Tag Archives: script

Mac OS X Mac OS X Server Mac Security Mass Deployment Network Infrastructure

Simple Preflight and Sanity Checking in Scripts

I was recently building some preflight scripts and was looking to record some information about a machine live, before proceeding with a script. I found the cheapest way to determine information about architectures and chipsets when scripting preflight scripts for OS X to be the arch and machine commands respectively. For example, to verify the architecture is i386, use the arch command with no options:


Which simply outputs “i386”:


To check the machine type, simply use the machine command:


Which outputs as follows:


Mac OS X Mac OS X Server

Scripted Country Geolocations Using OS X’s Built-In ip2cc

Recently I was working on a project where we were isolating IP addresses by country. In the process, I found an easy little tool built right into OS X called ip2cc. Using ip2cc, you can lookup what country an IP is in. To do so, simply run ip2cc followed by a name or ip address. For example, to lookup apple.com you might run:

ip2cc apple.com

Or to lookup Much Music, you might run:

ip2cc muchmusic.ca

The output would be:

IP::Country modules (v2.28)
Copyright (c) 2002-13 Nigel Wetters Gourlay
Database updated Wed May 15 15:29:48 2013

Name: muchmusic.com
Country: CA (Canada)

You can just get the country line:

ip2cc apple.com | grep Country:

To just get the country code:

ip2cc apple.com | grep Country: | awk '{ print $2 }'

Finally, ip2cc is located at /usr/bin/ip2cc so we’ll complicate things just a tad by replacing the hostname with the current IP (note that private IPs can’t be looked up, so this would only work if you’re rocking on a wan ip or feeding it what a curl from a service like whatismyip brings back):

ip2cc `ipconfig getifaddr en0` | grep Country: | awk '{ print $2 }'

Mac OS X Mac OS X Server Mac Security Mass Deployment

Account Management Using The jamf Binary

The jamf binary comes with a lot of cool little features that you can use to script things quickly, because JAMF has already built things to help you. We’ll look at two really quick. The first is the deleteAccount verb which, surprisingly, deletes accounts. With that verb, you’ll use the -username operator to define a given user that you’d like to remove. That username is defined as the short name (or what dscl shows) of a given user. For example, if I wanted to remove the user rorygilmore, I’d run the following command:

/usr/sbin/jamf deleteAccount -username rorygilmore

You can then provide a popup on the screen that you completed that action:

/usr/sbin/jamf displayMessage -message “rorygilmore has been deleted"

You can then add a new user, using the createAccount verb. To do so, run the jamf binary using the createAccount verb. This verb provides for a number of options, including a short name (-username), a full name (-realname), a password (-password), a home directory (-home) and a default shell (-shell). If you want the user to be an admin of the system you can also add an -admin option. Below, we’ll string it all together:

/usr/sbin/jamf createAccount -username lorelaigilmore -realname "Lorelai Gilmore" -password lukedanes -home /Users/lorelai -shell bash -admin


When I do this stuff I like to run a quick recon again:

/usr/sbin/jamf recon

If you have any questions, you can use the help verb to see what all this thing can do:

/usr/sbin/jamf help

And if you need more information on a given verb, run the help verb followed by the one you need more information on:

/usr/sbin/jamf help policy



Bring Out Yer Apps with Autopkg! (Maybe with a little help)

(Guest post by Allister Banks)

Working with modern tools in the ‘auto'(dmg/pkg) suite, it sure reinforces the old chestnut, ‘it’s turtles XML all the way down.’ The thing that struck me when first diving into using autopkg was that different product recipes could potentially have a good amount of similarities when they share common processors. One example is drag-drop apps that can be discovered with an ‘appcast’ URL, which, in my recollection, became common as the Sparkle framework gained popularity.

This commonality is exactly the type of thing sysadmins like myself seek to automate, so I built a few helper scripts to 1. discover what apps have appcast URLs, 2. generate the base download recipe, and further, the 3. pkg-building recipe that can use the download recipe as a ‘parent’, and the 4. munki or JSS recipes which can nest the pkg recipe in it. Recursivity is the new black.


Please do take a look if you feel you’ve got apps that folks haven’t built recipes for yet, and laugh at/use/fork my code as you see fit!

Active Directory Windows Server

Import And Export Active Directory Objects In Server 2012

The LDIFDE utility exports and imports objects from and to Active Directory using the ldif format, which is kinda’ like csv when it gets really drunk and can’t stay on one line. Luckily, ldif can’t drive. Actually, each attribute/field is on a line (which allows for arrays) and an empty line starts the next record. Which can make for a pretty messy looking file the first time you look at one. The csvde command can be used to export data into the csv format instead. In it’s simplest form the ldifde command can be used to export AD objects just using a -f option to specify the location (the working directory that we’re running the ldifde command from if using powershell to do so or remove .\ if using a standard command prompt):

ldifde -f .\ADExport.ldf

This exports all attributes of all objects, which overlap with many in a target Active Directory and so can’t be imported. Therefore, you have to limit the scope of what you’re exporting, which you can do in a few ways. The first is to only export a given OU. To limit, you’ll define a dn with a -d flag followed by the actual dn of the OU you’re exporting and then you’d add a -p for subtree. In the following example we’ll export all of the objects from the sales OU to the SalesOUExport.ldf file:

ldifde -d "OU=sales,DC=krypted,DC=local" -p subtree -f .\SalesOUExport.ldf

Restoring objects still results in an error that the server is “Unwilling To Perform” the import because “The modification was not permitted for security reasons.” Basically, this just means “hey I’m not going to import into some of the fields that I know I have to reserve for objects managed by the system, such as creation date (whencreated), last changed date (whenchanged), etc. So we can take some of these and omit them from our export. You can use ADMT or just look at an ldif or csv file to determine which attributes from the schema that you think need to be omitted, but at a minimum it should include objectguid, uSNCreated, uSNChanged, whencreated and when changed (and a lot of the Exchange attributes if you’ve extended the schema for your forest). To omit use the -o and enclose the omitted attributes in parenthesis. In the following example, we’ll export to the SalesOUExportO.ldf file, and add the -o flag to the previous command:

ldifde -d "OU=sales,DC=krypted,DC=local" -p subtree -o "objectguid,uSNCreated,uSNChanged,whencreated,whenchanged" -f .\SalesOUExportO.ldf

You can also omit using the -m flag, which includes only the essential attributes, so we’ll add that to the command as well:

ldifde -d "OU=sales,DC=krypted,DC=local" -p subtree -o "objectguid,uSNCreated,uSNChanged,whencreated,whenchanged" -m -f .\SalesOUExportO.ldf

Use the -l option to limit the attributes being exported to only those specified.

The -r option restricts the export to a given category or class. For example, if we only wanted to export users, we can restrict to objectClass-User

ldifde -d "OU=sales,DC=krypted,DC=local" -p subtree -r "(objectClass=user)" -o "objectguid,uSNCreated,uSNChanged,whencreated,whenchanged" -m -f .\SalesOUExportOM.ldf

Now I’m feeling like we have a good restricted set of data that we’re moving. Let’s go ahead and give importing a shot on a target server. To do so, we’ll just use -i to specify this is an import, followed by -k to say “don’t stop if you have a problem with just one record”, -f to define a file and -j to write a log. We’ll use the working directory for the file path and the log path, assuming this is being done by calling the .exe from within powershell:

ldifde -i -k -f .\SalesOUExportOM.ldf -j .\

Once complete, the exported objects should appear once you close and re-open Active Directory Users and Computers. You can also export one object, then programmatically create objects in an ldif file as needed by importing them into Active Directoryusing ldifde.

Microsoft Exchange Server Network Infrastructure Windows Server

Delete Messages From Exchange Using PowerShell

Before I type anything else, allow me to state that running a search and deleting things with a script from a users (or a loop of all users) is a very dangerous process. However, I’ve often noticed that an outbreak of bad things can cause us to do some pretty awesome things. So, you can use the get-Mailbox cmdlet to pipe a mailbox into the search-mailbox cmdlet and from there use the -SearchQuery option to search for an attachment, following the attachment option with a filename and then delete it using the -DeleteContent option. The example would be as follows:

Get-Mailbox -Identity “cedge” | Search-Mailbox -SearchQuery attachment:ichatsmileys.pkg.zip -DeleteContent

You can also filter search queries based on To, From, CC, Subject, Sent date and of course, policy data. You can also use the -TargetMailbox and -TargetFolder options to move messages into a quarantine mailbox/space.

Mac OS X Mac OS X Server Mac Security

systemstats in OS X

Ever wonder what your computer is up to? Ever wanted to know how much time the computer was awake for, how much battery was left, the exact percentage of use each core was taking up, how much CPU CrashPlan is using, etc?

Well, lucky you, there’s systemstats. You just run it:


And it tells you all kinds of juicy stuff.

System Version: 13A598
Total Time: 195:13:01

Time on A/C: 165:42:24
Time on Battery: 29:30:35
Wake Time: 181:18:08
User Active: 46:46:18
User Idle: 134:31:49
Dark Wake Time: 00:01:15
Sleep Time: 13:53:37
Standby Time: 00:19:57

Time on Battery: 29:30:35 -10.2 %/hr -21576 mAh -7112 mW
Wake: 15:58:13 -20.8 %/hr -23766 mAh -12158 mW
User Active: 14:08:59 -21.3 %/hr -21389 mAh -12335 mW
User Idle: 01:49:14 -18.3 %/hr -2377 mAh -10485 mW
Dark Wake: 00:00:25 0.0 %/hr 0 mAh 0 mW
Sleep: 13:31:56 2.3 %/hr 2190 mAh -547 mW
Standby: 00:19:53 3.4 %/hr 80 mAh 0 mW

CPU Summary
Avg. Frequency: 2.296 GHz
Interrupt Rate: 5915 Hz
C-State Res: 10.4% C2 6% C3 0% C6 0% C7 4% C8 0% C9 0% C10 0%
A/C: 10.4%
User Active: 10.2%
User Idle: 10.5%
Battery: 10.6%
User Active: 9.4%
User Idle: 20.0%

I/O Summary
Disk Reads: 29010238
Disk Writes: 8644168
Bytes Read: 1114.0 GB ( 1.7 MB/s)
Bytes Written: 837617.1 MB ( 1.3 MB/s)

Packets Sent: 11713682
Packets Received: 10172390
Bytes Sent: 3723.3 MB ( 5.8 KB/s)
Bytes Received: 5930.3 MB ( 9.3 KB/s)

Top I/O Activity
Time: 2013-12-01 22:33:22 to 2013-12-01 22:43:33 (00:10:10)
Disk Reads: 172740
Disk Writes: 157121
Bytes Read: 13887.9 MB ( 22.8 MB/s)
Bytes Written: 13577.9 MB ( 22.3 MB/s)

Packets Sent: 3140
Packets Received: 3043
Bytes Sent: 417.2 KB ( 0.7 KB/s)
Bytes Received: 934.7 KB ( 1.5 KB/s)

Time: 2013-12-01 18:54:30 to 2013-12-01 19:04:30 (00:10:00)
Disk Reads: 84194
Disk Writes: 72153
Bytes Read: 6770.4 MB ( 11.3 MB/s)
Bytes Written: 6480.2 MB ( 10.8 MB/s)

Packets Sent: 4093
Packets Received: 3566
Bytes Sent: 523.2 KB ( 0.9 KB/s)
Bytes Received: 886.2 KB ( 1.5 KB/s)

Time: 2013-11-28 19:44:23 to 2013-11-28 23:30:44 (03:46:21)
Disk Reads: 123879
Disk Writes: 56082
Bytes Read: 5711.6 MB ( 9.8 MB/s)
Bytes Written: 5089.0 MB ( 8.7 MB/s)

Packets Sent: 11964
Packets Received: 12613
Bytes Sent: 1.3 MB ( 2.4 KB/s)
Bytes Received: 8.0 MB ( 14.0 KB/s)

Top Fan Activity
Time: 2013-11-30 20:13:54 to 2013-11-30 20:54:02 (00:40:08)
Total samples: 41
High samples: 41
Very high samples: 0
Process Intrpts.: 984413
CPU Time: 00:51:31 (128.4%)
00:20:26 (50.9%) 29802 com.crashplan.engine
00:19:18 (48.1%) 566137 com.apple.WebKit.WebContent
00:03:46 (9.4%) 61786 com.apple.WindowServer
00:01:24 (3.5%) 392 com.apple.blued
00:01:06 (2.7%) 4202 com.apple.Safari

Time: 2013-11-26 11:32:06 to 2013-11-26 12:09:16 (00:37:10)
Total samples: 37
High samples: 37
Very high samples: 0
Process Intrpts.: 2629811
CPU Time: 01:51:05 (298.9%)
01:03:04 (169.7%) 1696708 com.google.GoogleTalkPluginD
00:20:56 (56.4%) 51668 com.crashplan.engine
00:10:33 (28.4%) 142432 com.apple.WindowServer
00:04:33 (12.3%) 194380 com.apple.WebKit.WebContent
00:01:56 (5.2%) 207486 com.apple.audio.coreaudiod

Time: 2013-11-29 22:23:26 to 2013-11-29 22:47:26 (00:24:00)
Total samples: 24
High samples: 24
Very high samples: 0
Process Intrpts.: 676512
CPU Time: 00:24:28 (102.0%)
00:12:23 (51.6%) 17603 com.crashplan.engine
00:04:36 (19.2%) 316533 com.apple.WebKit.WebContent
00:01:28 (6.1%) 45086 com.apple.WindowServer
00:01:12 (5.0%) 88281 PluginProcess
00:00:49 (3.5%) 4453 com.apple.Safari

Memory Summary
Swap Dev is SSD: Yes
Total: 8192.0 MB
Free: 22.0 MB
Wired: 996.4 MB
Compressor: 1156.7 MB
Compressed: 4734.5 MB
Internal: 4605.2 MB
External: 630.3 MB
Purgeable: 102.5 MB

IOAccelResident: 222.2 MB
IOAccelWired: 29.9 MB
IOAccelDirty: 215.0 MB
IOAccelCached: 0.0 KB
IOAccelPurgeable: 20.7 MB

Faults: 33729152413
Purges: 47945857 ( 294.2 KB/s)
Zero-fills: 1642607459 ( 9.8 MB/s)
Reactivations: 300385037 ( 1.8 MB/s)
Page-ins: 3348672 ( 20.5 KB/s)
Page-outs: 625293 ( 3.8 KB/s)
Decompressions: 216406239 ( 1.3 MB/s)
Compressions: 226784564 ( 1.4 MB/s)
Swap-ins: 24865424 ( 152.6 KB/s)
Swap-outs: 25968750 ( 159.3 KB/s)

Top Memory Activity
Time: 2013-11-30 11:20:01 to 2013-11-30 11:30:06 (00:10:05)
Free: 8.6 MB
Wired: 1106.0 MB
Compressor: 2800.5 MB
Compressed: 12724.1 MB
Internal: 3824.1 MB
External: 322.8 MB
Purgeable: 188.4 MB

IOAccelResident: 133.7 MB
IOAccelWired: 31.6 MB
IOAccelDirty: 133.2 MB
IOAccelCached: 0.0 KB
IOAccelPurgeable: 53.1 MB

Faults: 65814909
Purges: 12056 ( 79.7 KB/s)
Zero-fills: 69663 ( 460.6 KB/s)
Reactivations: 265442 ( 1.7 MB/s)
Page-ins: 839 ( 5.5 KB/s)
Page-outs: 92 ( 0.6 KB/s)
Decompressions: 818629 ( 5.3 MB/s)
Compressions: 764666 ( 4.9 MB/s)
Swap-ins: 2305 ( 15.2 KB/s)
Swap-outs: 0 ( 0.0 KB/s)
Resident: 2786.5 MB com.apple.WebKit.WebContent
Resident: 44.0 MB com.twitter.twitter-mac
Resident: 32.9 MB com.apple.AddressBook.SourceSync
Resident: 19.9 MB com.apple.WindowServer
Resident: 18.7 MB PluginProcess
Resident: 18.3 MB com.apple.iTunes
Resident: 17.1 MB com.apple.iCal
Resident: 15.8 MB com.getdropbox.dropbox
Resident: 15.1 MB com.apple.Preview
Resident: 14.3 MB com.apple.installer

Time: 2013-11-29 14:36:08 to 2013-11-29 14:46:08 (00:10:00)
Free: 9.3 MB
Wired: 1083.1 MB
Compressor: 846.8 MB
Compressed: 8802.5 MB
Internal: 5753.3 MB
External: 369.4 MB
Purgeable: 187.7 MB

IOAccelResident: 109.1 MB
IOAccelWired: 29.1 MB
IOAccelDirty: 106.5 MB
IOAccelCached: 0.0 KB
IOAccelPurgeable: 37.4 MB

Faults: 65284735
Purges: 7618 ( 50.8 KB/s)
Zero-fills: 811805 ( 5.3 MB/s)
Reactivations: 554636 ( 3.6 MB/s)
Page-ins: 2844 ( 19.0 KB/s)
Page-outs: 385 ( 2.6 KB/s)
Decompressions: 371537 ( 2.4 MB/s)
Compressions: 643820 ( 4.2 MB/s)
Swap-ins: 84120 ( 560.8 KB/s)
Swap-outs: 0 ( 0.0 KB/s)
Resident: 4105.4 MB com.apple.WebKit.WebContent
Resident: 101.7 MB com.apple.iTunes
Resident: 52.2 MB com.apple.blued
Resident: 50.4 MB com.apple.Finder
Resident: 44.8 MB com.companyline.hall.desktop
Resident: 42.4 MB com.apple.Safari
Resident: 36.3 MB com.apple.WindowServer
Resident: 32.9 MB com.microsoft.rdc
Resident: 30.3 MB com.apple.UserEventAgent-System
Resident: 25.9 MB PluginProcess

Time: 2013-11-30 17:00:00 to 2013-11-30 17:10:05 (00:10:05)
Free: 9.9 MB
Wired: 1106.7 MB
Compressor: 1511.3 MB
Compressed: 12493.7 MB
Internal: 5103.0 MB
External: 330.8 MB
Purgeable: 155.9 MB

IOAccelResident: 60.6 MB
IOAccelWired: 18.5 MB
IOAccelDirty: 60.6 MB
IOAccelCached: 0.0 KB
IOAccelPurgeable: 20.7 MB

Faults: 65878278
Purges: 4766 ( 31.5 KB/s)
Zero-fills: 87085 ( 575.8 KB/s)
Reactivations: 225172 ( 1.5 MB/s)
Page-ins: 1243 ( 8.2 KB/s)
Page-outs: 50 ( 0.3 KB/s)
Decompressions: 616041 ( 4.0 MB/s)
Compressions: 611348 ( 3.9 MB/s)
Swap-ins: 16157 ( 106.8 KB/s)
Swap-outs: 0 ( 0.0 KB/s)
Resident: 3943.2 MB com.apple.WebKit.WebContent
Resident: 47.1 MB com.companyline.hall.desktop
Resident: 41.3 MB com.apple.blued
Resident: 38.9 MB com.knock.mac
Resident: 36.6 MB com.apple.mail
Resident: 33.0 MB com.apple.AddressBook.SourceSync
Resident: 31.2 MB com.apple.UserEventAgent-Aqua
Resident: 29.2 MB com.apple.Safari
Resident: 28.1 MB com.apple.UserEventAgent-System
Resident: 19.0 MB PluginProcess

Top Battery Usage
Time: 2013-11-30 22:13:28 to 2013-11-30 22:24:28 (00:11:00)
Power: -17602 mW (-33.2 %/hr)
Avg. Frequency: 2.268 GHz
Interrupt Rate: 14517 Hz
C-State Res: 0.0% C2 0% C3 0% C6 0% C7 0% C10 0%
Display Brightness: 63.0%
Process Intrpts.: 350900
CPU Time: 00:13:16 (120.7%)
00:05:24 (49.2%) 8138 com.crashplan.engine
00:02:46 (25.2%) 139408 com.apple.WebKit.WebContent
00:01:06 (10.1%) 16276 com.apple.WindowServer
00:01:03 (9.6%) 2471 com.apple.Safari
00:00:44 (6.8%) 21194 PluginProcess

Time: 2013-11-30 20:23:42 to 2013-11-30 20:34:42 (00:11:00)
Power: -17425 mW (-30.9 %/hr)
Avg. Frequency: 2.268 GHz
Interrupt Rate: 10763 Hz
C-State Res: 0.0% C2 0% C3 0% C6 0% C7 0% C10 0%
Display Brightness: 63.0%
Process Intrpts.: 268964
CPU Time: 00:14:40 (133.5%)
00:05:53 (53.6%) 156021 com.apple.WebKit.WebContent
00:05:35 (50.8%) 8153 com.crashplan.engine
00:01:08 (10.4%) 18777 com.apple.WindowServer
00:00:22 (3.5%) 109 com.apple.blued
00:00:19 (2.9%) 1094 com.apple.Safari

Time: 2013-11-30 20:12:42 to 2013-11-30 20:23:42 (00:11:00)
Power: -17185 mW (-30.1 %/hr)
Avg. Frequency: 2.268 GHz
Interrupt Rate: 11389 Hz
C-State Res: 0.0% C2 0% C3 0% C6 0% C7 0% C10 0%
Display Brightness: 63.0%
Process Intrpts.: 265886
CPU Time: 00:13:11 (120.0%)
00:05:39 (51.4%) 8116 com.crashplan.engine
00:04:14 (38.5%) 151136 com.apple.WebKit.WebContent
00:01:07 (10.3%) 18607 com.apple.WindowServer
00:00:23 (3.5%) 109 com.apple.blued
00:00:15 (2.4%) 901 com.apple.Safari

Top CPU Activity
Time: 2013-12-01 22:43:33 to 2013-12-01 22:52:55 (00:09:22)
Avg. Frequency: 2.267 GHz
Interrupt Rate: 11241 Hz
C-State Res: 0.0% C2 0% C3 0% C6 0% C7 0% C10 0%
Process Intrpts.: 198556
CPU Time: 00:06:17 (67.1%)
00:05:05 (54.3%) 6391 com.crashplan.engine
00:00:43 (7.6%) 119102 com.apple.WebKit.WebContent
00:00:04 (0.7%) 3319 com.knock.mac
00:00:03 (0.6%) 39 com.apple.blued
00:00:02 (0.5%) 827 com.apple.WindowServer

Time: 2013-12-01 22:40:29 to 2013-12-01 22:43:33 (00:03:03)
Avg. Frequency: 2.267 GHz
Interrupt Rate: 20376 Hz
C-State Res: 0.0% C2 0% C3 0% C6 0% C7 0% C10 0%
Process Intrpts.: 68684
CPU Time: 00:02:59 (98.0%)
00:01:27 (47.8%) 2328 com.crashplan.engine
00:01:09 (38.2%) 39619 com.apple.WebKit.WebContent
00:00:02 (1.6%) 301 com.apple.mail
00:00:02 (1.5%) 2817 com.apple.WindowServer
00:00:02 (1.5%) 657 com.apple.blued

Time: 2013-12-01 22:33:22 to 2013-12-01 22:40:29 (00:07:06)
Interrupt Rate: 20376 Hz
C-State Res: 0.0% C2 0% C3 0% C6 0% C7 0% C10 0%
Process Intrpts.: 161174
CPU Time: 00:07:07 (100.1%)
00:03:23 (47.8%) 5414 com.crashplan.engine
00:02:42 (38.1%) 92153 com.apple.WebKit.WebContent
00:00:06 (1.6%) 700 com.apple.mail
00:00:06 (1.5%) 6552 com.apple.WindowServer
00:00:06 (1.5%) 1528 com.apple.blued

Connected Devices
Display Brightness: 19.7%
Wi-Fi on: 191:08:52 (98% of total)
Discrete GPU on: 00:00:00 (0% of total)
Bluetooth on: 195:12:57 (100% of total)

USB Devices
– iPhone
– iPad
– FuelBand

Mac OS X

Repair Permissions From The Command Line

I’ve long been a supporter of building tools in self service portals such as those provided by JAMF and Munki to provide users who don’t have administrative permissions to perform tasks that wouldn’t typically otherwise be destructive. One such example is a simple repair permissions. An administrator can simply open Disk Utility, select their disk and then click Repair Disk Permissions

Screen Shot 2013-10-24 at 7.11.31 PMBut if you want to do this as a user who doesn’t have administrative privileges you would need to elevate your privileges before doing so. In a larger environment this would be incredibly annoying for dozens, hundreds, thousands or even tens of thousands of users to bring their computer to an administrator just to type in a password. But, if you have a patch management solution that has some kind of a self service portal, users could do this themselves. Typically, you would create a very small payload free package. This package might just contain a single script that might even be as short as a one-liner. For example, the following command would actually run a repairPermissions.

diskutil repairPermissions /

You could also send some environmental variables from your patch management tool for the boot volume, but in this simple instance we’re just going to run it, with the following type of output:

Started verify/repair permissions on disk0s2 Macintosh HD
Permissions differ on "Library/Application Support"; should be drwxr-xr-x ; they are drwxrwxr-x
Repaired "Library/Application Support"
Group differs on "Library/Printers/InstalledPrinters.plist"; should be 80; group is 0
Permissions differ on "Library/Printers/InstalledPrinters.plist"; should be -rw-rw-rw- ; they are -rw-r--r--
Repaired "Library/Printers/InstalledPrinters.plist"
[ \ 0%..10%..20%..30%..40%..50%..60%..70%................ ] 74% 0:00:34
Finished verify/repair permissions on disk0s2 Macintosh HD

You could get much more complicated, writing the output to syslog or even a syslog server. You can also have metapackages that just do a bunch of tasks and call them things like “Try to fix my computer.” Provided you have a patch management tool, you could also just scope some devices and push some of these things out en masse; however, for the most part, I’m a fan of self service, so that’s the example I’m using this for.

Active Directory Windows Server

Obtain UPN from PowerShell

A UserPrincipalName (or UPN) is an attribute that contains an Internet-style login name for a user based on the Internet standard RFC 822. The UPN is used for a lot of different tasks, notably for Kerberos/Single Sign-On. As such, there are a lot of scripts that can now key off of a UPN.

You can use the Get-ADUser cmdlet to query accounts for the UserPrincipalName attribute. To do so, we’re going to -Filter our results to display everyone (although we could include a username to only get one user) and then define the Search Base (using -SearchBase) to refine where in the query that the search will begin. Use the –Properties parameter followed by the userPrincipalName attribute (or whatever attribute you might be curious to query from). I specify the SearchBase of the organizational unit (OU), and I use the * filter. This is shown here:

Get-ADUser -Filter * -SearchBase 'ou=Users,dc=krypted,dc=com' -Properties userPrincipalName

Overall, we’re specifically looking at userPrincipalName, but we could just as well be looking for other attributes, such as primaryGroupID, proxyAddress, pwdLastSet, sn (although we’re likely feeding sn to the command by swapping it out with the *), streetAddress, sAMAccountName, etc.

Active Directory Windows Server

Rename a Windows 2012 Server Using PowerShell

When you are creating a bunch of Server 2012 Virtual Machines (or physical machines for that matter) it is helpful to programmatically change their names. To do so, use the Rename-Computer PowerShell cmdlet followed by the name you want the computer to have, as follows (assuming a name of 2012.krypted.com):

Rename-Computer 2012.krypted.com

Before you do anything else (e.g. bind to AD) you should then reboot the host, using the Restart-Computer cmdlet: