Powershell: Get SQL Data using powershell

Small background / Use Case – I’m having a printing solution that prints a small, almost invisible watermark on every printed page. This watermark consists of printjob ID number only. I would like HelpDesk users to check this Job ID and resolve job owner / printing time etc. Unfortunately, it’s not possible through GUI, but… powershell made my day.

Ok, to summarize, I currently have:

  • Print Job ID
  • Running SQL Server with required print job and user tables

And I want to get:

  • Nice GUI window asking for print job ID
  • GUI output with:
    • User details (name, surname, login)
    • Job title
    • Job accept time

Translating above into powershell; first you need to specify database details and open up SQL connection:

Then, we are going to ask user for job ID with small GUI window:

Above pop-up code will show up in following style:


Of course, you can validate this input box with string length, type etc. I didn’t need it. Next step – Run SELECT SQL query using powershell to get JobID related userID and then run another query to fetch user details from users table:

Last step, having all that information in variables, you can display ’em to end user, again, using powershell GUI window:

This will result in something similar to:


At the end, please keep in mind to close SQL connection:

This was just one, small use case that worked for me, but there are many more possibilities automate your work using powershell and SQL together 🙂

For non-reading ones, below you can get complete script:


Skype For Business Group Policies

I don’t know why, but in the IT we always need to restrict some things. Maybe Principle of least privilege is our primary rule, maybe we simply don’t trust users (since they always lie…) or maybe it’s just the power we truly love!

Nevertheless, I needed to restrict users from using audio & video conferencing features in Skype For Business. simplest possible way to achieve this goal is proper CAL assigned to each user (Standard CAL – only IM functions; Enterprise CAL – all features). But here’s a small catch, and the catch is that this change applies to a user, not to specific devices. What would you do if you want users to have all Skype features on their local machines, but only Instant Messaging while using Skype through Citrix published app or VDI? In such case, you need a machine specific restriction. Not available in Skype For Business Control Panel, but possible with some registry hacks. I have found nice article written by Lync MVP Paul Bloem. He describes few keys that we can use to allow/disallow some Skype features, which can be easily done both for Machine and User hive. I allowed myself to work a little bit more on that and prepare Skype For Business ADMX Policies that you can copy into your Policy Definitions and have all these settings presented in the easy way:


All of these options can be configured in following registry hives: (more…)

Citrix XenDesktop 7.6 – The Citrix servers do not trust the server.

Small hint for those, receiving following Citrix XenApp 7.6 error while opening any app from Receiver – “Cannot start app, please contact your help desk“:


Additionally, in the event log you find repeating errors from Citrix Store Service, EventID 0, message:

The Citrix servers do not trust the server. This message was reported from the XML Service at address http://deliverycontroller.domain.local/scripts/wpnbr.dll [NFuseProtocol.TRequestAddress].


All you need to do, is set up TrustRequestsSentToTheXmlServicePort from $false value to $true. Simply follow these steps:

  • Log on to your Delivery Controller and open powershell console
  • Load Citrix snapins:
  • ChangeTrustRequestsSentToTheXmlServicePort parameter value to $true:
  • And finally you may want to check the result by typing:

If value is set to $true, issue should be resolved.

How to import PST file to Exchange 2013 Mailbox

Importing / Exporting mail data in .pst files may be performed with various 3rd party applications, but IMHO we should always use what’s “inside-of-the-box” if it’s possible. Therefore you should focus on follownig cmdlets:

  • New-MailboxImportRequest
  • NewMailboxExportRequest
  • Get-MailboxImportRequest
  • Get-MailboxExportRequest

Even as an Exchange Admin, shortly you will find out that none of them are available for you. Pitty. I have no idea why they made it this way, but you have to assign your admin account a new role “Mailbox Import Export”. To do so, execute following powershell cmdlet: (more…)

Citrix User Profile Management (UPM) deployment

One of the key features that leverages proper user’s experience in application provisioning or VDI environments is profile management. Whenever users log on to their VD or provisioned applications they are expecting to see things as they left it – that starts with desktop personalization, regional settings, wallpaper and ends up with complex application specific settings like AutoCAD or Catia preferences, shortcuts or hot-keys. Depending on delivered infrastructure type – profile management may be simple, but it also may become complex and challenging for IT.

Unfortunately – some things cannot be achieved with Windows Roaming Profiles – example from my eperience is Microsoft Outlook which holds user settings (like signature, font styles, views, etc) in user’s AppData/Local folder which is not synchronized by default (and we don’t want it’s all content which can be done in registry). Luckily, Citrix engineers gave us an option to specify folders / files to synchronize across all user’s profile directory. Below you can find a list of Citrix UPM benefits.

Consistent Experience: Increases user satisfaction and improves productivity

  • Reliable roaming experience: Ensures that personal settings, documents, shortcuts, templates, desktop wallpapers, cookies and favorites always follow the user across different Windows environments on any device.
  • Faster logon times: Provides the ability to control and reduce the profile size, which improves the logon times.

Better Management: Reduces administrative burden

  • Inclusion by default: By default all settings are captured, reducing the amount of time and effort spent in identifying what should be captured in a profile.  Administrators only need to focus on the items to be excluded from a profile, such as conflicting settings, files or folders that bloat the profile.
  • Profile size control: Enables administrators to only include specific files and folders or exclude unnecessary ones that account for tens or hundreds of megabytes, minimizing the amount of data being managed and stored in the profile and decreasing network overhead.
  • Robust profiles: Automatically detects and stores all modified profile settings in the registry and file system and can be configured to capture any kind of registry and file system modification within the profile. Prevents the unintentional overwriting of user profiles by using built-in logic to determine which data should be kept.
  • Extended synchronization: Allows administrators to synchronize files and folders for poor-performing applications that do not store user-related content within the user profile but somewhere on the device hard disk.
  • Detailed reports: Logs detailed information on all actions being performed in an easy to read and understandable format, simplifying the troubleshooting and analysis process.
  • Easy to implement and simple to maintain: Enables administrators to automatically migrate existing user settings and choose at a granular level which profile information to keep or discard. It runs as a system service, and does not require any additional servers, services, or databases or changes to logon scripts.

I allowed myself to mark some of the key features with green color. Having that knowledge and complete understanding of UPM advantages / disadvantages over Windows Roaming Profiles, we can start UPM installation and configuration. (more…)

Automated change of DNS hosts on multiple servers in AD Organizational Unit

Change of DNS settings on remote hosts can be done either with DHCP scope settings (if your servers are using DHCP and in most cases they are not) or via Group Policy or… with Powershell. But hey, I’m pretty sure you did not enable PSRemoting on all of your servers, did ya? Luckily there’s a WMI and we can combine it with powershell. (more…)

Finding & Transferring FSMO roles using powershell

I think it’s a part of IT nature to spend 15 minutes on scripting things that you actually could achieve in 1 minute using GUI, but you can’t change the nature, right? 🙂

One of the things I have to do from time to time is change of FSMO roleholders by simply transferring them (keep in mind that transfer is not the same as seize) from one host to another and it becomes inconvenient when I have to switch over three different mmc snap-ins (schema, ad domains and trusts and ad users and computers). Luckily there’s a powershell with single interface and all of the options I need. (more…)

Understanding why “CPU Ready” matters…

One of the biggest advantages of virtualization technology is possibility to overcommit your host’s resources – there’s really small chance of a VM using it’s all assigned CPU / RAM for 24/7 and that’s why we want to place a higher number of VMs on a single host to utilize it’s physical resources in a better way. But it doesn’t mean we can run unlimited amount of virtual machines on a single host and expect good performance. There are some *invisible* boundries that we should be aware of and one of them is host’s phycial CPUs / virtual CPUs ratio which has a big impact on your running VMs.

VMware tells us that our CPU resources are best utilized when it’s usage is measured at about 70-75% level. And that’s true. If there’s any VM running with for example 4 virtual CPUs and it’s using only 10% of it’s CPU power, you should consider changing the number of vCPUs to a single core and expect a load of ~60-70%. At this point your VM’s CPU is properly scaled. Yet, there’s another important thing related to the number of your virtual CPUs… (more…)

DHCP Server installation and configuration with multiple VLANs / Scopes using PowerShell

Installation of DHCP servers may be pain in the neck if you need to configure multiple scopes (for VLANs for example). Luckily this process can be automated with powershell.

Scirpt will install DHCP role, create local DHCP groups, authorize DHCP in Active Directory and at the end create all defined scopes.

All you need to do in the script below is to change values in highlighted lines – currently it has only three vlans (scopes), but you can add more like these. Simply add new line with $vlan4… $vlan* and put it’s name into $vlan variable in line 10.

If everything went well, you should see output similar to the image below:


I hope this will make your DHCP configuration a lot easier 😉