Monitor Membership of Domain Groups with PowerShell

Let me start this one off by saying this is not an optimal solution, but in a pinch it gets the job done.  Also, I kind of rushed this so there is a lot of code and it could definitely be shortened up if so desired.

Now that that is out of the way, the following script monitors groups that you wish monitor on a white list basis.  This means it requires a lot of upkeep if you are in a rapidly changing environment, but luckily I am not.  It is quite simple to add groups should you need to so that’s a plus.  In the event of someone being added to one of the groups that isn’t on the corresponding white list, you will get an email notification.  I just deploy the script as a scheduled task that runs every hour.  Simple but effective.



Disable/Delete Computer Accounts Where LastLogon Older Than 6 Months/1 Year

Been doing some AD clean up lately and I wanted to automate the process for stagnant computer accounts.  To do so I wrote two PowerShell scripts that I run once a month as a scheduled task.  As you’ll see below, I did need to exclude a few machines that have a certain naming standard.

Disable Computer Account with LastLogon Older Than 6 Months:

Delete Computer Account with LastLogon Older Than 1 Year:


Upgrade VMware ESXi 6.0 Update 3 to 6.5 Update 1 with Update Manager

Update 1 for VMware ESXi has been out for a couple months now with no major issues, so we decided it was finally time to make the jump from ESXi 6.0 Update 3 to ESXi 6.5 Update 1.  I accomplished this using Update Manager in vCenter as described in the following steps.

1.)  Navigate to the first host you wish to upgrade and select the Update Manager tab.  Here confirm that you are compliant with the Critical Host Patches (Predefined) baseline.  If you’re not, I would suggest getting all of your patches installed prior to upgrade.  Probably not necessary, but it gives me that warm and fuzzy feeling.

2.)  Once you have that under control we will need to upload the actual ESXi ISO for the update.  We can’t do this where we are currently, so select the Go to Admin View on the top right.

3.)  Select the Manage tab, then select ESXi Images, and finally click Import ESXi Image…

4.)  Once you have your ESXi Image uploaded, select the Host Baselines tab and select +New Baseline…

5.)  Give the baseline a name and description, select the Host Upgrade radio button, and select Next.

6.)  Select the ESXi image that you just uploaded and select Next.

7.)  You should see a little summary page.  Confirm your settings and select Finish.

8.)  Now that we have our baseline, we need to attach that baseline to the host we wish to upgrade.  Navigate out of the Admin View back to the Update Manager tab of the host you are upgrading and select the Attach Baseline… in the top right corner.

9.)  Select the upgrade baseline you just created and select OK.

10.)  Your host will now show that it is Non-Compliant because it does not meet the host upgrade baseline we just attached.  Select the Remediate… option in the top right to begin the upgrade process.

11.)  Select the baseline you created and select Next.

12.)  Select the host you wish to “remediate” (aka the host you want to upgrade) and select Next.

13.)  Accept the EULA and select Next.

14.)  On the Advanced Options menu you can choose to schedule the upgrade if you like.  When ready select Next.

15.)  On the Host remediation options page you have options for PXE booting, maintenance mode on failure settings, VM Power State, and so on.  Select what makes sense for you and select Next.

16.)  On the Cluster remediation options you have a number of options available to disable.  I disable FT and HA admission control, but choose what suites your environment and select Next.

17.)  Review the summary page and select Finish to get things started.


At this point, go grab some coffee and relax.  If you iLO or something similar you can watch your host reboot a couple times.  For my hardware this entire process took roughly 10 to 15 minutes.  Once you are back up, take your machine out of maintenance mode and you’re good to go!

List Group Members Whose User Accounts are in a Specific OU

Wanted to pull a list of users who were a part of a certain group last week, but I only wanted the group members that were located in a particular OU in AD.  I accomplished this with the following script:


Monitor DHCP Scope Available Addresses with PowerShell

Had an influx of folks come into the office last week and one of our DHCP Scopes actually almost ran out of available addresses (which I found out after the fact by chance).  This inspired me to make a quick PowerShell script deployed as a scheduled task to notify me when a scope is low on available addresses, as seen below:


WSUS Connection Error for Computer Groups – Unicode Character

When using the WSUS console, from time to time I will get the following error when selecting a particular Computer Group:

When copying the error out to notepad and reviewing, the key indicator for this issue is something along the lines of:

System.Xml.XmlException — ‘’, hexadecimal value 0x16, is an invalid character.

Upon seeing this I know that a unicode character in the database is at fault, so to the database I go.  If you have your database deployed using WID, see this post for connecting to it.  If you are working with a SQL database, make sure you are running the following queries against the “SUSDB” database.

Run the query found in the image below and copy/past the results to a notepad document.

Look for the unicode character(s) at fault.  It should look like what you see below:

Take note of the row number and run the following query where 3023 is the row with your unicode character:

Typically you will see the unicode character under the ComputerModel column and the BiosVersion Column will be Unknown.  Run the following query to clear the unicode character where 3023 is the row with your unicode character:

Next run the following query to get information about that computer object (hostname, IP, etc.) where 3023 is the row with your unicode character:

Go update the BIOS on that machine to the latest version to prevent the issue from reoccurring.