PowerCLI

 View Only

  • 1.  Updating Adam

    Posted Apr 04, 2012 03:16 PM

    I am trying to update entries in the adam db.  Attempts at even searching remotely via ldapsearch have failed with:

    ldap_bind: Invalid credentials (49)
    additional info: 8009030C: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 207c, v1db1
         * Using the administrator password
    Going to plan 2 powercli (which I am new at).
    ---
          $cred = Get-Credential
            $pwd = [Runtime.InteropServices.Marshal]::PtrToStringAuto(
                    [Runtime.InteropServices.Marshal]::SecureStringToBSTR($cred.Password))
            $domain = New-Object DirectoryServices.DirectoryEntry("LDAP://<IP of Adam>",$cred.UserName, $pwd)
            trap { $script:err = $_ ; continue } &{
                    $domain.Bind($true); $script:err = $null
                    }
                    if ($err.Exception.ErrorCode -ne -2147352570) {
                            Write-Host -Fore Red $err.Exception.Message
                            break
                    } else {
                            Write-Host -Fore Green "Connection established."
            }
            Write-Output "----Start ---"
            $oe = [ADSI] 'LDAP://<IP Of Adam>/CN=Administrator,CN=WIN-0D6FDN66HKS,OU=Server,ou=Properties,DC=vdi,DC=vmware,DC=int'
            Write-Output "ADSI  err=$err"
            $oe.put("pae-PCoIPBandwidthLimit","25")
            Write-Output "put  err=$err"
            $oe.setinfo()
            write "setinfo err=$err"
    Connection established.
    1) If I run this thru PowerGUI and put a Breakpoint after the ADSI, I get the following error
          "The pipeline has been stopped"
    2) From the command line
    ----Start ---
    ADSI    err=Unknown name. (Exception from HRESULT: 0x80020006 (DISP_E_UNKNOWNNAME))
    put       err=Logon failure: unknown user name or bad password.
    setinfo  err=Logon failure: unknown user name or bad password.
    I have tried many variations of the [ADSI] / LDAP None of which resut in any different errors (Always Unknow name)
    ----- I am able to auth/dump the entry with the dump_entry.ps1 attached
    ------ Results ---------------
    objectClass                        : top pae-PropertyObject pae-VDMProperties
    cn                                 : WIN-OD6FDN66HKS
    distinguishedName                  : CN=WIN-OD6FDN66HKS,OU=Server,OU=Properties,DC=vdi,DC=vmware,DC=int
    instanceType                       : 4
    whenCreated                        : 3/14/2012 11:01:29 PM
    whenChanged                        : 4/4/2012 7:00:11 AM
    uSNCreated                         : System.__ComObject
    uSNChanged                         : System.__ComObject
    name                               : WIN-OD6FDN66HKS
    objectGUID                         : 79 243 148 9 24 181 29 72 183 184 211 211 140 155 15 38
    objectCategory                     : CN=pae-VDMProperties,CN=Schema,CN=Configuration,CN={647BC65C-E584-41F7-9948-031720575F4B}
    dSCorePropagationData              : 3/14/2012 11:01:41 PM 3/14/2012 11:01:32 PM 1/1/1601 12:04:17 AM
    pae-BypassTunnel                   : 0
    pae-mVDIOfflineUseSSLForPackages   : 1
    pae-LDAPBUFolder                   : C:\ProgramData\VMware\VDM\backups
    pae-mVDIOfflineUseSSL              : 1
    pae-AutoResolveLDAPCollisions      : 1
    pae-LDAPBUUnits                    : 2
    pae-FQHN                           : WIN-OD6FDN66HKS.corp.local
    pae-MarkedForDelete                : 0
    pae-mVDIOfflineBypassTunnel        : 1
    pae-SecurIDClearNodeSecret         : 0
    pae-BaseURL                        : https://192.168.0.1:443
    pae-ViewVersionNumberString        : 5.1.0-609264
    pae-Disabled                       : 0
    pae-RADIUSNameMapping              : 0
    pae-SecurIDNameMapping             : 0
    pae-LDAPBULastTime                 : 4/4/2012 7:00:10 AM
    pae-NETBIOSDomainName              : CONTROLCENTER
    pae-mVDIOfflineUseDedup            : 0
    pae-BypassPCoIPSecureGateway       : 0
    pae-LDAPBULastStatus               : 0
    pae-mVDIOfflineUseCompression      : 0
    pae-RADIUSWindowsSSO               : 0
    pae-LDAPBUFrequency                : 1
    pae-CertAuth                       : 1
    pae-DNSDomainName                  : corp.local
    pae-SecurityServerPairingMechanism : 2
    pae-VDMSecurityServer              : 0
    pae-LDAPBUMaxNumber                : 10
    pae-ViewVersionNumber              : 550
    pae-IPSecMode                      : 0
    pae-SecurIDEnabled                 : 0
    pae-SmartCardRemovePolicy          : 0
    pae-LDAPBUImmediate                : 0
    pae-RADIUSEnabled                  : 0
    pae-PCoIPBandwidthLimit            : 0
    pae-AgentConnectToFQHN             : WIN-OD6FDN66HKS.corp.local
    pae-LDAPBUTime                     : 0
    pae-NameValuePair                  : gw-pcoipClientIPAddress=192.168.0.1 gw-clientHost=192.168.0.1 gw-pcoipClientUDPPort=4172 gw-pcoipC
                                         lientTCPPort=4172 gw-identity=tunnel/vwbjae4alqbpaeqangbgaeqatga2adyasablafmalgbjag8acgbwac4ababvagmay
                                         qbsaa== gw-publicKey=MIHwMIGoBgcqhkjOOAQBMIGcAkEA/KaCzo4Syrom78z3EQ5SbbB4sF7ey80etKII864WF64B81uRpH5t9
                                         jQTxeEu0ImbzRMqzVDZkVG9xD7nN1kuFwIVAJYu3cw2nLqOuyYO5rahJtk0bjjFAkBnhHGyepz0TukaScUUfbGpqvJE8FpDTWSGkx0
                                         tFCcbnjUDC3H9c9oXkGmzLik1Yw4cIGI1TQ2iCmxBblC+eUykA0MAAkBvXwqwjizN9duk0iO4Doe7NWm4/ER61D1f5UcE4Sbqr+zrq
                                         bqXuS4wMQOgqpVI8B0iIxrPrnm/rDFiTA/qGxjA gw-clientPort=443 gw-clientProtocol=https
    nTSecurityDescriptor               : System.__ComObject
    ---My goal is to be able to modify entries within pae-NameValuePair, but I can't even get a basic update working..
    thanks


  • 2.  RE: Updating Adam

    Posted Apr 04, 2012 03:46 PM

    There is a basic example of accessing ADAM from PowerShell to be found in Disable VMware View Pool using Powershell PowerCLI.

    You could make the script a bit easier by using the Quest AD snapin.

    There is a View sample in View, Powershell and ADAM - mapping a users view desktop to a VC custom field

    Another example of working with ADAM from PowerShell can be found in ADAM Administration with SharePoint and PowerShell.

    It is for SharePoint, but the general ADAM functions are quite useful.



  • 3.  RE: Updating Adam

    Posted Apr 04, 2012 06:11 PM

    Thanks for the quick response, now it appears no snapin's are not available, nor can I install them.

    [vSphere PowerCLI] C:\test> get-pssnapin vmware*
    Name        : VMware.VimAutomation.Core
    PSVersion   : 2.0
    Description : This Windows PowerShell snap-in contains Windows PowerShell cmdlets for managing vSphere.
    [vSphere PowerCLI] C:\test> add-pssnapin vmware.view.broker
    Add-PSSnapin : The Windows PowerShell snap-in 'vmware.view.broker' is not installed on this machine.
    At line:1 char:13
    + add-pssnapin <<<<  vmware.view.broker
        + CategoryInfo          : InvalidArgument: (vmware.view.broker:String) [Add-PSSnapin], PSArgumentException
        + FullyQualifiedErrorId : AddPSSnapInRead,Microsoft.PowerShell.Commands.AddPSSnapinCommand
    [vSphere PowerCLI] C:\custom_vmware_view_011212>
    [root@test  ]# cat bla2
    Add-PSSnapin : The Windows PowerShell snap-in 'vmware.view.broker' is not installed on this machine.
    At C:\test\adam_update.ps1:14 char:13
    + add-pssnapin <<<<  vmware.view.broker
        + CategoryInfo          : InvalidArgument: (vmware.view.broker:String) [Add-PSSnapin], PSArgumentException
        + FullyQualifiedErrorId : AddPSSnapInRead,Microsoft.PowerShell.Commands.AddPSSnapinCommand
    Import-Module : The specified module 'activedirectory' was not loaded because no valid module file was found in any module directory.
    At C:\test\adam_update.ps1:15 char:14
    + import-module <<<<  activedirectory
        + CategoryInfo          : ResourceUnavailable: (activedirectory:String) [Import-Module], FileNotFoundException
        + FullyQualifiedErrorId : Modules_ModuleNotFound,Microsoft.PowerShell.Commands.ImportModuleCommand
    The following exception occurred while retrieving member "Put": "Logon failure: unknown user name or bad password.
    "
    At C:\test\adam_update.ps1:32 char:37
    +                         $objPool.Put <<<< ("pae-Disabled","0")
        + CategoryInfo          : NotSpecified: (:) [], ExtendedTypeSystemException
        + FullyQualifiedErrorId : CatchFromBaseGetMember
    The following exception occurred while retrieving member "Setinfo": "Logon failure: unknown user name or bad password.
    "
    At C:\test\adam_update.ps1:58 char:17
    + $objPool.Setinfo <<<< ()
        + CategoryInfo          : NotSpecified: (:) [], ExtendedTypeSystemException
        + FullyQualifiedErrorId : CatchFromBaseGetMember
    The following exception occurred while retrieving member "close": "Logon failure: unknown user name or bad password.
    "
    At C:\custom_vmware_view_011212\adam_update.ps1:59 char:15
    + $objPool.close <<<< ()
        + CategoryInfo          : NotSpecified: (:) [], ExtendedTypeSystemException
        + FullyQualifiedErrorId : CatchFromBaseGetMember
    #-----------------------------------------------
    # Check not there
    [vSphere PowerCLI] C:\test> get-pssnapin vmware*
    Name        : VMware.VimAutomation.Core
    PSVersion   : 2.0
    Description : This Windows PowerShell snap-in contains Windows PowerShell cmdlets for managing vSphere.
    #----- Try to Add failed
    [vSphere PowerCLI] C:\test> add-pssnapin vmware.view.broker
    Add-PSSnapin : The Windows PowerShell snap-in 'vmware.view.broker' is not installed on this machine.
    At line:1 char:13
    + add-pssnapin <<<<  vmware.view.broker
        + CategoryInfo          : InvalidArgument: (vmware.view.broker:String) [Add-PSSnapin], PSArgumentException
        + FullyQualifiedErrorId : AddPSSnapInRead,Microsoft.PowerShell.Commands.AddPSSnapinCommand

    thanks



  • 4.  RE: Updating Adam

    Posted Apr 04, 2012 06:43 PM

    An external ldap modify would save me from doing other things, any example of searching / updating via remote ldap appriciated. 



  • 5.  RE: Updating Adam

    Posted Apr 04, 2012 08:39 PM

    Ok, I see.

    Did you try with ?

    [ADSI] 'LDAP://<IP Of Adam>/CN=WIN-0D6FDN66HKS,OU=Server,ou=Properties,DC=vdi,DC=vmware,DC=int'

    Does that return the object ?



  • 6.  RE: Updating Adam

    Posted Apr 04, 2012 09:14 PM

    Yes, $oe (return from ADSI .. LDAP) contains System.DirectoryServices.DirectoryEntry

         * When I expand the $oe (using powergui) All entries State

             "<ObjectType>  "Logon failure:  unknown user name or bad password"

    Also just after the ADSI, the $err field is "The pipeline has been stopped"

    If I continue anyway:

         After the setinfo()

            *exception:  ... Unknown error 0x8000500c

    FYI:  I'm trying this "not on the actual box" but another view desktop if that matters.

    thanks



  • 7.  RE: Updating Adam

    Posted Apr 04, 2012 09:17 PM

    screen shot attached



  • 8.  RE: Updating Adam

    Posted Apr 05, 2012 09:36 PM

    Got an update running only on localhost,  I can "Dump" info from another desktop within the domain but cannot update remote. Outside the domain I can't even do a search.  Anyone know what needs to be installed / setup  to allow remote auth, certificates ?