November 9th, 2014 by JFrappier

Jonathan Frappier Virtxpert

So had a need to clone a vApp several times, I finally got around to automating thanks again to PowerCLI.  A few things I had to consider; with the New-VApp cmdlet you cannot select portgroups so I had to do that after the vApp was clone and also needed to put the vApp into a specific folder after it was clone.  Otherwise, it was actually kind of easy to figure out based on what I needed to accomplish.  Here it is, in case you need to accomplish it as well :)

#Get vApp names and port groups
$CSVfile = "c:adminscriptsehc_vapps.csv"

# Set PowerCLI Options
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false | Out-Null

$EHC_vApps = Import-Csv -Path $CSVfile
ForEach ($EHC_vApp in $EHC_vApps)
#Creates new vApp
New-VApp -Name $ -Datastore $EHC_vApp.datastore -Location $EHC_vApp.cluster -VApp $EHC_vApp.template

#Get list of vApp VMs to set network card
$vApp_vms = Get-VApp $ | Get-VM
ForEach ($vApp_vm in $vApp_vms)
Get-VM -Location $ $vApp_vm | Get-NetworkAdapter | Set-NetworkAdapter -Portgroup $EHC_vApp.portgroup -Confirm:$false

#Move vApp to StudentPod folder
Move-VApp -Destination $EHC_vApp.folder -VApp $

PowerCLI to Clone a vApp

Posted in Tech Tagged with: , , , , , , , , , , , , , , ,

July 3rd, 2014 by JFrappier

Jonathan Frappier Virtxpert

I needed to setup various service accounts ( user account objects to run various applications and services for testing in my lab, after the 3rd right click >> New >> User I said to one of the many voices in my head – HEY SCRIPT THAT!

So, here it is, simple, basic, easy to edit.  I probably should change this to take input from a CSV file… and I probably will when I start typing service account names wrong.  Currently the OU path is hard coded, I hate typing that and I always put them in the same spot (again quick and dirty so don’t judge – it gets the job done!)

  • Prompts for a password to be used for all accounts created
  • Prompts for a list a service account names to be created
  • Loops though and creates all accounts entered, sets the password and enables the account.

Yes it is indented properly IRL, blame WordPress for the lack of indents here :)




#Generic script to bulk create AD accounts. Prompts for service accounts and password to be used on all accounts.
#If need be, can be modified to created groups and add user accounts to groups.

#OU Path Variable, change to your desired location
$oupath = "OU=serviceaccounts,DC=lab2,DC=local"
$pw=(Read-Host "Enter the password (will be used for all accounts)")

#Get service account names
$svcaccts = @()
$input = (Read-Host "Enter service account name & press enter (no value and enter to end)")
if ($input -ne '') {$svcaccts += $input}
until ($input -eq '')

ForEach ($svcacct in $svcaccts)
#Creates new account
New-ADUser -Name $svcacct -Path $oupath -CannotChangePassword $true -PasswordNeverExpires $true

#Sets account password
Set-ADAccountPassword -Identity $svcacct -NewPassword (ConvertTo-SecureString -AsPlainText $pw -Force)

#Enable account
Enable-ADAccount -Identity $svcacct

Quick and dirty PowerShell AD account creation script

Posted in Tech Tagged with: , , , , , , , , ,

May 6th, 2013 by JFrappier

This is not something I wrote, but much like the person who created the script was faced with a question today on how to determine when an AD account password will expire.  I had been using a VB script but it relies on manual input to determine what the password expiration policy is set to, this PowerShell script reads from either the default domain policy or the fine grained password policy to determine this.

Here you can see the results of the script before and after updating the policy from 42 to 120.



Link to the script and more information on it can be found here, or the script itself below.  And thanks “Swami” for sharing.


function Get-XADUserPasswordExpirationDate() {

    Param ([Parameter(Mandatory=$true,  Position=0,  ValueFromPipeline=$true, HelpMessage="Identity of the Account")]

    [Object] $accountIdentity)


        $accountObj = Get-ADUser $accountIdentity -properties PasswordExpired, PasswordNeverExpires, PasswordLastSet

        if ($accountObj.PasswordExpired) {

            echo ("Password of account: " + $accountObj.Name + " already expired!")

        } else { 

            if ($accountObj.PasswordNeverExpires) {

                echo ("Password of account: " + $accountObj.Name + " is set to never expires!")

            } else {

                $passwordSetDate = $accountObj.PasswordLastSet

                if ($passwordSetDate -eq $null) {

                    echo ("Password of account: " + $accountObj.Name + " has never been set!")

                }  else {

                    $maxPasswordAgeTimeSpan = $null

                    $dfl = (get-addomain).DomainMode

                    if ($dfl -ge 3) { 

                        ## Greater than Windows2008 domain functional level

                        $accountFGPP = Get-ADUserResultantPasswordPolicy $accountObj

                        if ($accountFGPP -ne $null) {

                            $maxPasswordAgeTimeSpan = $accountFGPP.MaxPasswordAge

                        } else {

                            $maxPasswordAgeTimeSpan = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge


                    } else {

                        $maxPasswordAgeTimeSpan = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge


                    if ($maxPasswordAgeTimeSpan -eq $null -or $maxPasswordAgeTimeSpan.TotalMilliseconds -eq 0) {

                        echo ("MaxPasswordAge is not set for the domain or is set to zero!")

                    } else {

                        echo ("Password of account: " + $accountObj.Name + " expires on: " + ($passwordSetDate + $maxPasswordAgeTimeSpan))







Posted in Tech Tagged with: , , , , ,