Flexing your Powershell: Getting a count of computer by OU

Today I needed to determine the number of computers in active directory for a client based on their location. Luckily, this client has their OU’s structured to Region\Country\City, but all I had was a list of the computers and their Distinguished Names. Since this puts the workstation name first, then goes city/country/region, this was challenging to split in excel and group up.

I spent awhile drafting the below script, which will enumerate the OU’s, then go into each and count the total number of computers, the number of disabled computer, the number of disabled computers, then export it to a csv. In my case, I scoped it specifically to the OU that contained only computers, but this can be expanded as needed.

##define csv to export to
$csvfile = "C:\temp\exports\pc-count-by-ou.csv"


##get all OU's under specified OU
$OUlist = get-adorganizationalunit -filter * -searchbase "OU= Computers,DC=yourdomain,DC=com" -Properties canonicalname | select distinguishedname, canonicalname 

##iterate through each OU
foreach ($ou in $oulist){

##get OU CN
$readableOU = $ou.canonicalname
##get OU DN
$scriptOU = $ou.distinguishedname

##Count all pc's in OU and store in a variable
$totalOUPCcount = get-adcomputer -filter * -searchbase "$scriptou" -searchscope OneLevel| measure-object
$totaloupccountnumber = $totalOUPCcount.Count

##Count all disabled pc's in OU and store in a variable
$disabledpccount = get-adcomputer -filter {enabled -eq $False} -searchbase "$scriptou" -searchscope OneLevel | measure-object
$disabledpccountnumber = $disabledpccount.Count

##Count all enabled pc's in OU and store in a variable
$enabledpccount = get-adcomputer -filter {enabled -eq $True} -searchbase "$scriptou" -searchscope OneLevel | measure-object
$enabledpccountnumber = $enabledpccount.Count

##line to write with results 
$csvlog = "$readableOU; $scriptOU; $totaloupccountnumber; $disabledpccountnumber; $enabledpccountnumber"
##print to working window
write-host "$csvlog"
##append to csv
$csvlog | out-file $csvfile -append 
}

Note, this does not put headers in, which I may go back and update later, but the csv can then be opened with excel, and using the “text to columns” feature with semicolon as the delimiter, gives us some usable results. (I’ve added the headers manually in my excel, and since the DN is not very useful in my current case, just squished that down to get it out of my view).

I can also further use text to columns on the “CN” field using the “/” as the delimiter since it is in a better order, as desired.

I now have a much more useful list to group these up with a pivot table and get the summaries I need, and get as detailed as I wish.

I’ll probably also adjust the script to return the actual computers in the script so that I can have a list by location, but that is for another time. Happy Powershelling!

Export directory list to csv with command prompt

This one is mainly a note to self, but maybe someone will find it helpful. no exposition here!

I needed to get a list of all folders in a directory into an excel spreadsheet. let’s say the location was D:\shared\filesharename

1. open command prompt
2. Enter D: to switch to the d drive
3. enter cd shared\filesharename to access the folder
4. enter dir /b /ad > c:\temp\filesharenames_subfolders.csv
   • /b uses bare format, no heading or summary
   • /ad filters for only directories, as i don’t want files included
   • > exports it to the file specified
   • C:\temp\filesharenames_subfolders.csv is the file it is outputting to

I end up with list of the folders in this directory that can be copy pasted into excel easily!

MS Teams – White Video

Haven’t seen much of anything from Microsoft on this, but having experienced it myself this week and having a number of co-workers and clients running into this this week, it is certainly worth sharing the fix I have found to be reliable.

Issue: Inbound video in meetings is white screens only

Fix: access your teams settings and uncheck the box for “Disable GPU hardware acceleration (requires restarting Teams)”

That should be it! Restart Teams and your video woes should be good to go.

If you are an administrator, I have not yet found a way to deploy this administratively, but if you do, please share!

Wonky audio devices – the case of randomness

Short and sweet one today, but I have run into this a few times and it tends to evade me for far longer than it should each time. This time it happened to me.

Occasionally a headset, be it bluetooth or wired, will work seemingly flawlessly for a few hours, but at some point will stop working on one or more applications. In my case, a brand new bluetooth headset worked in Teams in the morning, but by the afternoon, I couldn’t hear anything. Windows sounds still played fine, and my music streaming was loud and clear, but Teams just wasn’t giving me anything!

After replacing, rebooting, resetting, reconnecting, and fighting with it over a few days, I finally found the setting that was buried in the back of my head that I couldn’t find for the life of me. Steps below:

1. Open the original control panel
2. Select to view by “small icons”
3. Open the “sound” option
4. Locate your headset in the list of playback options and select it
5. Click “properties”
6. Go to the advanced tab
7. Uncheck “Allow applications to take exclusive control of this device”
8. if issues persist, repeat and uncheck “enable audio enhancements”

That’s it. Other than reinstall, reconnecting, rebooting, resetting. That’s the trick that has worked for me in this situation. Good luck out there!

Export All GPOs in a domain to XML or HTML

Not a lot of exposition on this one.

I have a client that has 100+ Group Policy Objects that I wanted to export. Now in the time I was developing a way to automatically do this, I probably could have right clicked each and exported, but that’s no fun and I can use this script in the future.

General Script Notes

1. Change $folderpath variable to an existing folder path, this script will not create the folder structure, but if you want to add that, feel free
2. the last line will go through this entire folder and rename with a new file extension, xml or html, depending on which script you are running. Please use a clean and empty folder for this. If there is anything else in the folder, it will get the filetype changed!

Powershell script to export all GPOs to XML

$folderpath = "C:\path\to\existing\folder\"
$AllGpos = get-gpo -all
ForEach($g in $AllGpos)
{
    $filename = $g.DisplayName
    $fullpath = join-path -path $folderpath -ChildPath $filename
    $Gpo = Get-GPOReport -reporttype xml -guid $g.Id -path $fullpath

}

get-childitem -path $folderpath | Rename-Item -NewName { $PSItem.Name + ".xml" }

Powershell script to export all GPOs to HTML

$folderpath = "C:\path\to\existing\folder\"
$AllGpos = get-gpo -all
ForEach($g in $AllGpos)
{
    $filename = $g.DisplayName
    $fullpath = join-path -path $folderpath -ChildPath $filename
    $Gpo = Get-GPOReport -reporttype html -guid $g.Id -path $fullpath

}

get-childitem -path $folderpath | Rename-Item -NewName { $PSItem.Name + ".html" }

That’s all for today!

Mistakes happen, it’s what happens next that matters

Photo by Suzy Hazelwood on Pexels.com

I’ve made mistakes. Lots of them. In many different contexts. I’ve made mistakes that affect my personal relationships, I’ve made mistakes at work, I’ve made mistakes that cost money.

I’m also willing to bet that everyone else out there has also made mistakes.

I’m here to say that most mistakes can be fixed, or at least mitigated with a few simple actions. Not every mistake is equal, not every mistake can be fixed the same way, and there will be the rare mistake that is unfixable, but it is our reaction to these that matters more than the mistake itself.

Reaction One: Own your mistake

Depending on how you were raised, you may have learned that when you made a mistake, you got in trouble. This tends to lead to hiding mistakes. I myself learned this behavior growing up, and early on in my IT career this lead to me not asking for help when I was in over my head, or even trying to fix and cover up a mistake on my own before anyone else learned about it.

I had a manager early on that caught me in a small mistake, doing my typical attempt to try to fix it myself so that no one learned about it, thinking it would keep me out of trouble. He took me to task on this and I learned that it was much worse if he learned about a hidden mistake, regardless of whether I fixed it or not, rather than if I would have come to him with it first.

This was a hard habit to break, but has paid dividends in my work and relationships that I struggle to explain. When I make a mistake now, I own up to it to those who need to know and can help me as soon as I’ve realized it, even if that means telling a client that I broke something or caused a major issue. And you know what? there have been some huge positive results that I never could have anticipated. Not only are clients impressed when someone actually owns up to their mistakes, it builds a level of trust that takes much longer even for someone performing flawless work. They see you as human, fallible as they are, and trust that you will be honest with them, even when it is difficult.

I have found this to be true across multiple managers and companies. Most people find owning up to mistakes a breath of fresh air from the countless times that people try (and usually fail) to fix their mistakes on their own to appear infallible. There are always exceptions to the rule, but when it comes to this, that is more indicative of poor management and culture than it is of the rule being incorrect.

Reaction Two: Learn from your mistake

So you’ve owned your mistake, now is the time to step back and find the lesson in the mistake. What can you do in the future to not make this mistake again? In a work situation, this could be as simple as additional research and planning on a project to catch a similar issue in the future before it becomes a mistake, adding a review for something in a checklist, or modifying a behavior so that you don’t repeat the mistake.

Let’s take the mistake I was trying to cover up from reaction one. While I was unsure of the ramifications of what I was doing, I applied an update to a firewall at a remote client office and the device went unresponsive, causing the remote office to lose all network connectivity. Rather than grabbing a coworker or manager immediately and letting them know what was going on, I was furiously googling and running checks to see if I could remotely get the device to become responsive again. While in some situations, this may be an expected behavior, and I was trying to fix the issue, I learned that if I had told my manager or a senior engineer right away, they could have told me that it sometimes happens after an update of this type, and if responded to in the correct way, it was not that big of a deal. If I had raised a flag for help right away, the time I spent hiding my “mistake” (and I now put this in quotes as it turns out it wasn’t really a mistake that I made, but a mistake in my reaction) could have been used to begin travelling to that remote office or getting someone else onsite to reset the device to resolve the issue quickly. Instead of being there in 30 minutes to begin the remediation, I added an additional hour to the downtime by hiding.

From that time forward, I didn’t wait to make others aware when I made a mistake. Sometimes others couldn’t help me right away, sometimes I was able to respond faster, but always did the others appreciate my ability to be trusted and quickly respond to the issue at hand. Additionally, I learned that sometimes these particular updates just do that, and I knew how to respond in the future. I was better prepared either by planning to already be onsite for these updates, having someone nearby on standby, or knowing that I might have to go quickly should it happen. I could also tell a client that this was a possibility, so they could plan for the appropriate downtime. Then, if it did happen they weren’t surprised by additional downtime, and if it did not we had less downtime than planned (which always makes the engineer look good!).

Learning from your mistake goes hand in hand with owning your mistake. When you approach a client, colleague, manager, or friend and own up to your mistake, it takes the impact of the mistake down and earns you some trust. Following that up with what was learned and how you plan to avoid making a mistake like that in the future, that will take that trust you earned and add to it by underscoring your responsibility, adaptability, and trustworthiness.

Preface to Reaction Three: Caveats on Apologizing

A pause here before I go into more detail. Women have a tendency to over-apologize. I’m pretty sure that on an average day I say “I’m sorry” at least once a waking hour. I even find myself apologizing for running into inanimate objects. The effects of this can be two-fold. On one hand, this takes some of the power away from true apologies, and on the other hand, it can minimize your own feelings and you end up apologizing for things that aren’t your fault, like the weather. Personally I try to never just say “I’m Sorry”, instead I contextualize it by saying something like “I’m sorry that turned out the way it did” or “I’m sorry that you have to go through this” or even “I’m sorry that the weather isn’t cooperating for you”. This takes the “sorry” from something you are accepting responsibility for, to something that you are empathizing with, which is what is intended in these situations. When I’m apologizing for my mistake, I add myself into the context with something like “I’m sorry that I underestimated the downtime”, or “I’m sorry I didn’t take that into account”, or even “I’m sorry that I didn’t plan for this situation”.

I will also caution that while I try to never throw anyone under a bus, sometimes it has to be done. I personally find it tolerable to accept some responsibility for others mistakes, especially if I have a part in them; but when there is nothing I can or could have done to avoid a mistake or others aren’t accepting their share of the responsibility, I can and will make it clear that it is their mistake.

Reaction Three: Apologize for your mistake

Apologizing can be insignificant in some situations, and supremely powerful in others. It is also dependent on whether you owned and learned from your mistake. It seems more common for people to point fingers, play the blame game, or throw someone else under the bus, rather than take responsibility for their actions. Ownership and apology for a mistake is certainly a refreshing change of pace.

Which brings me to why an apology is so powerful, it really is accepting the responsibility and acknowledging regret. If you don’t regret the action, the “sorry” is just a word. If you don’t put some context into an apology and follow it up with remediating your actions, you may as well not apologize at all. This type of apology is the insignificant one, the one where it is just a reflex, and does nothing to repair the mistake or relationship. A true apology where you accept the mistake and course correct is powerful. The repurcussions in either case may not be immediate as the apology is the first step, what actions you take after are really what makes your apology meaningful.

Actions are Louder than words

All of this can be just words if that is all you intend them as. Trust is easily broken and hard earned sounds like a overused phrase, but it holds through every time. Even if you own your mistake, learn from it and apologize, if you then turn around and hide mistakes, make the same mistakes again, or deflect and blame, this will break down the trust you earned a lot faster than you earned it!

Logins, logins, logins: How to use profiles in browsers

^{Photo by Andrea Piacquadio on Pexels.com}

Why use profiles?

If you work in tech, specifically in a consulting or service provider role, you may find yourself logging in and out of websites to jump between Microsoft 365 tenants, domain registrar accounts, email accounts, and various other websites. Even if you are not working in tech, you may have multiple logins for the same site for different things, or multiple email accounts that have to be logged in and out of. For example, if you have a personal outlook.com account and a work or school account that uses Microsoft 365, you may find yourself trying to access email and finding you are in the wrong account.

Additionally, since web browsers are consistently getting “smarter” and storing credentials and cookies, if a browser is not fully closed or cleared, you may think you have logged into a different account but may still end up logged into an account that was previously logged in, causing review of inaccurate information, or even worse, changes to be made in the wrong account.

The below sections will show you how to create profiles in Google Chrome and Microsoft Edge, two of the most commonly used web browsers. The advantage to having separate profiles is that the cached credentials and cookies are separated between these profiles, so if you create a profile for “ABC Widgets” and use it to sign into the Microsoft 365 account for ABC Widgets, when you return to your own profile or the profile for “XYZ Financial”, it behaves as if you have never signed in to “ABC Widgets”.

Additionally, when using profiles, you can use the “keep me signed in” functionality of Microsoft 365 and other vendors. This allows you to open the profile in the browser and be already signed into the account for the site you are browsing to. Each profile can also have it’s own separate bookmarks, search history, saved passwords, and other settings.

Finally, you can also create a separate work and home profile in the same browser. If you are using a home computer for work purposes, this can help to keep the logins and activity separate from each other.

Setting up profiles in Google Chrome

If you are signed into Chrome, there will be an icon with your image or initial in the top right. Click it to open a dropdown menu.

From the dropdown, click on the option for “add”

In the window that opens, select “Continue without an account”

(you may choose to sign in if you are creating a secondary google profile, perhaps if you have gmail at home and google apps for work.)

Give the profile a name, Set the desired theme color for the profile, and select if you want a desktop shortcut automatically created**

Tip: I use a dark grey or black theme for my own profile, and colors for any of my client profiles. This is a quick visual indicator of whether I’m in my personal profile or a client’s.

The new profile will open in it’s own new window automatically after you click done on the previous step.

Click in the same spot to view profiles, or open a new window in a different profile

If you click on the settings gear in the dropdown menu, you can manage your profiles.

From these settings, you can add and delete profiles, select a profile to launch a new chrome window for, or select to show this window on startup.

If you select to show this window on startup, this window with the profile selector will be the first thing to open when you open chrome, allowing you to select which profile you want to use for that session

If you selected to create a shortcut, it will appear on your desktop with the profile name first. You can use this shorcut to quickly launch a chrome window into that profile.

You can also drag this to your taskbar to pin it for ease of access

Setting up profiles in Microsoft Edge

On the top right of Microsoft Edge, you will see a User icon. Click here to open a dropdown menu.

*icon and words will vary depending on how your profile is currently setup.

Click on “Add Profile” at the bottom of the dropdown menu.

Click “Add” on the prompt

This will open a new edge browser in the new profile with an auto-generated description. Click on “Continue without signing in”

Click on the profile again to open the dropdown menu, and click the link for “Manage profile settings”.

Click on the elipsis (the three dots) and then select “edit” to edit the profile

You could also select delete if you no longer need the profile

In the prompt, give the profile a name for easy identification. you can also give it an image to display as the icon.

Now when clicking on the profile menu, the name and icon you selected are displayed.

Additionally, with the profile open, you will have your primary profile which has no icon, and the one with the icon for the new profile in your taskbar.

If you right click this icon, you can select to “pin to taskbar” so even when it closes it remains there for ease of access.

Now go forth and login to multiple accounts with convenience!

Dear people who name products, do better.

I’m looking at you specifically Microsoft.

There seems to be a current trend in naming products using the same or very similar words. I get it, for brand association and search engine optimization, keeping it the same keeps the brand top of mind and search results, but the big headache with this for consumers is making sure they are getting and using the product they want.

Let’s look at an example of it done right. Sony PlayStation. The first PlayStation was just that “Sony PlayStation”. When the successor came along, they followed a logical path and went with “Sony PlayStation 2”, or the widely adopted PS2, and so on through the PlayStation 3 (PS3), PlayStation 4 (PS4), and the current generation PlayStation 5 (PS5). When Sony stepped into the handheld and mobile space, they went with the logical extension of PlayStation Portable, fitting right into their nickname branding with PSP. They then Released the PlayStation Vita, which was close enough to sound standard with their naming convention, but also differentiated enough that the consumer can easily tell the difference.

Our second example is a little less direct about their generations, but still done well, Nintendo. Their first “console” release in Japan only was the “Color TV-Game”. After this, they started putting their name in the console with the “Nintendo Entertainment System” (NES). They followed this with the logical “Super Nintendo Entertainment System” (SNES). These two logically named systems were followed with the “Nintendo 64” (N64). This may seem like a turn, but made logical sense from the technology side as the NES was an 8 bit system, the SNES was 16 bit, and N64 was their foray into the 64 bit space. From there they went to “Nintendo Game Cube”, “Nintendo Wii”, “Nintendo Wii U”, and the current “Nintendo Switch”.

I think Nintendo did this well with keeping their brand visibility by embedding Nintendo into the name itself, while having clearly distinct names between the generations, save the Wii vs. Wii U step in the wrong direction.

So lets get to the the challenge I have with Microsoft. Sticking with their game console naming, they stepped into the space with the Microsoft Xbox, which generally is and was just referred to as an Xbox. Their successor was named the Microsoft Xbox 360. Not super logical in any way, but differentiated enough for even the parents trying to buy these for Christmas to be likely to get the right version. When they were teasing their third generation, there was a lot of online discussion over what the name would be. Would they go Xbox 720? Xbox 1080? Xbox Infinity? Then the announcement came that they were naming it the Xbox One.

This is where I start to take issue with the naming. I can’t find any logic in a third generation console being named “One”. But the problem only gets worse from here. They then released some consoles that were not quite fourth generation called the “Xbox One S” and “Xbox One X”, providing smaller form factor and some performance upgrades, but still using the “Xbox One” generation of games. My initial problem with this was that the vast majority of non-Xbox users could not easily identify the difference from these, and I constantly got asked if there was even a difference. Also, “S” and “X” sound way to close when spoken and it was hard to explain that “S like Sierra” is the newer low end entry into the space, and “X like X-ray” is the high end with support for 4K. Totally makes sense right? (I briefly forgot this is text, that question is definitely sarcasm).

For their final and most egregious violation in this train of naming, their current generation console is the Xbox Series S and the Xbox Series X. In just typing that, it took me three times to get it right. They took the most egregious violation in their letter choice from the previous generation, and doubled down by changing “One” to “Series”. So the lineup looks like:

• Xbox One
• Xbox One S
• Xbox One X
• Xbox Series S
• Xbox Series X

With minor and major differences between each of these, if a person went into a store looking to purchase one of these as a gift, not being a Xbox user themselves, I suppose there is a 20% chance they would buy the model that the recipient wanted.

I’ll stop with the exposition for a moment here, and just give a side by side example of operating system naming conventions so that you can draw your own conclusions on these.

Year	Android OS (Google Mobile	OSX (apple desktop)	Windows (Microsoft Desktop)
Pre- 1990			Windows 1.01 – Windows 2.11
1990 -1994			Windows 3.0 – Windows 3.5 Windows NT 3.1 – Windows NT 3.5.1
1995			Windows 95
1998			Windows 98
1999			Windows 98 Second Edition
2000			Windows 2000
2000			Windows Me
2001		Mac OS X 10.0 and Mac OS X 10.1	Windows XP
2002		Mac OS X 10.2
2003		Mac OS X 10.3
2004		Mac OS X 10.4
2006		Mac OS X 10.5
2007			Windows Vista
2006		Mac OS X 10.6
2008	Android 1.0
2009	Android Cupcake Android Donut		Windows 7
2010	Android Eclair Android Froyo	Mac OS X 10.7
2011	Android Gingerbread Android Honeycomb Android Ice Cream Sandwich
2012	Android Jelly Bean	OS X 10.8	Windows 8
2013	Android KitKat	OS X 10.9	Windows 8.1
2014	Android Lollipop	OS X 10.10
2015	Android Marshmallow	OS X 10.11	Windows 10
2016	Android Nougat	ma OS 10.12
2017	Android Oreo	macOS 10.13
2018	Android Pie	macOS 10.14
2019	Android 10	macOS 10.15
2020	Android 11	macOS 11
2021	Android 12	macOS12	Windows 11

A final word for Microsoft, and now I’m going to bring in acronyms which could be an entire post of it’s own. Microsoft 365, Office 365 and Azure all have a number of things that all include those words or numbers, making it not so straightforward. The particular example I will give is regarding Active Directory and their implementation of this in the 365/Azure space.

• First there was Active Directory when you hosted it on your server in your network. Most of the IT people have called it just AD.
• Then came Azure Active Directory when you were able to have this identity service in the cloud. Microsoft references this as AAD.
• To connect these two, you have Azure Active Directory Connect, abbreviated by Microsoft AADC.
• Then there is the full featured Azure Active Directory Domain Services, abbreviated by Microsoft as AADDS.
• Now to differentiate between the on premise full feature, you also need Active Directory Domain Services, which Microsoft abbreviates as ADDS.
• Finally, if you want to federate your connection between ADDS and AADDS, you will need Active Directory Federation Services, abbreviated by Microsoft as ADFS.

All in all, that is AD, AAD, AADC, AADDS, ADDS, ADFS. This doesn’t even get into the tangential services of PIM, PAM, MIM, MAM, MEM, MDM, or IAM.

Based on those acronyms, good luck finding the article that is relevant to the particular flavor of active directory or identity management that you are researching….

*for those of you who stuck around and want to know what those last acronyms are, in order of appearance: Privileged Identity Management, Privileged Access Management, Microsoft Identity Manager, Microsoft Application Manager, Microsoft Endpoint Manager, and Mobile Device Management. All of which are in a very similar technology space of Identity and Access Management.

Flexing your Powershell: Bulk AccessTier modification for Azure Blobs

Credit where credit is due, first of all. This post would not be possible without HEAVILY (and by heavily I mean stealing everything but a single parameter modification) referencing https://webmakers.co.nz/how-to-convert-entire-data-in-a-blob-storage-from-cool-storage-tier-into-archive-access-tier/, so please go check that out so he gets the credit. 

Feel free to now skip to “The Command” if you don’t want the explanation of how I got here and why it works.

Backstory

We setup Azure storage and put a metric ton of data into it, organized into folders. Unfortunately, our cost projections were way off and we were bleeding money to Microsoft for the storage. This is a byproduct of our first foray into storing data natively in Microsoft Blobs on this scale. We were able to change the storage type to minimize this cost a lot, but knew that modifying the AccessTier on a subset of the data that is not regularly accessed would bring us back to the ballpark we expected.

We have two containers, lets call them data1 and data2, each with subfolders within subfolders within subfolders. We did not have this organized so that one container could be “cool” storage and one “hot”. All Containers were set to “Hot”, and we needed a single root “folder” (I’ll explain the quotes in a minute under The Breakthrough) within a container changed to cool, while the others remained hot.

Issue

You can modify the AccessTier on an entire container, or a single “file”, but not on a folder of files. Or so it seemed like from everything we were seeing (and the command provided in https://webmakers.co.nz/how-to-convert-entire-data-in-a-blob-storage-from-cool-storage-tier-into-archive-access-tier/ (seriously, click on that and give my source a reference). Additionally the folders turned out to not be anything usable to filter the selection.

The Breakthrough

In troubleshooting another issue I was having in getting powershell to load the right modules and run them correctly, I stumbled on a comment in a post about the “folders” in containers and blobs. It tickled something in my brain, but didn’t click all the way into place yet. I wish I still had that page open, but seeing as I read through 30 or more posts about this, I doubt I’ll ever find it again to reference it. My deepest apologies, and I promise I will edit this if I find it.

What it explained is that the folders are not folders in the traditional Microsoft Windows sense. Blob storage is a flat file system. The folders are just the filenames, and Azure parses them into displaying them into folders. So in collection “data” there is rootfolder\subfolder\file.txt, that is an actual file name. If windows handled files this way, and you wanted to use a command prompt to “cd” (change directory) into the users directory, it wouldn’t work.

I hope that makes sense.

The command

All that explanation aside, below is the command modified to pull only files from RootFolder1 and change them to the “cool” tier. If you had RootFolder2 and RootFolder3, they would remain the Access Tier they currently are. Items in bold need to be from your account.

Install-Module -Name AzureRM
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
Import-Module AzureRM
$StgAcc = “YourStorageAccountName”
$StgKey = “YourConnectionKey”
$Container = “YourContainerName”
$ctx = New-AzureStorageContext -StorageAccountName $StgAcc -StorageAccountKey $StgKey
Connect-AzureRmAccount
$blob = Get-AzureStorageBlob -Container $Container -Context $ctx -blob RootFolder1*
$blob.icloudblob.setstandardblobtier("Cool")

*after “Connect-AzureRmAccount” you will be prompted for a username and password to connect to Azure.

Recommendation:

After line 9, you can enter $blob to see what is stored in that variable. I did this to ensure it only pulled the files I wanted to change. It also shows the AccessTier. I ran it again after line 10 to verify the AccessTier changed.

Second Example:

If you want to make changes on a subfolder of a root folder, or a folder four levels deep, the modification is just to the -blob parameter. Say in “YourContainerName” there is folder strucure “RootFolder1\subfolder1\sub subfolder\” you would modify the -blob parameter as follows (note that the folder structure has a space, so requires the quotes:

Install-Module -Name AzureRM
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
Import-Module AzureRM
$StgAcc = “YourStorageAccountName”
$StgKey = “YourConnectionKey”
$Container = “YourContainerName”
$ctx = New-AzureStorageContext -StorageAccountName $StgAcc -StorageAccountKey $StgKey
Connect-AzureRmAccount
$blob = Get-AzureStorageBlob -Container $Container -Context $ctx -blob "RootFolder1/subfolder1/sub subfolder/*"
$blob.icloudblob.setstandardblobtier("Cool")

Additional helpful notes, maybe

YourStorageAccountName  – open the Azure portal and go to “storage accounts”. the “Name” of the accounts your containers are in is what is used here.
YourConnectionKey  – once you have your storage account open, go to “Access Keys” under settings, this is the super long and complicated string under “Key”
YourContainerName – same page you are already on, scroll down to “container” under Blob Service. This will be the “Name” that contains the data that you want to work with.

The Saga is Complete

And with that I will go home, plug in my computer and let powershell change the AccessTier of a couple thousand files while I get some food and melt my brain with junk TV shows.

moar powershell – office365 group administration

No time for notes:

to check current ownership

get-distributiongroup -identity “display name of group” | fl

and look for managed by. if you use the set-distribution group with the -managedby flag, it will remove the current ownership, you will either need a script to add, which i don’t have right now, or to add with all owners listed. if only a few people are managing all without exception:

get-distributiongroup | set-distributiongorup -managedby admin1@domain.com,admin2@domain.com,admin3@domain.com -bypasssecuritygroupmanagercheck

to do it on just one

set-distributiongroup -identity “display name of group” -managedby admin1@domain.com,admin2@domain.com,admin3@domain.com -bypasssecuritygroupmanagercheck