual hard disks) by using scripts or direct input from a command prompt.
Diskperf diskperf is used to enable or disable physical and logical disk performance counters in Windows 2000 systems.
DiskRAID DiskRAID is a command-line tool that enables you to configure and manage redundant array of independent (or inexpensive) disks (RAID) storage subsystems.
Diskshadow DiskShadow is a tool that exposes the functionality offered by the Volume Shadow Copy Service (VSS). By default, DiskShadow uses an interactive command interpreter similar to that of DiskRAID or DiskPart. DiskShadow also includes a scriptable mode.
Dispdiag Logs display information to a file.
Djoin Provisions a computer account in a domain and requests an offline domain join when a computer restarts.
Dnscmd A command-line interface for managing DNS servers. This utility is useful in scripting batch files to help automate routine DNS management tasks, or to perform simple unattended setup and configuration of new DNS servers on your network.
Doskey Calls Doskey.exe (which recalls previously entered command-line commands), edits command lines, and creates macros.
Driverquery Enables an administrator to display a list of installed device drivers and their properties. If used without parameters, driverquery runs on the local computer.
Dsacls Displays and changes permissions (access control entries) in the access control list (ACL) of objects in Active Directory Domain Services (AD DS).
Dsadd Adds specific types of objects to the directory.
Dsamain Exposes Active Directory data that is stored in a snapshot or backup as a Lightweight Directory Access Protocol (LDAP) server.
Dsdbutil Performs database maintenance of the Active Directory Domain Services (AD DS) store, facilitates configuration of Active Directory Lightweight Directory Services (AD LDS) communication ports, and views AD LDS instances that are installed on a computer.
Dsget Displays the selected properties of a specific object in the directory.
Dsmgmt Facilitates managing Active Directory Lightweight Directory Services (AD LDS) application partitions, managing and controlling flexible single master operations (FSMO), and cleaning up metadata that is left behind by abandoned Active Directory domain controllers and AD LDS instances. (Abandoned domain controllers and AD LDS instances are those that are removed from the network without being uninstalled.)
Dsmod Modifies an existing object of a specific type in the directory.
Dsmove Moves a single object, within a domain, from its current location in the directory to a new location, or renames a single object without moving it in the directory tree.
Dsquery Queries the directory by using search criteria that you specify. Each of the dsquery commands finds objects of a specific object type, with the exception of dsquery *, which can query for any type of object.
Dsrm Deletes an object of a specific type or any general object from the directory.
E  Back to the menu
Echo Displays messages or turns on or off the command echoing feature. If used without parameters, echo displays the current echo setting.
Edit Starts MS-DOS Editor, which creates and changes ASCII text files.
Endlocal Ends localization of environment changes in a batch file, and restores environment variables to their values before the corresponding setlocal command was run.
Erase This command is the same as the del command. See Del for syntax and parameters.
Eventcreate Enables an administrator to create a custom event in a specified event log.
Eventquery.vbs Eventquery.vbs is deprecated, and is not guaranteed to be supported in future releases of Windows.
Eventtriggers Eventtriggers is deprecated, and is not guaranteed to be supported in future releases of Windows.
Evntcmd Configures the translation of events to traps, trap destinations, or both based on information in a configuration file.
Exit Exits the Cmd.exe program (the command interpreter) or the current batch script.
Expand Expands one or more compressed files. You can use this command to retrieve compressed files from distribution disks.
Extract Extract is deprecated and is no longer part of Windows Server
F  Back to the menu
Fc Compares two files or sets of files and displays the differences between them.
Filescrn The filescrn command is installed with File Server Resource Manager and includes subcommands for creating and managing file groups, file screens, file screen exceptions, and file screen templates, and for configuring general administrative options for screening files.
Find Searches for a string of text in a file or files, and displays lines of text that contain the specified string.
Findstr Searches for patterns of text in files.
Finger Displays information about a user or users on a specified remote computer (typically a computer running UNIX) that is running the Finger service or daemon. The remote computer specifies the format and output of the user information display. Used without parameters, finger displays help.
Flattemp Enables or disables flat temporary folders.
Fondue Enables Windows optional features by downloading required files from Windows Update or another source specified by Group Policy. The manifest file for the feature must already be installed in your Windows image.
For Runs a specified command for each file in a set of files.
Forfiles Selects and executes a command on a file or set of files. This command is useful for batch processing.
Format Formats a disk to accept Windows files.
Freedisk Checks to see if the specified amount of disk space is available before continuing with an installation process.
Fsutil Performs tasks that are related to file allocation table (FAT) and NTFS file systems, such as managing reparse points, managing sparse files, or dismounting a volume. If it is used without parameters, fsutil displays a list of supported subcommands.
Ftp Transfers files to and from a computer running a File Transfer Protocol (FTP) server service. Ftp can be used interactively or in batch mode by processing ASCII text files.
Ftype Displays or modifies file types that are used in file name extension associations. If used without an assignment operator (=), ftype displays the current open command string for the specified file type. If used without parameters, ftype displays the file types that have open command strings defined.
Fveupdate Fveupdate is deprecated, and is not guaranteed to be supported in future releases of Windows.
G  Back to the menu
Getmac Returns the media access control (MAC) address and list of network protocols associated with each address for all network cards in each computer, either locally or across a network.
Gettype Gettype is deprecated, and is not guaranteed to be supported in future releases of Windows.
Goto Directs cmd.exe to a labeled line in a batch program. Within a batch program, goto directs command processing to a line that is identified by a label. When the label is found, processing continues starting with the commands that begin on the next line.
Gpfixup Fix domain name dependencies in Group Policy Objects and Group Policy links after a domain rename operation.
Gpresult Displays the Resultant Set of Policy (RSoP) information for a remote user and computer.
Gpupdate Updates Group Policy settings.
Graftabl Enables Windows operating systems to display an extended character set in graphics mode. If used without parameters, graftabl displays the previous and the current code page.
H  Back to the menu
Hashgen Creates or deletes BranchCache content information, also called hashes, for the content in the specified directory on a BranchCache-capable file server.
Help Provides online information about system commands (that is, non-network commands). If used without parameters, help lists and briefly describes every system command.
Helpctr Helpctr is deprecated, and is not guaranteed to be supported in future releases of Windows.
Hostname Displays the host name portion of the full computer name of the computer.
I  Back to the menu
Icacls Displays or modifies discretionary access control lists (DACLs) on specified files, and applies stored DACLs to files in specified directories.
If Performs conditional processing in batch programs.
Inuse Inuse is deprecated, and is not guaranteed to be supported in future releases of Windows.
Ipconfig Displays all current TCP/IP network configuration values and refreshes Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) settings. Used without parameters, ipconfig displays Internet Protocol version 4 (IPv4) and IPv6 addresses, subnet mask, and default gateway for all adapters.
Ipxroute Displays and modifies information about the routing tables used by the IPX protocol. Used without parameters,  ipxroute displays the default settings for packets that are sent to unknown, broadcast, and multicast addresses.
Irftp Sends files over an infrared link.
Ismserv This service enables messages to be exchanged between computers running Windows Server sites. This service is used for mail-based replication between sites. Active Directory includes support for replication between sites by using SMTP over IP transport. SMTP support is provided by the SMTP service, which is a component of IIS. The set of transports used for communication between sites must be extensible; therefore, each transport is defined in a separate add-in dynamic link library (DLL). These add-in DLLs are loaded into the ISM service, which runs on all domain controllers that are candidates for performing communication between sites. The ISM service directs send requests and receive requests to the appropriate transport add-in DLLs, which then route the messages to the ISM service on the destination computer.
J  Back to the menu
Jetpack Compacts a Windows Internet Name Service (WINS) or Dynamic Host Configuration Protocol (DHCP) database. Microsoft recommends that you compact the WINS database whenever it approaches 30 MB.
K  Back to the menu
Klist Displays a list of currently cached Kerberos tickets. This information applies to Windows Server 2012.
Ksetup Performs tasks that are related to setting up and maintaining Kerberos protocol and the Key Distribution Center (KDC) to support Kerberos realms, which are not also Windows domains. For examples of how this command can be used, see the Examples section in each of the related subtopics.
Ktmutil Starts the Kernel Transaction Manager utility. If used without parameters, ktmutil displays available subcommands.
Ktpass Configures the server principal name for the host or service in Active Directory Domain Services (AD DS) and generates a .keytab file that contains the shared secret key of the service. The .keytab file is based on the Massachusetts Institute of Technology (MIT) implementation of the Kerberos authentication protocol. The Ktpass command-line tool allows non-Windows services that support Kerberos authentication to use the interoperability features provided by the Kerberos Key Distribution Center (KDC) service in Windows Server 2008 R2.
L  Back to the menu
Label Creates, changes, or deletes the volume label (that is, the name) of a disk. If used without parameters, the label command changes the current volume label or deletes the existing label.
Ldifde Creates, modifies, and deletes directory objects. You can also use ldifde to extend the schema, export Active Directory user and group information to other applications or services, and populate Active Directory Domain Services (AD DS) with data from other directory services.
Ldp Performs operations such as connect, bind, search, modify, add, delete against any Lightweight Directory Access Protocol (LDAP)-compatible directory, such as Active Directory Domain Services (AD DS). Ldp is an LDAP client that you use to view objects that are stored in AD DS along with their metadata, such as security descriptors and replication metadata.
Lodctr Allows you to register or save performance counter name and registry settings in a file and designate trusted services.
Logman Logman creates and manages Event Trace Session and Performance logs and supports many functions of Performance Monitor from the command line.
Logoff Logs off a user from a session on a Remote Desktop Session Host (RD Session Host) server and deletes the session from the server.
Lpq Displays the status of a print queue on a computer running Line Printer Daemon (LPD).
Lpr Sends a file to a computer or printer sharing device running the Line Printer Daemon (LPD) service in preparation for printing.
M  Back to the menu
Macfile Manages File Server for Macintosh servers, volumes, directories, and files. You can automate administrative tasks by including a series of commands in batch files and starting them manually or at predetermined times.
Makecab Package existing files into a cabinet (.cab) file.
Manage-bde Used to turn on or turn off BitLocker, specify unlock mechanisms, update recovery methods, and unlock BitLocker-protected data drives. This command-line tool can be used in place of the BitLocker Drive Encryption Control Panel item.
mapadmin You can use Mapadmin to manage User Name Mapping for Microsoft Services for Network File System.
Md Creates a directory or subdirectory. This command is the same as the mkdir command.
Mkdir This command is the same as the md command. See Md for syntax and parameters.
Mklink Creates a symbolic link.
Mmc Using MMC command-line options, you can open a specific MMC console, open MMC in author mode, or specify that the 32-bit or 64-bit version of MMC is opened.
Mode Displays system status, changes system settings, or reconfigures ports or devices. If used without parameters, mode displays all the controllable attributes of the console and the available COM devices.
More Displays one screen of output at a time.
Mount You can use mount to mount Network File System (NFS) network shares.
Mountvol Creates, deletes, or lists a volume mount point.
Move Moves one or more files from one directory to another directory.
Mqbkup Backs up MSMQ message files and registry settings to a storage device and restores previously-stored messages and settings.
Mqsvc Message Queuing technology enables applications running at different times to communicate across heterogeneous networks and systems that may be temporarily offline. Message Queuing provides guaranteed message delivery, efficient routing, security, and priority-based messaging. It can be used to implement solutions for both asynchronous and synchronous messaging scenarios.
Mqtgsvc Monitors a queue for incoming messages and performs an action, in the form of an executable file or COM component, when the rules of a trigger are evaluated as true.
Msdt Invokes a troubleshooting pack at the command line or as part of an automated script, and enables additional options without user input.
Msg Sends a message to a user on a Remote Desktop Session Host (RD Session Host) server.
Msiexec Provides the means to install, modify, and perform operations on Windows Installer from the command line.
Msinfo32 Opens the System Information tool to display a comprehensive view of the hardware, system components, and software environment on the local computer.
Mstsc Creates connections to Remote Desktop Session Host (RD Session Host) servers or other remote computers, edits an existing Remote Desktop Connection (.rdp) configuration file, and migrates legacy connection files that were created with Client Connection Manager to new .rdp connection files.
N  Back to the menu
Nbtstat Displays NetBIOS over TCP/IP (NetBT) protocol statistics, NetBIOS name tables for both the local computer and remote computers, and the NetBIOS name cache. Nbtstat allows a refresh of the NetBIOS name cache and the names registered with Windows Internet Name Service (WINS). Used without parameters, nbtstat displays help.
Net computer Adds or deletes a computer from a domain database.
Net group Adds, displays, or modifies global groups in domains.
Net localgroup Adds, displays, or modifies local groups. Used without parameters, net localgroup displays the name of the server and the names of local groups on the computer.
Net print Displays information about a specified printer queue or a specified print job, or controls a specified print job.
Net session Manages server computer connections. Used without parameters,  net session displays information about all sessions with the local computer.
Net share Manages shared resources. Used without parameters, net share displays information about all of the resources that are shared on the local computer. For each resource, the device name(s) or pathname(s) and a descriptive comment are displayed.
Net use Connects a computer to or disconnects a computer from a shared resource, or displays information about computer connections. The command also controls persistent net connections. Used without parameters, net use retrieves a list of network connections.
Net user Adds or modifies user accounts, or displays user account information.
Net view Displays a list of domains, computers, or resources that are being shared by the specified computer.  Used without parameters, net view displays a list of computers in your current domain.
Netcfg Installs the Windows Preinstallation Environment (WinPE), a lightweight version of Windows used to deploy workstations.
Netdiag The Netdiag command-line diagnostic tool helps to isolate networking and connectivity problems by performing a series of tests to determine the state of your network client. These tests and the key network status information that they expose give network administrators and support personnel a more direct means of identifying and isolating network problems. Moreover, because this tool does not require parameters or switches to be specified, support personnel and network administrators can focus on analyzing the output rather than on training users how to use the tool.
Netdom Enables administrators to manage Active Directory domains and trust relationships from the command prompt.
Netsh Netsh is a command-line scripting utility that allows you to, either locally or remotely, display or modify the network configuration of a currently running computer.
Netstat Displays active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, IPv4 statistics (for the IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols). Used without parameters, netstat displays active TCP connections.
Nfsadmin You can use nfsadmin to manage Server for NFS and Client for NFS.
Nfsshare You can use nfsshare to control Network File System (NFS) shares.
Nfsstat You can use nfsstat to display or reset counts of calls made to Server for NFS.
Nlb After you have installed and configured Network Load Balancing (NLB), you can control its operations and modify parameter settings using the NLB control program, nlb.exe. To simplify and centralize system administration, you can run nlb.exe either on the cluster hosts or on any remote computer running Windows Server 2008 that can access the cluster over a local or wide area network. However, certain actions, such as modifying parameters, can be performed only on the cluster hosts.
Nlbmgr Using Network Load Balancing Manager, you can configure and manage your Network Load Balancing clusters and all cluster hosts from a single computer, and you can also replicate the cluster configuration to other hosts. You can start Network Load Balancing Manager from the command-line using the command nlbmgr.exe, which is installed in the systemroot\System32 folder.
Nltest Performs network administrative tasks.
Nslookup Displays information that you can use to diagnose Domain Name System (DNS) infrastructure. Before using this tool, you should be familiar with how DNS works. The Nslookup command-line tool is available only if you have installed the TCP/IP protocol.
Ntbackup The ntbackup command is not available in Windows Vista or Windows Server 2008. Instead, you should use the wbadmin command and subcommands to back up and restore your computer and files from a command prompt.
Ntcmdprompt Runs the command interpreter Cmd.exe, rather than Command.com, after running a Terminate and Stay Resident (TSR) or after starting the command prompt from within an MS-DOS application.
Ntdsutil Ntdsutil.exe is a command-line tool that provides management facilities for Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS). You can use the ntdsutil commands to perform database maintenance of AD DS, manage and control single master operations, and remove metadata left behind by domain controllers that were removed from the network without being properly uninstalled. This tool is intended for use by experienced administrators.
Ntfrsutl Dumps the internal tables, thread, and memory information for the NT File Replication Service (NTFRS). It runs against local and remote servers. The recovery setting for NTFRS in Service Control Manager (SCM) can be critical to locating and keeping important log events on the computer. This tool provides a convenient method of reviewing those settings.
O  Back to the menu
Openfiles Enables an administrator to query, display, or disconnect files and directories that have been opened on a system. Also enables or disables the system Maintain Objects List global flag.
P  Back to the menu
Pagefileconfig.vbs Pagefileconfig.vbs is deprecated, and is not guaranteed to be supported in future releases of Windows.
Path Sets the command path in the PATH environment variable (the set of directories used to search for executable files). If used without parameters, path displays the current command path.
Pathping Provides information about network latency and network loss at intermediate hops between a source and destination. Pathping sends multiple Echo Request messages to each router between a source and destination over a period of time and then computes results based on the packets returned from each router. Because pathping displays the degree of packet loss at any given router or link, you can determine which routers or subnets might be having network problems. Pathping performs the equivalent of the tracert command by identifying which routers are on the path. It then sends pings periodically to all of the routers over a specified time period and computes statistics based on the number returned from each. Used without parameters, pathping displays help.
Pause Suspends the processing of a batch program and displays the following prompt.
Pbadmin Pbadmin is deprecated, and is not guaranteed to be supported in future releases of Windows.
Pentnt Pentnt is deprecated, and is not guaranteed to be supported in future releases of Windows.
Perfmon Start Windows Reliability and Performance Monitor in a specific standalone mode.
Ping Verifies IP-level connectivity to another TCP/IP computer by sending Internet Control Message Protocol (ICMP) Echo Request messages. The receipt of corresponding Echo Reply messages are displayed, along with round-trip times. Ping is the primary TCP/IP command used to troubleshoot connectivity, reachability, and name resolution. Used without parameters, ping displays help.
Pnpunattend Audits a computer for device drivers, and perform unattended driver installations, or search for drivers without installing and, optionally, report the results to the command line. Use this command to specify the installation of specific drivers for specific hardware devices.
Pnputil Pnputil.exe is a command line utility that you can use to manage the driver store. You can use Pnputil to add driver packages, remove driver packages, and list driver packages that are in the store.
Popd Changes the current directory to the directory that was most recently stored by the pushd command.
Powercfg Control power settings and configure computers to default to Hibernate or Standby modes.
PowerShell Windows PowerShell™ is a task-based command-line shell and scripting language designed especially for system administration. Built on the .NET Framework, Windows PowerShell helps IT professionals and power users control and automate the administration of the Windows operating system and applications that run on Windows.The PowerShell.exe command-line tool starts a Windows PowerShell session in a Command Prompt window. When you use PowerShell.exe, you can use its optional parameters to customize the session. For example, you can start a session that uses a particular execution policy or one that excludes a Windows PowerShell profile. Otherwise, the session is the same as any session that is started in the Windows PowerShell console.
PowerShell_Ise Windows PowerShell Integrated Scripting Environment (ISE) is a graphical host application that enables you to read, write, run, debug, and test scripts and modules in a graphic-assisted environment. Key features such as IntelliSense, Show-Command, snippets, tab completion, syntax-coloring, visual debugging, and context-sensitive Help provide a rich scripting experience.
Print Sends a text file to a printer.
Prncnfg.vbs Configures or displays configuration information about a printer.
Prndrvr.vbs Adds, deletes, and lists printer drivers.
Prnjobs.vbs Pauses, resumes, cancels, and lists print jobs.
Prnmngr.vbs Adds, deletes, and lists printers or printer connections, in addition to setting and displaying the default printer.
Prnport.vbs Creates, deletes, and lists standard TCP/IP printer ports, in addition to displaying and changing port configuration.
Prnqctl.vbs Prints a test page, pauses or resumes a printer, and clears a printer queue.
Prompt Changes the Cmd.exe command prompt. If used without parameters, prompt resets the command prompt to the default setting, which is the current drive letter and directory followed by the greater than symbol (>).
Pubprn.vbs Publishes a printer to the Active Directory Domain Services.
Pushd Stores the current directory for use by the popd command, and then changes to the specified directory.
Pushprinterconnections Reads Deployed Printer Connection settings from Group Policy, and deploys/removes printer connections as needed.
Q  Back to the menu
Qappsrv Displays a list of all Remote Desktop Session Host (RD Session Host) servers on the network.
Qprocess Displays information about processes that are running on a Remote Desktop Session Host (RD Session Host) server.
Query Displays information about processes, sessions, and Remote Desktop Session Host (RD Session Host) servers.
Quser Displays information about user sessions on a Remote Desktop Session Host (RD Session Host) server.
Qwinsta Displays information about sessions on a Remote Desktop Session Host (RD Session Host) server.
R  Back to the menu
Rasdial Connects or disconnects a dial-up or virtual private network (VPN) connection. When you run the command without parameters, the status of current network connections is displayed.
Rcp Copies files between computers. This command has been deprecated.
Rd Deletes a directory. This command is the same as the rmdir command.
Rdpsign Enables you to digitally sign a Remote Desktop Protocol (.rdp) file.
Reagentc Configures the Windows Recovery Environment (Windows RE) and enables image recovery solutions.
Recover Recovers readable information from a bad or defective disk.
Redircmp Redirects the default container for newly created computers to a specified, target organizational unit (OU) so that newly created computer objects are created in the specific target OU instead of in CN=Computers.
Redirusr Redirects the default container for newly created users to a specified, target organizational unit (OU) so that newly created user objects are created in the specific target OU instead of in CN=Users.
Reg Performs operations on registry subkey information and values in registry entries.
Regini Modifies the registry from the command line or a script, and applies changes that were preset in one or more text files. You can create, modify, or delete registry keys, in addition to modifying the permissions on the registry keys.
Regsvr32 Registers .dll files as command components in the registry.
Relog Extracts performance counters from performance counter logs into other formats, such as text-TSV (for tab-delimited text), text-CSV (for comma-delimited text), binary-BIN, or SQL.
Rem Records comments (remarks) in a batch file or CONFIG.SYS. If no comment is specified, rem adds vertical spacing.
Ren Renames files or directories. This command is the same as the rename command.
Rename This is the same as the ren command.
Rendom Rendom.exe is a command-line tool that is used to rename Active Directory domains. A domain rename is a complex operation that also requires other tools and processes in addition to using Rendom.exe.
Repadmin Repadmin.exe helps administrators diagnose Active Directory replication problems between domain controllers running Microsoft Windows operating systems.
Repair-bde Accesses encrypted data on a severely damaged hard disk if the drive was encrypted by using BitLocker. Repair-bde can reconstruct critical parts of the drive and salvage recoverable data as long as a valid recovery password or recovery key is used to decrypt the data.
Replace Replaces files. If used with the /a option, replace adds new files to a directory instead of replacing existing files.
Reset session Enables you to reset (delete) a session on a Remote Desktop Session Host (RD Session Host) server.
Rexec Rexec is deprecated, and is not guaranteed to be supported in future releases of Windows.
Risetup The risetup command is deprecated in Windows Server® 2008 and Windows Server 2008 R2.
Rmdir This command is the same as the rd command. See Rd for syntax and parameters.
Robocopy Advanced filecopy
Route Displays and modifies the entries in the local IP routing table.
Rpcinfo Lists programs on remote computers. The rpcinfo command-line utility makes a remote procedure call (RPC) to an RPC server and reports what it finds.
Rpcping Confirms the RPC connectivity between the computer running Microsoft Exchange Server and any of the supported Microsoft Exchange Client workstations on the network. This utility can be used to check if the Microsoft Exchange Server services are responding to RPC requests from the client workstations via the network.
Rsh This command has been deprecated. Runs commands on remote computers running the RSH service or daemon.
Rsm Manages media resources using Removable Storage. Using the rsm command, you can run batch scripts for applications that do not currently support the Removable Storage API.
Rss Manages Remote Storage from the command line. Using the rss command, you can run batch scripts for applications that will allow them to access Remote Storage directly.
Runas Allows a user to run specific tools and programs with different permissions than the user’s current logon provides.
Rundll32 Loads and runs 32-bit dynamic-link libraries (DLLs). There are no configurable settings for Rundll32.
Rwinsta Enables you to reset (delete) a session on a Remote Desktop Session Host (RD Session Host) server.
S  Back to the menu
Sc Communicates with the Service Controller and installed services. The SC.exe program provides capabilities similar to those provided in Services in the Control Panel.
Schtasks Schedules commands and programs to run periodically or at a specific time. Adds and removes tasks from the schedule, starts and stops tasks on demand, and displays and changes scheduled tasks.
Scwcmd Command line-tool used to perform Security Configuration Wizard tasks.
Secedit Configures and analyzes system security by comparing your current configuration to specified security templates.
Serverceipoptin Allows you to participate in the Customer Experience Improvement Program (CEIP).
Servermanagercmd Servermanagercmd.exe has been deprecated, and is not available in Windows Server 2012.
Serverweroptin Allows you to enable error reporting.
Set Displays, sets, or removes CMD.EXE environment variables. If used without parameters, set displays the current environment variable settings.
Setlocal Starts localization of environment variables in a batch file. Localization continues until a matching endlocal command is encountered or the end of the batch file is reached.
Setspn Reads, modifies, and deletes the Service Principal Names (SPN) directory property for an Active Directory service account. You use SPNs to locate a target principal name for running a service. You can use setspn to view the current SPNs, reset the account’s default SPNs, and add or delete supplemental SPNs.
Setx Creates or modifies environment variables in the user or system environment, without requiring programming or scripting. The Setx command also retrieves the values of registry keys and writes them to text files.
Sfc Scans and verifies the integrity of all protected system files and replaces incorrect versions with correct versions.
Shadow Enables you to remotely control an active session of another user on a Remote Desktop Session Host (RD Session Host) server.
Shift Changes the position of batch parameters in a batch file.
Showmount You can use showmount to display mounted directories.
Shutdown Enables you to shut down or restart local or remote computers one at a time.
Sort Reads input, sorts data, and writes the results to the screen, to a file, or to another device.
Start Starts a separate Command Prompt window to run a specified program or command.
Storrept The storrept command is installed with File Server Resource Manager and includes subcommands for creating and managing storage reports and storage report tasks, as well as for configuring general administrative options for File Server Resource Manager.
Subst Associates a path with a drive letter. If used without parameters, subst displays the names of the virtual drives in effect.
Sxstrace Diagnoses side-by-side problems.
Sysocmgr Sysocmgr is deprecated, and is not guaranteed to be supported in future releases of Windows.
Systeminfo Displays detailed configuration information about a computer and its operating system, including operating system configuration, security information, product ID, and hardware properties (such as RAM, disk space, and network cards).
T  Back to the menu
Takeown Enables an administrator to recover access to a file that previously was denied, by making the administrator the owner of the file.
Tapicfg Creates, removes, or displays a TAPI application directory partition, or sets a default TAPI application directory partition. TAPI 3.1 clients can use the information in this application directory partition with the directory service locator service to find and communicate with TAPI directories.You can also use Tapicfg to create or remove service connection points, which enable TAPI clients to efficiently locate TAPI application directory partitions in a domain.
Taskkill Ends one or more tasks or processes. Processes can be ended by process ID or image name. Taskkill replaces the kill tool.
Tasklist Displays a list of currently running processes on the local computer or on a remote computer. Tasklist replaces the tlist tool.
Tcmsetup Sets up or disables the TAPI client.
Telnet Communicates with a computer running the Telnet Server service.
Tftp Transfers files to and from a remote computer, typically a computer running UNIX, that is running the Trivial File Transfer Protocol (TFTP) service or daemon.
Time Displays or sets the system time. If used without parameters, time displays the current system time and prompts you to enter a new time.
Timeout Pauses the command processor for the specified number of seconds.
Title Creates a title for the Command Prompt window.
Tlntadmn Administers a local or remote computer that is running the Telnet Server Service.
Tracerpt The tracerpt command can be used to parse Event Trace Logs, log files generated by Performance Monitor, and real-time Event Trace providers. It generates dump files, report files, and report schemas.
Tracert Determines the path taken to a destination by sending Internet Control Message Protocol (ICMP) Echo Request or ICMPv6 messages to the destination with incrementally increasing Time to Live (TTL) field values. The path displayed is the list of near/side router interfaces of the routers in the path between a source host and a destination. The near/side interface is the interface of the router that is closest to the sending host in the path.
Tree Displays the directory structure of a path or of the disk in a drive graphically.
Tscon Connects to another session on a Remote Desktop Session Host (RD Session Host) server.
Tsdiscon Disconnects a session from a Remote Desktop Session Host (RD Session Host) server.
Tsecimp Imports assignment information from an Extensible Markup Language (XML) file into the TAPI server security file (Tsec.ini). You can also use this command to display the list of TAPI providers and the lines devices associated with each of them, validate the structure of the XML file without importing the contents, and check domain membership.
Tskill Ends a process running in a session on a Remote Desktop Session Host (RD Session Host) server.
Tsprof Copies the Remote Desktop Services user configuration information from one user to another.
Type Displays the contents of a text file. Use the type command to view a text file without modifying it.
Typeperf The typeperf command writes performance data to the command window or to a log file. To stop typeperf, press CTRL+C.
Tzutil Displays the Windows Time Zone Utility.
U  Back to the menu
Uddiconfig Saves Universal Description, Discovery, and Integration (UDDI) configuration settings to an XML file.
Umount You can use Umount to remove Network File System (NFS)–mounted drives.
Unlodctr Removes Performance counter names and Explain text for a service or device driver from the system registry.
V W  Back to the menu
W32tm You can use the W32tm.exe tool to configure Windows Time service (W32time) settings. You can also use W32tm.exe to diagnose problems with the time service. W32tm.exe is the preferred command-line tool for configuring, monitoring, or troubleshooting the Windows Time service.
Waitfor Sends or waits for a signal on a system. Waitfor is used to synchronize computers across a network.
Wbadmin Enables you to back up and restore your operating system, volumes, files, folders, and applications from a command prompt.
Wdsutil WDSUTIL is a command-line utility used for managing your Windows Deployment Services server.
Wecutil Enables you to create and manage subscriptions to events that are forwarded from remote computers, which support WS-Management protocol.
Ver Displays the operating system version number.
Verifier Driver verifier manager.
Verify Tells cmd whether to verify that your files are written correctly to a disk. If used without parameters, verify displays the current setting.
Wevtutil Enables you to retrieve information about event logs and publishers. You can also use this command to install and uninstall event manifests, to run queries, and to export, archive, and clear logs.
Where Displays the location of files that match the given search pattern.
Whoami Displays user, group and privileges information for the user who is currently logged on to the local system. If used without parameters, whoami displays the current domain and user name.
Winnt Winnt is deprecated, and is not guaranteed to be supported in future releases of Windows.
Winnt32 Winnt32 is deprecated, and is not guaranteed to be supported in future releases of Windows.
Winpop Winpop is deprecated, and is not guaranteed to be supported in future releases of Windows.
Winrs Windows Remote Management allows you to manage and execute programs remotely.
Winsat winsat assesses various features, capabilities, and attributes of a computer running Windows Vista®.
Wlbs The Wlbs command has been replaced by Nlb.exe. For more information, see Nlb
Wmic Displays WMI information inside an interactive command shell.
Vol Displays the disk volume label and serial number, if they exist.  If used without parameters, vol displays information for the current drive.
Wscript Windows Script Host provides an environment in which users can execute scripts in a variety of languages, languages that use a variety of object models to perform tasks.
Vssadmin Displays current volume shadow copy backups and all installed shadow copy writers and providers.
X  Back to the menu
Xcopy Copies files and directories, including subdirectories
Y  Back to the menu
Z  Back to the menu


Thats it, and thats that!

References

Windows Server 2012 Command-Line Reference
http://technet.microsoft.com/en-us/library/cc754340

Windows PowerShell Support for Windows Server 2012
http://technet.microsoft.com/en-us/library/hh801904.aspx

_________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn

How to disable IE Enhanced Security in Windows Server 2012


Have you seen this? Or similar in SharePoint 2010?

This is just a quick guide to disabling the setting that makes Internet Explorer unbarable in a labb or test environment. Often, you do use the browser on the lab, dev or test server to quickly verify functionality or in SharePoint, to access Central Administration web site and make the first initial configurations. When IE ESC is eneabled, you get popups all the time and you are asked to add every new url to the IE trusted sites zone.
So, on a dev, test or lab server, it is ok to disable it, at least if you ask me. As long as you are aware of what you are doing and that it after all does provide an extra layer of security.
At the end of this post, I have added what all the settings in IE ESC really does, one by one.

Updated 2013-02-06 – Added link menu



Server2012_Logo_small Disable IE ESC using the GUI – Graphical User Interface
powershell_logo_small Disable IE ESC using PowerShell
Server2012_Logo_small General Information about IE ESC




GUI – Graphical User Interface

The steps:

1. On the Windows Server 2012 server desktop, locate and start the Server Manager.

2. Select Local Server (The server you are currently on and the one that needs IE ESC turned off)

3. On the right side of the Server Manager, you will by default find the IE Enhanced Security Configuration Setting. (The default is On)

4. You have two settings that can be disabled, one only affects the Administrators and the other all users. The preferred method when testing (if for example SharePoint) is to use a non-admin account and if that is the case, disable the IEESC only for users. Using a local administrator account would cause an additional threat to security and it will also often not give you the required result in tests, since the administrator has permissions where a normal user do not.
Make your selection to Off for Administrators, Users or both.

5. In this example, I have selected to completely disable Internet Explorer Enhanced Security. When your seelction is made, click OK.

6. Back in the Server Manager, you will see that the setting has not changed at all. Press F5 to refresh the Server Manager and you wil see that it is changed to Off.

Done, open up a IE browser windows and try to access any internal site to test the setting, you will notice that you no longer are prompted in the same way.
Back to top



PowerShell

(Best I can do, if you know of any OOB CMDlets that does the trick, please drop a comment and let me know:
Put the code below in a textfile and save it with a ps1 extension i.e. Disable-IEESC.ps1
(This will disable both Administrator and User IE ESC)

function Disable-IEESC
{
$AdminKey = “HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}”
$UserKey = “HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}”
Set-ItemProperty -Path $AdminKey -Name “IsInstalled” -Value 0
Set-ItemProperty -Path $UserKey -Name “IsInstalled” -Value 0
Stop-Process -Name Explorer
Write-Host “IE Enhanced Security Configuration (ESC) has been disabled.” -ForegroundColor Green
}
Disable-IEESC
(You have to hit enter twice after pasting the script if you paste it directly into a PS prompt)
 
Powershell
Done!
Back to top



IEESC General Information

IMPORTANT! Do NOT disable IE ESC on any production servers or servers with live data on them, to disable IE ESC is to reduce the security and can potentially expose the server to attacks. By the way, on a production server: IE shall not be used at all!

More on IE ESC from Microsoft help:
(From Windows Server 2008R2 helkp, 2012 help leads to an empty web page!)

Internet Explorer Enhanced Security Configuration Overview

Windows Internet Explorer Enhanced Security Configuration (IE ESC) configures your server and Internet Explorer in a way that decreases the exposure of your server to potential attacks through Web content and application scripts. This is done by raising the default security levels on Internet Explorer security zones and changing the default settings.

Enabling or disabling IE ESC

IE ESC can be enabled or disabled by using Server Manager for members of the local Administrators group only or for all users that log on to the computer.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

Note:   If Internet Explorer is open when IE ESC is enabled or disabled, you must   restart Internet Explorer for the IE ESC changes to become active.
Note: IE ESC will   automatically be disabled if Terminal Services or Remote Desktop Services is   installed on a computer that has IE ESC enabled, but it can be enabled again   by using Server Manager.

Default settings for IE ESC

When IE ESC is enabled on Windows Server 2008 R2, the security levels for several built-in security zones are changed. The following describes these changes.

Internet
High
All Web sites are assigned to this zone by default. Web pages might not display as expected, and applications that require the Web browser might not work correctly because scripts, ActiveX controls, and file downloads have been disabled. If you trust an Internet Web site, you can add that site to the Trusted sites zone.

Trusted sites
Medium
This zone is for the Internet sites whose content you trust.

Local intranet
Medium-Low
When visiting Web sites on your organization’s intranet, you might be repeatedly prompted for credentials because IE ESC disables the automatic detection of intranet Web sites. To automatically send credentials to selected intranet sites, add those sites to the Local intranet zone. Additionally, access to scripts, executable files, and other files in a shared folder are restricted unless the shared folder is added to this zone.

Restricted sites
High
This zone contains sites that are not trusted, such as malicious Web sites.

Internet Explorer maintains two different lists of sites for the Trusted sites zone: one list when IE ESC is enabled and a separate list when it is disabled. When you add a Web site to the Trusted sites zone, you are adding it only to the list that is currently being used.

If you attempt to browse a Web site that uses scripting or ActiveX controls, Internet Explorer with IE ESC enabled will prompt you to consider adding the site to the Trusted sites zone. You should add the Web site to the Trusted sites zone only if you are sure that the Web site is trustworthy. If this prompt is disabled, it can be enabled again by selecting the Display enhanced security configuration dialog check box in the Advanced tab of the Internet Options dialog box. For more information about adding Web sites to Internet Explorer security zones, see Security zones: adding and removing websites (http://go.microsoft.com/fwlink/?LinkId=81287).

In addition to raising the default security level of each zone, IE ESC also adjusts Internet options to further reduce exposure to possible future security threats. These settings can be found on the Advanced tab of the Internet Options dialog box. The following describes the options that are changed when IE ESC is enabled.

Enable third-party browser extensions
Off
Disables Internet Explorer add-ons that might have been created by companies other than Microsoft.

Play sounds in Web pages
Off
Disables music and other sounds.

Play animations in Web pages
Off
Disables animations.

Check for server certificate revocation
On
Automatically checks a Web site’s certificate to determine if the certificate has been revoked.

Do not save encrypted pages to disk
On
Disables saving encrypted information in the Temporary Internet Files folder.

Empty Temporary Internet Files folder when browser is closed
On
Automatically clears the Temporary Internet Files folder when Internet Explorer is closed.

Warn if changing between secure and not secure mode
On
Displays a warning when a Web site is redirecting the browser from a Web site with security features implemented (HTTPS) to a Web site without security features implemented (HTTP).

The Internet Explorer home page location is changed when IE ESC is enabled or disabled. This change ensures that the home page will open without prompting the user to add it to the Trusted sites zone. This is done by changing the home page to an HTML file stored locally on the computer. If you want to change the home page when IE ESC is enabled, add this home page to the Trusted sites zone before making the change. The following lists the home page associated with each scenario.

IE ESC is enabled, and the user account is a member of the local Administrators group.
res://iesetup.dll/HardAdmin.htm

IE ESC is disabled, and the user account is a member of the local Administrators group.
res://iesetup.dll/SoftAdmin.htm

IE ESC is enabled, and the user account is not a member of the local Administrators group.
res://iesetup.dll/HardUser.htm

Note: If Internet Explorer   is customized by using the Internet Explorer Administration Kit, the home   page is not changed to one of the IE ESC home pages listed in the table when   IE ESC is enabled or disabled.

Caution

These changes reduce the functionality in Web pages, Web-based applications, local network resources, and applications that use a browser to display Help, support, and general user assistance.

When IE ESC is enabled, the following Web sites are added to the appropriate security zones:
The Windows Update and Windows Error Reporting Web sites are added to the Trusted sites zone.
Http://localhost
https://localhost
hcp://system
are added to the Local intranet zone.

_________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn