24. November 2016
PowerShell Version: >4
Modules: VMware vSphere PowerCLI
While having issues with HP Data Protector and VMware backups I created a script that logs in to different vCenter Servers and checks for Data Protector Snapshots that are older than x and removes them. This script can easily be customized to suite your environment and needs.
# variables
$name = "_DP_VEPA_SNAP_"
$hours = "0"
$vcenters = "VCENTER1-FQDN","VCENTER2-FQDN"
$vc_username = "USERNAME"
$vc_password = "PASSWORD"
# load powercli commands
add-pssnapin vmw* | out-null
# for every vcenter
foreach ($vcenter in $vcenters)
{
# connect
Connect-VIServer -Server $vcenter -User $vc_username -Password $vc_password -WarningAction SilentlyContinue
$snapshots = Get-Snapshot -vm * -name "$name" | Where {$_.Created -lt (Get-Date).AddHours($hours)}
if ($? -eq $false)
{
"### $vcenter ###"
"No matching Snapshots found."
}
else
{
"### $vcenter ###"
$snapshots | select VM, @{Name="Age";Expression={((Get-Date)-$_.Created).Hours}}, SizeMB | Format-Table -Autosize
# remove snapshots
"Deleting..."
$snapshots | Remove-Snapshot -confirm:$false
"Done!"
}
# disconnect
Disconnect-VIServer -Confirm:$False | out-null
}
PowerShell Version: 4
Modules: GroupPolicy
If you find yourself lost in the jungle of existing GPOs in your environment use some PowerShell to sort out the ones that might not be needed anymore.
# first of all get all GPOs that are available in the domain - make sure to use a domain administrator account for this
$gpos = Get-GPO -All
$gpo_compare_unlinked = @()
$gpo_compare_notapplied = @()
"Unlinked GPOs:"
foreach ($gpo in $gpos)
{
# to gather all needed information we will create a xml report of every GPO and sort out what we need...if GPO.LinksTo.SOMPath is empty the GPO is not linked
[xml]$xmldata = Get-GPOReport -ReportType xml -Name $($gpo.Displayname)
if ($($xmldata.GPO.LinksTo.SOMPath) -eq $null)
{
#output the name of the unlinked GPO
$gpo.Displayname
# add the name to an array for later comparison
$gpo_compare_unlinked += $gpo.Displayname
}
}
# add a line break for a better overview
"`r"
"GPOs that are linked but deactivated:"
foreach ($gpo in $gpos)
{
# these GPOs are linked but their status is disabled as seen in GPO.LinksTo.enabled
[xml]$xmldata = Get-GPOReport -ReportType xml -Name $($gpo.Displayname)
if ($($xmldata.GPO.LinksTo.enabled)-eq $false)
{
$gpo.Displayname
}
}
"`r"
"GPOs that are not applied:"
foreach ($gpo in $gpos)
{
# this was a bit tricky as the xml data does not show the information we need, it only shows the status -Apply Group Policy- if it is assigned
[xml]$xmldata = Get-GPOReport -ReportType xml -Name $($gpo.Displayname)
if ($($($xmldata.GPO.SecurityDescriptor.Permissions.TrusteePermissions.Standard.GPOGroupedAccessEnum) | where {($_ -like "Apply Group Policy")}) -ne "Apply Group Policy")
{
$gpo.Displayname
$gpo_compare_notapplied += $gpo.Displayname
}
}
"`r"
"GPOS that are neither linked nor applied:"
# use compare of the two created arrays to find the GPOs that are basically trash (unused)
(Compare-Object $gpo_compare_unlinked $gpo_compare_notapplied -IncludeEqual | where SideIndicator -eq "==").InputObject