Ensure that your script works in next ...

Ilya Kalmykov

Posts: 10
Registered: 3/7/07

Ensure that your script works in next releases of ActiveRoles Powershell
Posted: Aug 29, 2007 2:50 AM

Hello,
We, dev team of ActiveRoles Powershell, are enlarging our script base for auto tests.
I encourage you to post in this thread your favourite scripts - for which you want to ensure that they work in next releses of ActiveRoles Powershell.
We will add these scripts to our script base for auto tests, it will run on each next release of ActiveRoles Powershell.

Dmitry Sotnikov

Posts: 1,151
Registered: 12/1/06

Re: Ensure that your script works in next releases of ActiveRoles Powershell
Posted: Aug 29, 2007 6:51 AM

in response to: Ilya Kalmykov

Reply

I would submit a few. Can you provide a sample? I assume these are for
the PowerGUI automated testing
(http://powergui.org/shares/powergui/sbin/docs/AutomatedTesting/PowerShe
ll-Automated-Software-Testing.html) and thus the format is PowerShell
code throwing an exception if the test is not passed. Here's a sample,
let me know if this is what you had in mind (adding numbers as IDs to
the script name):

0001-Create-Delete-User.ps1

# Create and then delete a user account in the Users container

# Check whether the account already exists
$user = Get-QADUser -Name AutotestUser01

if ($user -ne $null) {
throw "Account AutotestUser01 already exists"
}

# Create account - substitute the domain name for the one you have in
the lab
New-QADUser -Name AutotestUser01 -ParentContainer ps64.local/Users

$user = Get-QADUser -Name AutotestUser01

if ($user -eq $null) {
throw "Account creation failed"
}

# Delete the account
Remove-QADObject AutotestUser01 -Force

$user = Get-QADUser -Name AutotestUser01

if ($user -ne $null) {
throw "Account AutotestUser01 could not be deleted"
}

# End of test

Dmitry

Ilya Kalmykov

Posts: 10
Registered: 3/7/07

Re: Ensure that your script works in next releases of ActiveRoles Powershell
Posted: Aug 29, 2007 8:34 AM

in response to: Dmitry Sotnikov

Reply

I am OK with the format.
The sample is reasonable. We will add it to our auto tests.
For me the ideal scripts to add to auto tests will be scripts that does some specific, rather complex use-case.
Like this ones:

get-qaduser xyz* | set-qaduser -userpassword "$_.samaccountname"

Get-QADuser jsmith -SerializeValues | export-csv user.csv
import-csv user.csv | New-QADUser -ParentContainer MyDomain.lab.local/MyOU -DeserializeValues -Name importedUser
-LogonName importedUser -UserPassword 'P@ssw0rd'

Ilya Kalmykov

Posts: 10
Registered: 3/7/07

Re: Ensure that your script works in next releases of ActiveRoles Powershell
Posted: Aug 29, 2007 9:27 AM

in response to: Dmitry Sotnikov

Reply

Thank you for the script. We will add it to our auto tests.

It will be great to add more complex scripts, that performs some specific, rather complex use cases.

Like that:
get-qaduser xyz* | set-qaduser -userpassword "$_.samaccountname"

Export the user object to a CSV file. Then, import that user object from that file:
Get-QADuser jsmith -SerializeValues | export-csv user.csv
import-csv user.csv | New-QADUser -ParentContainer MyDomain.lab.local/MyOU -DeserializeValues -Name importedUser
-LogonName importedUser -UserPassword 'P@ssw0rd'

Dmitry Sotnikov

Posts: 1,151
Registered: 12/1/06

Re: Ensure that your script works in next releases of ActiveRoles Powershel
Posted: Aug 31, 2007 7:07 AM

in response to: Ilya Kalmykov

Reply

I think that the more test scripts we have - the better. Some might indeed be simple, some complex. Any script testing something is useful, and if we start asking for something complex we might just end up having less submissions. ;)

Dmitry Sotnikov

Posts: 1,151
Registered: 12/1/06

0002-Group-Membership.ps1
Posted: Aug 31, 2007 7:49 AM

in response to: Ilya Kalmykov

Reply

# 0002-Group-Membership.ps1

# Here's the one which is failing on 1.0.4 due to a couple of bugs:
# - members not added to groups in direct notation (without pipeline)
# - nested groups not reported by Get-QADGroupMember
# both to be fixed in 1.0.5

# Create a couple of groups and add a user and one of the groups into another

function ExistsInAD([string]$sName) {
$obj = Get-QADObject -Name $sName
($obj -ne $null)
}

# Check whether the accounts already exists
if (ExistsInAD("AutotestUser01")) { throw "Account AutotestUser01 already exists" }
if (ExistsInAD("AutotestGroupA")) { throw "Account AutotestGroupA already exists" }
if (ExistsInAD("AutotestGroupB")) { throw "Account AutotestGroupB already exists" }

# Create accounts

New-QADUser -Name AutotestUser01 -ParentContainer ps64.local/Users
New-QADGroup -Name AutotestGroupA -ParentContainer ps64.local/Users
New-QADGroup -Name AutotestGroupB -ParentContainer ps64.local/Users

# Add account directly
Add-QADGroupMember AutotestGroupA -Member AutotestUser01

# Add account via pipeline
Get-QADGroup AutotestGroupB | Add-QADGroupMember AutotestGroupA

# Test whether both got added
$members = [array] (Get-QADGroupMember AutotestGroupA)

if ($members.length -ne 2) {
throw "Members missing in AutotestGroupA group"
}

# Clean up
Remove-QADObject AutotestUser01 -Force
Remove-QADObject AutotestGroupA -Force
Remove-QADObject AutotestGroupB -Force

# Check whether the accounts already exists
if (ExistsInAD("AutotestUser01")) { throw "Account AutotestUser01 could not be deleted." }
if (ExistsInAD("AutotestGroupA")) { throw "Account AutotestGroupA could not be deleted." }
if (ExistsInAD("AutotestGroupB")) { throw "Account AutotestGroupB could not be deleted." }

Dmitry Sotnikov

Posts: 1,151
Registered: 12/1/06

0003-Rename-Move-User.ps1
Posted: Sep 4, 2007 6:09 AM

in response to: Ilya Kalmykov

Reply

# 0003-Rename-Move-User.ps1
#
# Create a few user accounts and OUs, then move and rename the accounts using both pipeline and direct cmdlets
#
# This one is failing on 1.0.4 due to a bug in pipelining into Rename-QADObject
#

[string]$domain = "ps64.local/"

function ExistsInAD([string]$sName) {
$obj = Get-QADObject -Name $sName
($obj -ne $null)
}

# Clean up Autotest* objects - useful when previous tests fail
Get-QADObject -Name Autotest* | Remove-QADObject -Force
if (ExistsInAD("Autotest*")) { throw "Autotest* accounts could not get deleted" }

# Create accounts
New-QADObject -Type OrganizationalUnit -Name AutotestOU -ParentContainer $domain
New-QADObject -Type OrganizationalUnit -Name Chicago -ParentContainer ($domain + "AutotestOU")
New-QADObject -Type OrganizationalUnit -Name Alabama -ParentContainer ($domain + "AutotestOU")
New-QADObject -Type OrganizationalUnit -Name Orlando -ParentContainer ($domain + "AutotestOU")

New-QADUser -Name AutotestUser01 -ParentContainer ($domain + "AutotestOU") -City Chicago
New-QADUser -Name AutotestUser02 -ParentContainer ($domain + "AutotestOU") -City Alabama
New-QADUser -Name AutotestUser03 -ParentContainer ($domain + "AutotestOU") -City Orlando
New-QADUser -Name AutotestUser04 -ParentContainer ($domain + "AutotestOU") -City Orlando

# Move accounts
Get-QADUser -City Orlando | Move-QADObject -to ($domain + "AutotestOU/Orlando")
Get-QADUser -City Alabama | Move-QADObject -to ($domain + "AutotestOU/Alabama")
Move-QADObject AutotestUser01 -to ($domain + "AutotestOU/Chicago")

# Check success
if ( (Get-QADObject ($domain + "AutotestOU/Chicago/AutotestUser01")) -eq $null ) { throw "User AutotestUser01 not moved" }
if ( (Get-QADObject ($domain + "AutotestOU/Alabama/AutotestUser02")) -eq $null ) { throw "User AutotestUser02 not moved" }
if ( (Get-QADObject ($domain + "AutotestOU/Orlando/AutotestUser03")) -eq $null ) { throw "User AutotestUser03 not moved" }
if ( (Get-QADObject ($domain + "AutotestOU/Orlando/AutotestUser04")) -eq $null ) { throw "User AutotestUser04 not moved" }

# Rename accounts
Rename-QADObject AutotestUser01 -NewName "AutotestUser01-Chicago"
Get-QADUser -City Orlando | Rename-QADObject -NewName ($_.Name + "-" + $_.City)
Get-QADUser -City Alabama | Rename-QADObject -NewName ($_.Name + "-" + $_.City)

# Check success
if ( (Get-QADObject AutotestUser01-Chicago) -eq $null ) { throw "User AutotestUser01 not renamed" }
if ( (Get-QADObject AutotestUser02-Alabama) -eq $null ) { throw "User AutotestUser02 not renamed" }
if ( (Get-QADObject AutotestUser03-Orlando) -eq $null ) { throw "User AutotestUser03 not renamed" }
if ( (Get-QADObject AutotestUser04-Orlando) -eq $null ) { throw "User AutotestUser04 not renamed" }

# Clean up
Get-QADUser -SearchRoot ($domain + "AutotestOU") | Remove-QADObject -Force
Get-QADObject -SearchRoot ($domain + "AutotestOU") -SearchScope OneLevel | Remove-QADObject -Force
Remove-QADObject ($domain + "AutotestOU") -Force
if (ExistsInAD("Autotest*")) { throw "Autotest* accounts could not get deleted" }

Dmitry Sotnikov

Posts: 1,151
Registered: 12/1/06

0000-Test-Coverage.ps1
Posted: Sep 5, 2007 6:17 AM

in response to: Ilya Kalmykov

Reply

# 0000-Test-Coverage.ps1
#
# Test whether all QAD* cmdlets are in the current test set
#

# Retrieve full list of cmdlets
$cmdlets = [array] (Get-Command -PSSnapin Quest.ActiveRoles.ADManagement)

# Copy it to hash table - we'll remove from the table the cmdlets as we find them in tests
$h = new-object Collections.HashTable
foreach ( $cmd in $cmdlets ) {
    $h.add($cmd.Name,$cmd)
}

# Determine the current folder and go through all tests in the folder
$myDir = Split-Path -Parent $MyInvocation.MyCommand.Path

Get-ChildItem -Path $myDir *.ps1 | ForEach-Object {
    # retrieve file content and see if any of the cmdlets are there
    [string]$sTest = Get-Content $_.PsPath
    foreach ( $cmd in $cmdlets) {
        if ( $sTest.contains( $cmd.Name ) ) {
            if ($h.Contains($cmd.Name)) {
                $h.remove($cmd.Name)
            }
        }
    }
}

# If the hashtable is not empty - we don't have 100% coverage
if ( $h.Count -ne 0 ) {
    $percent = [string]::Format("{0:##`%}", ($cmdlets.length - $h.Count)/$cmdlets.length )
    $sOutput = "Coverage: " + $percent + ". Cmdlets missing: "
    $missing = $h.Keys
    foreach ( $s in $missing ) {
        $sOutput = $sOutput + " " + $s
    }
    $h.clear()
        throw $sOutput
}

$h.clear()

davidsmith71

Posts: 1
Registered: 3/21/08

Re: Ensure that your script works in next releases of ActiveRoles Powershell
Posted: Mar 21, 2008 2:28 PM

in response to: Ilya Kalmykov

Reply

This is a script I'm writing to use an existing user as a "model" user account in creating a new user. It creates the user account but immediately fails to be able to perform a get-qaduser action on the newly created account - thus all the other pieces of my script below the account creation fails.

Interestingly, if I type each of these commands in this script line by line into the powershell interface it works perfectly. It's only when I run this as a .ps1 script that it fails.

I've replaced the names of my corporate network with DOMAIN for security purposes. I've also added a note on where the script fails marked with #>>>>>>>

# ===================================================
#
# This PowerShell script creates a new user by
# copying the pertinent fields from another
# "model" user. It then mailbox-enables the new
# account.
#
# Written by: David Smith
# Last modified: 12/07/2007
# Notes:
#
# ===================================================

### Setup the log file

function writetolog([string]$stringtowrite="*")
{
$datetime = (Get-Date).datetime
Add-Content $logfile "$datetime : $stringtowrite"
}
if (Test-Path "copyuser.log") {Write-Host "Log file exists.";$logfile = "copyuser.log"} Else {Write-Host "Creating log file copyuser.log";$logfile = New-Item "copyuser.log" -Type file}
writetolog "===== Beginning copyuser.ps1 ====="

### Add the Quest ActiveRoles ADManagement Snap-in if it isn't already

Write-Host "Checking ActiveRoles Snapin"
writetolog "Checking ActiveRoles Snapin"
if (Add-PSSnapin Quest.ActiveRoles.ADManagement -ErrorAction SilentlyContinue) {Write-Host "Added ActiveRoles Snapin";writetolog "Added ActiveRoles Snapin"} Else {Write-Host "Snapin present.";writetolog "Snapin present."}

### Set the variables

$newFname        = Read-Host -prompt "Enter NEW USER's First Name"     # The new user's First name
$newLname        = Read-Host -prompt "Enter NEW USER's Last Name"     # The new user's Last name
$newSAMAccount   = Read-Host -prompt "Enter NEW USER's Username"     # The new user's requested username
$newpassword     = Read-Host -prompt "Enter NEW USER's Password"     # The new user's requested password
$modelSAMAccount = Read-Host -prompt "Enter MODEL USER's UserID"     # The user id of the existing user after which to model this new user

$newFullname     = "$newlname, $newfname"
$modelLogonname = "DOMAIN\$modelSAMAccount"
$newLogonname    = "DOMAIN\$newSAMAccount"
$myEmailAddr     = (gc env:username) + "@DOMAIN.com"
$fileserver = "SDALFILE2"
writetolog "First name: $newFname"
writetolog "Last name: $newLname"
writetolog "SAMAccount: $newSAMAccount"
writetolog "Password: $newpassword"
writetolog "Model SAMAccount: $modelSAMAccount"
writetolog "Model Account: $modelLogonname"
writetolog "New Logon Name: $newlogonname"

### Grab the user object to model after

Write-Host "Getting the model user object."
$objModeluser = Get-QADUser -Service $modelLogonname
writetolog "objModeluser = $objModeluser"

### Create and enable the new user and set the password

Write-Host "Creating the new user object"
$objNewuser = New-QADUser -ParentContainer $objModeluser.ParentContainer -Name $newFullname -FirstName $newFname -LastName $newLname -SamAccountName $newSAMAccount -Description $objModeluser.Description -UserPrincipalName "$newSAMAccount@DOMAIN.us" -DisplayName $newFullName | enable-qaduser
Write-Host $objNewuser
writetolog "$objNewuser.LogonName created"

### Wait for AD to catch up
Write-Host "Waiting for Active Directory..."
Start-Sleep -Seconds 5
#$objNewuser = ''
$objNewuser = Get-QADUser $newLogonname
#set-qaduser $newLogonname -UserPassword $newpassword

### Join the new user to the same groups and report on which ones failed

Write-Host "Adding to groups"
$objModeluser.MemberOf | ForEach-Object {Add-QADGroupMember $_ $newLogonname}

if (Test-Path "SharedGroups.txt")
{Write-Host "SharedGroups.txt exists. Removing."
writetolog "SharedGroups.txt file exists. Removing."
Remove-Item "SharedGroups.txt"
}

Write-Host "Creating SharedGroups.txt"
writetolog "Creating SharedGroups.txt"
$SharedFile = New-Item "SharedGroups.txt" -Type file

if (Test-Path "MissingGroups.txt")
{Write-Host "MissingGroups.txt exists. Removing."
writetolog "MissingGroups.txt file exists. Removing."
Remove-Item "MissingGroups.txt"
}

Write-Host "Creating MissingGroups.txt"
writetolog "Creating MissingGroups.txt"
$MissingFile = New-Item "MissingGroups.txt" -Type file

$modelGroups = $objModeluser.MemberOf | Get-QADGroup | ForEach-Object {$_.name}
$newGroups = $objNewuser.MemberOf | Get-QADGroup | ForEach-Object {$_.name}

Foreach ($Item in $modelGroups)
{If ($newGroups -contains $Item)
  {Add-Content $SharedFile $Item
   writetolog "Added to $Item"
   }
Else
  {Add-Content $MissingFile $Item
   writetolog "Could not add to $Item"
   }
}

### Begin creating the shared network folder

# Create the folder
Write-Host "Creating home folder"
$homefolder = New-Item -Path "\\$fileserver\Users$" -Name $newSAMAccount -type directory
writetolog "Created $homefolder"

# Set the ACL permissions
# see http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1204480&SiteID=1
# this explains why we need to set three rules for one user
Write-Host "Setting ACL on the home folder."
$AccessRule1 = New-Object System.Security.AccessControl.FileSystemAccessRule($newSAMAccount,"Modify",2,2,"Allow")
$AccessRule2 = New-Object System.Security.AccessControl.FileSystemAccessRule($newSAMAccount,"Modify",1,2,"Allow")
$AccessRule3 = New-Object System.Security.AccessControl.FileSystemAccessRule($newSAMAccount,"Modify","Allow")
$acl = Get-Acl $homefolder
$acl.AddAccessRule($AccessRule1)
$acl.AddAccessRule($AccessRule2)
$acl.AddAccessRule($AccessRule3)
Set-Acl $homefolder $acl -ErrorAction Stop
writetolog "Set $acl"

#Create the Share
if ($fileserver) {
$Win32ShareClass = [wmiclass]"\\$fileserver\root\CIMv2:Win32_Share"
} else {
$Win32ShareClass = [wmiclass]"Win32_Share"
}
Write-Host "Creating the share."
$Win32ShareClass.Create("D:\Users\$newSAMAccount","$newSAMAccount$",0,$null,"")
writetolog "Created the share $sharename"

#Set the share as the user's home directory and configure the logon script path
$homeDirectory = "\\$fileserver\$newSAMAccount$"
$homeDrive = "L:"
$scriptPath = $objModeluser.scriptPath
Write-Host "Setting homeDrive"
Set-QADUser $objNewuser -ObjectAttributes @{homeDrive=$homeDrive}
writetolog "Set homeDrive as $homeDrive"
Write-Host "Setting homeDirectory"
Set-QADUser $objNewuser -ObjectAttributes @{homeDirectory=$homedirectory}
writetolog "Set homeDirectory as $homeDirectory"
Write-Host "Setting scriptPath"
Set-QADUser $objNewuser -ObjectAttributes @{scriptPath=$scriptPath}
writetolog "Set scriptPath as $scriptPath"

### Begin establishing the mailbox settings

Write-Host "Establishing mailbox settings."
$ldapquery = "LDAP://" + $objNewuser.DN
$newmbx = [ADSI]$ldapquery
$newmbx.mailNickname = $newLogonName
$newmbx.msExchHomeServerName = $objModeluser.msExchHomeServerName
$newmbx.homeMDB = $objModeluser.homeMDB
writetolog "ldapquery = $ldapquery"
writetolog "mailNickname = $newmbx.mailNickname"
writetolog "msExchHomeServerName = $newmbx.msExchHomeServerName"
$newmbx.setinfo()
writetolog "Established mailbox settings."

writetolog "===== Ending copyuser.ps1 ====="