Author: Ashish Kumar Singh

DIY Guide: Repairing Your Panasonic Lumix Lens

Posted on Updated on

It’s the sound every photographer dreads: a sharp crack followed by the hollow rattle of glass and plastic. After my Panasonic Lumix 12-60mm f/3.5-5.6 took a hard fall, the front barrel had physically separated from the body. To any professional shop, this was a “parts only” write-off. To me, it was a challenge.

The Diagnosis: More Than Just a Snap

Upon opening the lens from the rear (removing the mount and the PCB), the internal damage became clear. A lens isn’t just glass; it’s a complex dance of helicoid tracks and electronic sensors. I found two “fatal” issues:

  1. Sheared Cam Rollers: The tiny metal cylinders that guide the lens along its zoom tracks had snapped their plastic mounts.
  2. A Loose Encoder Brush: The microscopic “comb” that tells the camera’s computer your current focal length (12mm, 25mm, etc.) had fallen completely out of its carriage.

The Surgery: Micro-Mechanics and Superglue

The repair required a steady hand and a “nothing to lose” attitude. Using a pair of tweezers and standard cyanoacrylate (superglue), I performed the following:

  • The Structural Save: I reglued the metal cam roller back into its housing. Because the original screw hole was stripped, the glue had to act as the primary structural anchor.
  • The Electronic Sync: Re-seating the zoom encoder brush was the hardest part. If it’s off by even a millimeter, the camera will show a “Lens Connection Error” or provide incorrect aperture data. I had to manually retract the barrel to the 12mm position and line up the brush with the start of the gold contact strip.

The “Brute Force” Breakthrough

After reassembly, the lens “talked” to my Panasonic GX8, but it wouldn’t zoom. The glue on the roller had created a fraction of a millimeter of excess height, wedging the barrel shut.

In a moment of “do or die,” I applied firm pressure to the zoom ring. With a small pop, the obstruction cleared. The roller had carved its path through the excess glue, and suddenly, the lens moved from 12mm all the way to 60mm.

The Results: Back from the Grave

The final test was the most surprising. Despite the “field surgery”:

  • Optics: The images remain sharp across the frame, meaning the glass is still perfectly centered.
  • Electronics: At 12mm, the camera correctly reads $f/3.5$. Autofocus is fast and silent.
  • Savings: I saved roughly £150 and kept a complex piece of electronics out of a landfill.

Lessons Learned

  1. Don’t give up on “popped” lenses: If the glass isn’t shattered, there is usually a mechanical way to put it back together.
  2. Beware of outgassing: If using superglue, let the lens sit open for hours. The fumes can fog your internal glass if you seal it too quickly.
  3. The “25mm Catch”: My lens has a slight “rough spot” at 25mm where the repair lives, but it’s a small price to pay for a working tool.

Repairing your own gear isn’t just about saving money; it’s about understanding the tools that capture your world. If you have a screwdriver and a steady hand, don’t be afraid to look inside.

#LUMIX #CameraRepair #Photography #DIY #RightToRepair #PanasonicGX8 #LensSurgery

This entry was posted in Photography and tagged , , , , , , , , , , , , , .

7 Steps to a VM Migration Assessment: An Architectural Framework

Posted on Updated on

For the modern Infrastructure Architect, a VM migration assessment is not merely an inventory exercise—it is a risk-mitigation strategy. The gap between a “Lift and Shift” that saves money and one that balloon-costs is found in the quality of the initial discovery data.

As we navigate the complexities of 2026, including data sovereignty and the rise of AI-augmented infrastructure, your assessment must account for more than just vCPU and RAM. It must account for Data Gravity, Interconnectivity Latency, and Egress Economics.

Here is the 7-step architectural framework for a comprehensive VM migration assessment.

Table of Contents

  1. Business Alignment & Constraints
  2. Multi-Cloud Discovery & Metadata Injection
  3. The 7 Rs Decision Matrix
  4. FinOps Modeling: The “Right-Sizing” Delta
  5. Dependency Mapping & Affinity Groups
  6. Wave Orchestration & Risk Profiles
  7. The Edge Logic: Utilizing Azure Local

1. Business Alignment & Technical Constraints

Every VM migration assessment must begin with a clear understanding of the “Migration Trigger.” Are we solving for Data Center Exit (CapEx avoidance), Scalability (Agility), or Disaster Recovery (Compliance)? Identifying these constraints early dictates whether you prioritize Rehosting for speed or Refactoring for long-term SLOs.

2. Multi-Cloud Discovery & Metadata Injection

Manual audits are the single greatest point of failure in an assessment. Architects must leverage agentless discovery engines (e.g., Azure Migrate, AWS Application Discovery Service) to pull real-time telemetry.

  • Performance Baselining: Capture 95th percentile metrics, not averages.
  • Metadata Tagging: Injecting tags for Business Unit, Criticality, and Data Sensitivity at the source ensures the Target Operating Model is governed from Day 1.
Enterprise Cloud Architect analyzing a VM migration assessment for hybrid cloud deployment

3. The 7 Rs Decision Matrix

A rigorous VM migration assessment categorizes every workload into one of seven architectural paths:

VMware Workload Migration
  1. Retire: Decommissioning technical debt (usually 15-20% of the estate).
  2. Retain: Legacy workloads with specialized hardware dependencies.
  3. Rehost: Minimal-change migration to IaaS.
  4. Replatform: Moving to Managed PaaS (e.g., Managed SQL, App Services).
  5. Refactor: Cloud-native transformation (Containers/Serverless).
  6. Relocate: Hypervisor-level migration (e.g., Azure VMware Solution).
  7. Repurchase: Transitioning to SaaS (e.g., SAP S/4HANA Cloud).

4. FinOps Modeling: The “Right-Sizing” Delta

One of the primary goals of the VM migration assessment is cost optimization. We must analyze the “Delta” between on-premise over-provisioning and cloud-native consumption. Architects should apply Reserved Instance (RI) and Savings Plan modeling during this phase to present an accurate TCO (Total Cost of Ownership) to stakeholders.

5. Dependency Mapping & Affinity Groups

Architects must solve for Data Gravity. If a middle-tier application is migrated while its backend database remains on-premise, the resulting latency can breach existing SLAs. Your VM migration assessment must identify “Affinity Groups”—VMs that are technically coupled and must be migrated as a single logical unit.

6. Wave Orchestration & Risk Profiles

Effective migration planning requires a phased approach.

  • Pilot (Wave 1): Low-complexity, non-critical services to validate the Landing Zone.
  • Core (Wave 2): General business applications with moderate dependencies.
  • Critical (Wave 3): High-compliance, high-IOPS production workloads.

7. The Edge Logic: Incorporating Azure Local

Not all workloads belong in the Public Cloud. A sophisticated VM migration assessment identifies workloads that require local processing or ultra-low latency.

In 2026, Azure Local serves as the primary target for these “Cloud-Out” scenarios. It allows architects to maintain a single management plane (Azure Arc) across both the public cloud and on-premise HCI (Hyper-Converged Infrastructure).

Technical Reference Library

Azure Ecosystem: Migrate & Azure Local

Ideal for environments requiring deep integration with Microsoft Entra ID and SQL Managed Instances. Azure Local provides the hybrid bridge for data-residency-bound VMs.

AWS: Migration Hub

The orchestrator for large-scale enterprise migrations, offering deep integration with the AWS Application Migration Service (MGN).

Google Cloud: Migration Center

A data-centric platform focused on TCO modeling and assessing readiness for Google Kubernetes Engine (GKE).

Architect’s Conclusion

A successful VM migration assessment is the difference between a cloud transformation and a cloud disaster. By automating discovery, strictly enforcing the 7 Rs, and planning for hybrid targets like Azure Local, architects can ensure that the target state is not just “in the cloud,” but “cloud-optimized.”

#CloudMigration #DevOps #SysAdmin #Azure #AWS #GoogleCloud #VMware #DataCenter #InfrastructureAsCode #Terraform

This entry was posted in Architecture, AWS, Azure and tagged , , , , .

PowerShell: Mapping GPOs to their Linked Organizational Units

Posted on Updated on

As an Active Directory environment grows, keeping track of where specific Group Policy Objects (GPOs) are linked becomes a significant challenge. The “Group Policy Management Console” (GPMC) is great for looking at one GPO at a time, but if you need a bird’s-eye view of your entire inheritance structure, you need automation.

This PowerShell script sweeps through all Organizational Units (OUs), identifies the unique GUIDs of linked policies, resolves those GUIDs into human-readable GPO names, and exports the mapping to a CSV file.

The PowerShell Script

Before running, create a folder at C:\temp\GroupPolicyandLinkedOU\. This script requires the Active Directory and Group Policy modules (included with RSAT).

PowerShell
# Initialize the output file with headers
$Header = "GPO_Name;OU_Name;OU_DistinguishedName"
$Path = "C:\temp\GroupPolicyandLinkedOU\out.csv"
if (!(Test-Path "C:\temp\GroupPolicyandLinkedOU\")) { New-Item -ItemType Directory -Path "C:\temp\GroupPolicyandLinkedOU\" }
$Header | Out-File $Path
# Get all OUs with their linked GPO attributes
$policies = Get-ADOrganizationalUnit -Filter * -Properties LinkedGroupPolicyObjects
$policies | ForEach-Object { 
    $OUName = $_.Name
    $OUDN = $_.DistinguishedName
    $LinkedGPOs = $_.LinkedGroupPolicyObjects
    
    foreach($LinkedGPO in $LinkedGPOs) {
        # Extract the GUID from the DistinguishedName string
        # String format is usually: cn={GUID},cn=policies,cn=system,DC=domain...
        $GUID = $LinkedGPO.Split(",")[0].Replace("cn={","").Replace("}","").Replace("CN={","")
        
        try {
            # Resolve the GUID to a friendly Display Name
            $GPO = Get-GPO -Guid $GUID
            $msg = "$($GPO.DisplayName);$OUName;$OUDN"
            
            # Output to console and file
            Write-Host "Mapped: $($GPO.DisplayName) -> $OUName" -ForegroundColor Cyan
            $msg | Out-File $Path -Append
        }
        catch {
            Write-Warning "Could not resolve GPO GUID: $GUID linked at $OUName"
        }
    }
}

How it Works

  • LinkedGroupPolicyObjects Property: The script looks at the raw attribute on the OU object. In Active Directory, links aren’t stored as names; they are stored as the DistinguishedName of the GPO container, which includes the GUID.
  • String Manipulation: The script uses .Split and .Replace to strip away the LDAP syntax, leaving only the raw GUID string.
  • Get-GPO -Guid: This cmdlet takes that raw ID and queries the domain for the actual GPO metadata, allowing us to retrieve the DisplayName.
  • Semicolon Delimited: The output uses ; as a delimiter. When opening the file in Excel, you can easily use “Text to Columns” to separate the data into clean fields.

Why Use This Script?

  1. Inheritance Audits: Quickly see if a legacy GPO is linked to an OU it shouldn’t be.
  2. Troubleshooting: If a user is getting a strange setting, you can search the CSV for their OU and see every policy applied.
  3. Clean-up: Identify “ghost” links—SIDs/GUIDs that remain linked to an OU even though the GPO itself has been deleted.

#PowerShell #ActiveDirectory #GroupPolicy #SysAdmin #WindowsServer #ITAutomation #LazyAdmin #TechTips #ITPro #Infrastructure

This entry was posted in Active Directory, Scripts, Windows and tagged , , , , , , , , , .

PowerShell: Resolve Bulk IP Addresses to Hostnames

Posted on Updated on

When you’re dealing with a large list of IP addresses from a firewall log or a network scan, manually running nslookup is not an option. You need a fast, automated way to perform a reverse DNS lookup to identify the devices on your network.

This script leverages the .NET [System.Net.Dns] class to perform high-speed lookups, converting a simple text file of IPs into a comma-separated list of hostnames.

The PowerShell Script

Save the code below as ResolveIPs.ps1. Create a file named hosts.txt in the same folder and paste your IP addresses (one per line).

PowerShell

PowerShell
# Get list from file, initialize empty array
$ListOfIPs = Get-Content ".\hosts.txt"
$ResultList = @()
# Roll through the list, resolving with the .NET DNS resolver
foreach ($IP in $ListOfIPs) {
    # Suppress errors for IPs that don't resolve
    $ErrorActionPreference = "silentlycontinue"
    $Result = $null
    # Status update for the user
    Write-Host "Resolving $IP..." -ForegroundColor Cyan
    
    # Pass the current IP to .NET for name resolution
    $Result = [System.Net.Dns]::GetHostEntry($IP)
    # Add results to the list
    if ($Result) {
        $ResultList += "$IP," + [string]$Result.HostName
    }
    else {
        $ResultList += "$IP,unresolved"
    }
}
# Export to file and notify completion
$ResultList | Out-File .\resolved.txt
Write-Host "Name resolution complete! Check .\resolved.txt" -ForegroundColor Green

How it Works

  • [System.Net.Dns]::GetHostEntry($IP): This is the heart of the script. It queries your configured DNS servers for a Pointer (PTR) record associated with the IP address.
  • Error Action Silencing: Since it’s common for some IPs (like guest devices or unmanaged switches) to lack DNS records, we use silentlycontinue to prevent the red error text from cluttering your console.
  • Array Building: The script creates a simple “IP,Hostname” format, which can easily be renamed to .csv and opened in Excel for further analysis.

💡 Lazy Admin Tips

  • DNS Suffixes: Ensure your machine has the correct DNS search suffixes configured. If the script only returns short names and you need FQDNs (Fully Qualified Domain Names), check your network adapter settings.
  • Speed: The .NET method used here is generally faster than the standard Resolve-DnsName cmdlet when dealing with large batches of legacy records.
  • Check Your PTRs: If the script returns “unresolved” for IPs you know are active, it’s a sign that your Reverse Lookup Zones in AD DNS might be missing records or need scavenging.

#PowerShell #Networking #DNS #SysAdmin #WindowsServer #Automation #ITPro #LazyAdmin #NetworkSecurity #TechTips

This entry was posted in Scripts, Windows and tagged , , , , , , , , , .

PowerShell: Audit Local Administrators on Remote Servers

Posted on Updated on

One of the most common security risks in a Windows environment is “Privilege Creep”—where users or service accounts are added to the Local Administrators group and never removed. Manually checking every server is impossible, and Group Policy Preferences don’t always show you the “extra” accounts that might have been added manually.

This PowerShell script allows you to sweep your network, query any local group (Administrators, Remote Desktop Users, etc.), and categorize the members into Local vs. Domain accounts in a clean CSV report.

The PowerShell Script

Save this code as Get-LocalGroupMembers.ps1. It uses the [ADSI] (Active Directory Service Interfaces) provider to connect to the local SAM database of remote computers, which is highly compatible across different Windows versions.

PowerShell
[CmdletBinding()]
Param(
	[Parameter(ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)]
	[string[]]$ComputerName = $env:ComputerName,
	[Parameter()]
	[string]$LocalGroupName = "Administrators",
	[Parameter()]
	[string]$OutputDir = "C:\temp\localadmin\"
)
Begin {
	# Ensure directory exists and initialize CSV
	if (!(Test-Path $OutputDir)) { New-Item -ItemType Directory -Path $OutputDir }
	$OutputFile = Join-Path $OutputDir "LocalGroupMembers.csv"
	Add-Content -Path $OutPutFile -Value "ComputerName, LocalGroupName, Status, MemberType, MemberDomain, MemberName"
}
Process {
	ForEach($Computer in $ComputerName) {
		Write-Host "Working on $Computer..." -ForegroundColor Cyan
		If(!(Test-Connection -ComputerName $Computer -Count 1 -Quiet)) {
			Add-Content -Path $OutputFile -Value "$Computer,$LocalGroupName,Offline"
			Continue
		} else {
			try {
				$group = [ADSI]"WinNT://$Computer/$LocalGroupName"
				$members = @($group.Invoke("Members"))
				if(!$members) {
					Add-Content -Path $OutputFile -Value "$Computer,$LocalGroupName,NoMembersFound"
					continue
				}
			}		
			catch {
				Add-Content -Path $OutputFile -Value "$Computer,,FailedToQuery"
				Continue
			}
			foreach($member in $members) {
				try {
					$MemberName = $member.GetType().Invokemember("Name","GetProperty",$null,$member,$null)
					$MemberType = $member.GetType().Invokemember("Class","GetProperty",$null,$member,$null)
					$MemberPath = $member.GetType().Invokemember("ADSPath","GetProperty",$null,$member,$null)
					
					# Determine if member is Local or Domain
					if($MemberPath -match "^Winnt\:\/\/(?<domainName>\S+)\/(?<CompName>\S+)\/") {
						$MemberType = if($MemberType -eq "User") { "LocalUser" } else { "LocalGroup" }
						$MemberDomain = $matches["CompName"]
					} elseif($MemberPath -match "^WinNT\:\/\/(?<domainname>\S+)/") {
						$MemberType = if($MemberType -eq "User") { "DomainUser" } else { "DomainGroup" }
						$MemberDomain = $matches["domainname"]
					} else {
						$MemberType = "Unknown"; $MemberDomain = "Unknown"
					}
				Add-Content -Path $OutPutFile -Value "$Computer, $LocalGroupName, SUCCESS, $MemberType, $MemberDomain, $MemberName"
				} catch {
					Add-Content -Path $OutputFile -Value "$Computer,,FailedQueryMember"
				}
			} 
		}
	}
}

How to Use This Script

Audit All Servers from a List

Create a servers.txt file with your hostnames and run:

PowerShell
.\Get-LocalGroupMembers.ps1 -ComputerName (Get-Content C:\temp\servers.txt) -OutputDir C:\temp\Reports\

Query a Specific Group (e.g., Remote Desktop Users)

PowerShell
.\Get-LocalGroupMembers.ps1 -ComputerName "SRV-PROD-01" -LocalGroupName "Remote Desktop Users"

Key Benefits

  • Member Classification: The script identifies if an account is a LocalUser or a DomainUser, which is vital for identifying accounts that shouldn’t be there.
  • Offline Handling: It pings the computer first to prevent the script from hanging on a dead connection.
  • ADSI Speed: Using [ADSI] (WinNT provider) is often faster than using WMI for specific group queries and doesn’t require WinRM to be enabled like Invoke-Command.

This entry was posted in Active Directory, Scripts, Windows.

VBScript: Batch Audit Service Status Across Multiple Windows Servers

Posted on Updated on

Keeping track of critical services—like SQL, IIS, or Print Spooler—across a large server farm is a common headache for admins. While PowerShell is the modern go-to, many legacy environments and specific automation workflows still rely on the reliability of VBScript and WMI (Windows Management Instrumentation).

This script allows you to pull a full inventory of every service on a list of servers, including their start mode (Automatic/Manual), current state (Running/Stopped), and the Service Account being used.

Prerequisites & Setup

  1. Create the workspace: Create a folder named C:\Temp\ServiceDetails.
  2. The Server List: Create a file named Servers.txt in that folder. List your server names or IP addresses, one per line.
  3. Permissions: You must run this script from an account that has Local Administrator rights on all target servers to query WMI.

The VBScript Solution

Save the code below as ServiceDetails.vbs in your C:\Temp\ServiceDetails folder.

VBScript
' --- START OF SCRIPT ---
ServerList = "C:\Temp\ServiceDetails\Servers.txt"
arrServices = Array("") ' Leave empty to get all services
Dim objFSO : Set objFSO = CreateObject("Scripting.FileSystemObject")
Dim objOut : Set objOut = objFSO.CreateTextFile("C:\Temp\ServiceDetails\ServiceQuery.csv")
arrComputers = Split(objFSO.OpenTextFile(ServerList).ReadAll, vbNewLine) 
' Write CSV Headers
ObjOut.WriteLine "SERVER, SERVICE DISPLAY NAME, SERVICE STARTMODE, SERVICE STATUS, SERVICE ACCOUNT"
For Each strComputer In arrComputers
    If Trim(strComputer) <> "" Then
        strAlive = IsAlive(strComputer)
        objFound = 0
        If strAlive = "Alive" Then
            On Error Resume Next
            Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
            If Err.Number <> 0 Then
                ObjOut.WriteLine strComputer & ", WMI ERROR, N/A, N/A, N/A"
                Err.Clear
            Else
                Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_Service")
                For Each objItem In colItems
                    ObjOut.WriteLine strComputer & "," & objItem.DisplayName & "," & objItem.StartMode & "," & objItem.State & "," & objItem.StartName 
                    objFound = 1
                Next
            End If
        Else
            ObjOut.WriteLine strComputer & "- UnResolved, N/A, N/A, N/A, N/A"      
        End If
    End If
Next
objOut.Close
MsgBox "Service Export Complete!", 64, "LazyAdmin Notification"
' Function to Ping the server before attempting WMI connection
Function IsAlive(strComputer)
    Set WshShell = WScript.CreateObject("WScript.Shell")
    Set objExecObject = WshShell.Exec("%comspec% /c ping -n 1 -w 500 " & strComputer)
    strText = objExecObject.StdOut.ReadAll()
    If Instr(strText, "Reply from") > 0 Then
        IsAlive = "Alive"
    Else
        IsAlive = "Dead"
    End If 
End Function

How it Works

  • WMI (Win32_Service): The script connects to the root\CIMV2 namespace on the remote machine to query the Win32_Service class. This is the same data you see in services.msc.
  • The Ping Check: Before trying to connect (which can be slow if a server is down), the IsAlive function pings the host. This significantly speeds up the script if you have offline servers in your list.
  • CSV Output: All data is appended to a .csv file, making it ready for a pivot table in Excel to find services running under old service accounts or identifying disabled critical services.

#SysAdmin #WindowsServer #VBScript #WMI #ITAutomation #ServerManagement #TechTips #LazyAdmin #Infrastructure #ITAudit

This entry was posted in Active Directory, Scripts, Windows and tagged , , , , , , , , , .

PowerShell Script: Quickly Convert SIDs to Usernames

Posted on Updated on

Have you ever looked at a security log or a orphaned folder permission and seen a string like S-1-5-21-3623811015-3361044348-30300820-1013? Those are SIDs (Security Identifiers). While they are great for the Windows OS, they are nearly impossible for humans to read.

If you have a list of these SIDs from an audit or a log file, you don’t have to look them up one by one. This PowerShell script will take a bulk list of SIDs and “translate” them into readable Usernames (UIDs).

The PowerShell Script

Save this script as SIDtoUID.ps1. It uses the .NET SecurityIdentifier class to perform the translation locally or against your Active Directory domain.

PowerShell
# Create or clear the output file
Out-File UID.txt
# Loop through each SID in the source text file
foreach ($SID in (Get-Content SID.txt))
{
    # Create a SID object
    $objSID = New-Object System.Security.Principal.SecurityIdentifier ($SID)
    
    Try
    {
        # Attempt to translate the SID to an NT Account name
        $objUser = $objSID.Translate( [System.Security.Principal.NTAccount])
        
        # Append the Username to the output file
        $objUser.Value >> UID.txt
        Write-Host "Translated: $SID -> $($objUser.Value)" -ForegroundColor Green
    }
    Catch
    {
        # If translation fails (e.g., deleted account), keep the original SID
        $SID >> UID.txt
        Write-Warning "Failed to translate: $SID"
    }
}

How to Use It

  1. Create your input: Create a file named SID.txt in the same folder as the script. Paste your SIDs there, one per line.
  2. Run the script: Open PowerShell and execute .\SIDtoUID.ps1.
  3. Check your results: A new file named UID.txt will appear, containing the translated usernames in the same order as your original list.

Why do SIDs sometimes fail to translate?

In the Catch block of the script, we tell PowerShell to just output the original SID if it can’t find a match. This usually happens for two reasons:

  • Deleted Accounts: The user or group no longer exists in Active Directory, leaving behind an “orphaned” SID.
  • Connectivity: Your machine cannot reach the Domain Controller to perform the lookup.

#PowerShell #ActiveDirectory #SysAdmin #ITPro #CyberSecurity #WindowsServer #Automation #LazyAdmin #TechTips #ITAudit

This entry was posted in Active Directory, Scripts, Windows and tagged , , , , , , , , .

PowerShell Script: Export User Group Memberships to CSV

Posted on Updated on

Auditing which users belong to which groups is one of the most frequent requests for a System Administrator. Whether it’s for a security audit, a helpdesk ticket, or a “copy permissions” request, digging through the Member Of tab in Active Directory is slow and prone to error.

This PowerShell script simplifies the process by generating a clean, object-based list of memberships that you can easily export to CSV, HTML, or plain text.

The PowerShell Script

Save the following code as Get-UserGroupMembership.ps1. It is designed to handle single users, lists from text files, or entire Organizational Units (OUs) via the pipeline.

PowerShell
Param (
    [Parameter(Mandatory=$true,ValueFromPipeLine=$true)]
    [Alias("ID","Users","Name")]
    [string[]]$User
)
Begin {
    Try { Import-Module ActiveDirectory -ErrorAction Stop }
    Catch { Write-Host "Unable to load Active Directory module. Is RSAT installed?"; Break }
}
Process {
    ForEach ($U in $User) {
        Try {
            $UN = Get-ADUser $U -Properties MemberOf
            $Groups = ForEach ($Group in ($UN.MemberOf)) {
                (Get-ADGroup $Group).Name
            }
            
            # Sort groups alphabetically for a cleaner report
            $Groups = $Groups | Sort
            
            ForEach ($Group in $Groups) {
                New-Object PSObject -Property @[ordered]@{
                    User  = $UN.Name
                    Group = $Group
                }
            }
        }
        Catch {
            Write-Warning "Could not find user: $U"
        }
    }
}

How to Use the Script

1. Single User Lookup

To quickly see the groups for one specific user:

PowerShell

.\Get-UserGroupMembership.ps1 -User "John.Doe"

2. Bulk Export from a Text File

If you have a list of usernames in users.txt, use this command to generate a full CSV report:

PowerShell

Get-Content C:\Temp\users.txt | .\Get-UserGroupMembership.ps1 | Export-CSV C:\Temp\UserMemberships.csv -NoTypeInformation

3. Audit an Entire OU

To see the memberships for every user within a specific department or location:

PowerShell

Get-ADUser -Filter * -SearchBase "OU=Users,DC=yourdomain,DC=local" | .\Get-UserGroupMembership.ps1 | Export-CSV C:\audit_output.csv -NoTypeInformation

Why This Method Beats the GUI

  • Alphabetical Sorting: Groups are presented A-Z, making it much easier to read than the random order in ADUC.
  • Pipeline Support: Because it outputs a PSObject, you can pipe it directly into ConvertTo-HTML for a report or Out-GridView for an interactive window.
  • Automation Ready: You can schedule this script to run weekly to maintain a “snapshot” of your environment’s security posture.

#PowerShell #ActiveDirectory #SysAdmin #WindowsServer #ITAdmin #CyberSecurity #Automation #LazyAdmin #TechTips #ITAudit

This entry was posted in Active Directory, Scripts, Windows and tagged , , , , , , , , .

Batch Script: Query Disk Space Across Multiple Servers using PsInfo

Posted on Updated on

Managing disk space across a sprawling server environment is a constant challenge. While modern monitoring tools exist, sometimes you just need a quick, lightweight way to pull drive statistics from a specific list of servers without setting up complex infrastructure.

This “Lazy Admin” solution uses the classic PsInfo utility from the Microsoft Sysinternals suite to sweep your network and compile disk data into a single CSV.

Prerequisites

Before running the script, ensure you have the following in a single folder:

  1. PsInfo.exe: Download this as part of the PSTools suite from Microsoft.
  2. Servers.txt: A simple text file containing the names or IP addresses of your target servers (one per line).
  3. Admin Rights: You must execute the script with a domain account that has local administrative privileges on the remote servers.

The DiskSpace.cmd Script

Copy the code below and save it as DiskSpace.cmd in your PSTools folder.

@Echo Off
SetLocal EnableDelayedExpansion
:: Delete existing report if it exists
IF EXIST Free_Disk_Space_Servers.csv DEL Free_Disk_Space_Servers.csv
:: Loop through the Servers.txt file
FOR /F "Tokens=*" %%L IN (Servers.txt) DO (
    SET ServerName=%%L
    Echo Processing !ServerName!...
    
    :: Run PsInfo against the remote server and append output to CSV
    :: The -d switch pulls disk volume information
    Psinfo -d /accepteula \\!ServerName! >> Free_Disk_Space_Servers.csv
)
Echo Export Complete: Free_Disk_Space_Servers.csv
Pause

How it Works

  • Psinfo -d: The -d flag tells the utility to display volume information, including drive letters, total size, and free space.
  • SetLocal EnableDelayedExpansion: This allows the script to update the ServerName variable dynamically as it loops through your text file.
  • >> Free_Disk_Space_Servers.csv: This appends the output of every server query into one continuous file.
  • /accepteula: Added to the command to ensure the script doesn’t hang waiting for you to click “Accept” on the Sysinternals license agreement for every server.

💡 Lazy Admin Tip

The output from PsInfo is a bit “chatty” for a standard CSV. Once you open it in Excel, use the Data > Text to Columns feature or simple Find/Replace to clean up the headers. If you need a more modern, native approach, consider using a PowerShell one-liner like: Get-WmiObject Win32_LogicalDisk -ComputerName (Get-Content Servers.txt) | Select-Object SystemName, DeviceID, FreeSpace

#SysAdmin #WindowsServer #Sysinternals #PSTools #BatchScript #ITPro #DiskManagement #LazyAdmin #ServerAudit #TechTips

This entry was posted in Scripts, Windows and tagged , , , , , , , , .

Automating Active Directory: Export All AD Groups and Members to CSV

Posted on Updated on

Auditing Active Directory groups is a fundamental part of identity management. Whether you are performing a quarterly security review or preparing for a domain migration, knowing exactly who is in which group—and what the scope of those groups is—is essential.

This PowerShell script does more than just list group names; it iterates through every group in your domain, identifies the members (skipping disabled users to keep your data clean), and exports everything into a dated CSV file.

The PowerShell Script

Save this script as ADGroupsExport.ps1 in C:\Temp\ExportADgroups. Ensure you are running this from a machine with the RSAT (Remote Server Administration Tools) installed and logged in with a domain account that has read permissions.

PowerShell
# Get year and month for the filename
$DateTime = Get-Date -f "yyyy-MM"
# Set CSV file destination
$CSVFile = "C:\Temp\ExportADgroups\AD_Groups_"+$DateTime+".csv"
if (!(Test-Path "C:\Temp\ExportADgroups")) { New-Item -ItemType Directory -Path "C:\Temp\ExportADgroups" }
$CSVOutput = @()
# Fetch all AD groups
$ADGroups = Get-ADGroup -Filter *
$i = 0
$tot = $ADGroups.count
foreach ($ADGroup in $ADGroups) {
    $i++
    $status = "{0:N0}" -f ($i / $tot * 100)
    Write-Progress -Activity "Exporting AD Groups" -status "Processing Group $i of $tot : $status% Completed" -PercentComplete ($i / $tot * 100)
    $Members = ""
    # Fetch members and filter for enabled objects
    $MembersArr = Get-ADGroup $ADGroup.DistinguishedName -Properties Member | Select-Object -ExpandProperty Member
    if ($MembersArr) {
        foreach ($Member in $MembersArr) {  
            $ADObj = Get-ADObject -Filter "DistinguishedName -eq '$Member'" -Properties Enabled
            
            # Skip disabled users to keep the report relevant
            if ($ADObj.ObjectClass -eq "user" -and $ADObj.Enabled -eq $false) {
                continue
            }
            $Members = $Members + "," + $ADObj.Name  
        } 
        if ($Members) { 
            $Members = $Members.Substring(1) 
        } 
    }
    # Create ordered hash table for clean CSV columns
    $HashTab = [ordered]@{
        "Name"     = $ADGroup.Name
        "Category" = $ADGroup.GroupCategory
        "Scope"    = $ADGroup.GroupScope
        "Members"  = $Members
    }
    $CSVOutput += New-Object PSObject -Property $HashTab
}
# Sort by name and export
$CSVOutput | Sort-Object Name | Export-Csv $CSVFile -NoTypeInformation
Write-Host "Export Complete: $CSVFile" -ForegroundColor Green

Key Features of this Script

  • Progress Bar: Since large domains can take a long time to process, the Write-Progress bar gives you a real-time percentage of the completion.
  • Clean Membership Lists: The script concatenates all members into a single “Members” column, separated by commas, making it easy to read in Excel.
  • Disabled User Filtering: It intelligently checks the Enabled status of user objects. If a user is disabled, they are omitted from the report to focus on active security risks.
  • Scope & Category: Clearly identifies if a group is Security vs. Distribution and Global vs. Universal.

#ActiveDirectory #PowerShell #SysAdmin #ITAutomation #WindowsServer #IdentityManagement #LazyAdmin #TechTips #Reporting #CyberSecurity

This entry was posted in Active Directory, Scripts, Windows and tagged , , , , , , , , .