Archive for the ‘Powershell’ Category.

Powershell – Script to report any NTP related message from the Eventlog

November 16, 2011, 4:50 pm

Problem :

I had setup the NTP server few days back so that my all domain computer can use it as a time source.I had created the group policy that forces all the domain computer to use the NTP server as a time source.Now I wanted to create a monitor which tells me when there is a NTP related problem reported into the eventlog.As always I had decided to go with Powershell to read the Eventlog remotely.

Solution :

I used the Powershell’s Get-wmiobject command to read the Eventlog of all the machine remotely.I used the select-string argument so narrow down the search to only NTP related messages.

Here is powershell script which I had created to create my monitor.

$BeginDate=[System.Management.ManagementDateTimeConverter]::ToDMTFDateTime((get-date).AddDays(-1))
$servers = 'Node1', 'Node2', 'Node3'
ForEach ($server in $servers) {
Get-WmiObject -computer $servers -class Win32_NTLogEvent -filter "(logfile='system') and (TimeGenerated >'$BeginDate')" | where {$_.message | select-string -pattern "The time"} | Select Computername, timegenerated, Message
}
The output was as following,
Computername                         timegenerated                           Message
------------                         -------------                           -------
Node1.example.co.uk                  20111114183223.468053-000               The time service is now synchronizin...
Node2.example.co.uk                  20111114182604.593400-000               Time Provider NtpClient: This machin...
You can use this script to search anything from the eventlog.You just need to change the select-string accordingly.
Update:
The another approach can be to use get-eventlog as following,
$servers = 'Node1', 'Node2', 'Node3'
get-eventlog -LogName System -Message “The time*” -after (get-date).AddDays(-7) -comp $servers |
Select @{Name=”Computername”;Expression={$_.MachineName}},TimeGenerated,Message
Thanks to Jeffery Hicks to let me know about the another method.
Category: Powershell  |  5 Comments

Powershell – Script to read Windows time remotely

November 15, 2011, 10:39 am

I was looking for an option which can allow me to read windows (Domain Client) machines time remotely.

I was in process of setting up the NTP group policy for my Windows domain controller and it would have been a big pain when it comes checking/comparing windows time by login into each and every domain client computers.I have more than 500 domain client computers in my domain controller so you can imagine how much time it would have taken to login in each machine and check whether the time is in sync with NTP server.

I thought to script the operation which reads the windows domain client’s time remotely so I can compare and check whether all the computers are having same time or not.I had decided to script the operation with Powershell and it did the exact job which I was looking for.

$servers = 'Node1', 'Node2', 'Node3'

ForEach ($server in $servers) {
    $time = ([WMI]'').ConvertToDateTime((gwmi win32_operatingsystem -computername $server).LocalDateTime)
    $server + '  ' + $time
}
The output was as following,
Node1  11/15/2011 09:54:07
Node2  11/15/2011 09:54:07
Node3  11/15/2011 09:54:07
Category: Powershell  |  2 Comments

Powershell Script to read last 5 errors from the eventlog

October 21, 2011, 10:12 am

Here is the powershell script which can read the eventlog on local or remote machine and returns last 5 errors reported in the Applications and System category.

 

$ArrComputers = "Computer1","Computer2"
foreach ($Computer in $ArrComputers)
{
write-host ""
write-host "===================================="
write-host "Computer: $Computer"
write-host "===================================="
write-host "------------------------------------------"
write-host "Last 5 Errors in the Application Category"
write-host "------------------------------------------"

$ColItems = Get-WmiObject -class Win32_NTLogEvent -filter "(logfile='Application') AND (type='Error')" -Computer $Computer | Select *
$ColItems[0..47] | Select -last 5 | Format-List EventCode,Type,TimeGenerated,Message

write-host "------------------------------------------"
write-host "Last 5 Errors in the System Category"
write-host "------------------------------------------"

$ColItems1 = Get-WmiObject -class Win32_NTLogEvent -filter "(logfile='System') AND (type='Error')" -Computer $Computer | Select *
$ColItems1[0..47] | Select -last 5 | Format-List EventCode,Type,TimeGenerated,Message
}
Category: Powershell  |  Comment