GPG Command Line Examples

Here are some GPG examples for creating symmetric and asymmetric encrypted messages. The code used below is written for PowerShell.

Download keys from a key server

gpg --keyserver --search-keys
gpg --keyserver --recv-keys 88488596

Import private key

gpg --import ./private.asc

Put the contents of a file into a variable to be encrypted

$a = gc /etc/passwd

Symmetric encryption of the variable contents

$a | gpg --symmetric --armor
# Decrypt the message
$a | gpg --decrypt

Symmetric encryption of the variable contents with the passphrase provided

$a | gpg --symmetric --armor --passphrase password
# Decrypt the message with the passphrase provided
$a | gpg --decrypt --passphrase password

Encrypt the variable contents for a recipient

$a | gpg -e -r --armor

Decrypt the message sent to recipient

$b | gpg -d

AD Forest DCDiag and RepAdmin Report

Two earlier posts, EASY TO READ DCDIAG REPORT and EASY TO READ REPADMIN RESULTS, included scripts for displaying the high level results of DCDiag and RepAdmin. I had since combined the two and made some tweaks, but it never really seemed right.

I’ve finally gotten around to making it presentable and more functional. It now displays all of the DCDiag tests and their results in two separate tables rather than just a few of the tests that I’d selected. It also accurately displays the server name for each set of tests. The previous versions would only create reports for a single domain, but now, since I work in a multi domain forest these days, it will grab the DCs in all domains in the forest.

The RepAdmin results are now broken up by domain controller and sorted by context. This makes it a little easier to read and track issues.


# Functions 
Function Get-ForestDomainControllers
    foreach ($domain in (Get-ADForest).domains )
        $Results+=(Get-ADdomain $domain).ReplicaDirectoryServers
    Return $Results

Function Get-DCDiagReport($DC)
    "Testing $DC"
    $DCDIAG = dcdiag /s:$DC /v #/test:Intersite /test:topology
    $DCDiagResults = New-Object System.Object
    $DCDiagResults | Add-Member -name Server -Value $DC -Type NoteProperty -Force
    Foreach ($Entry in $DCDIAG) 
        Switch -Regex ($Entry) 
            "Starting" {$Testname = ($Entry -replace ".*Starting test: ").Trim()}
            "passed|failed" {If ($Entry -match "passed") {$TestStatus = "Passed"} Else {$TestStatus = "failed"}}
        If ($TestName -ne $null -and $TestStatus -ne $null) 
            $DCDiagResults | Add-Member -Type NoteProperty -name $($TestName.Trim()) -Value $TestStatus -Force
    Return $DCDiagResults

Function Get-ReplReport 
    "Starting Repadmin Tests"

    $Repl = repadmin /showrepl * /csv
    $ReplResults = $Repl | ConvertFrom-Csv 

    $ReplReport = @()

    Foreach ($result in $ReplResults) 
        $ReplReport += New-object PSObject -Property @{
            "DestSite" = $Result.'Destination DSA Site'
            "Dest" = $Result.'Destination DSA'
            "NamingContext" = $Result.'Naming Context'
            "SourceSite" = $Result.'Source DSA Site'
            "Source" = $Result.'Source DSA'
            "Transport" = $Result.'Transport Type'
            "NumberFailures" = $Result.'Number of Failures'
            "LastFailureTime" = $Result.'Last Failure Time'
            "LastSuccessTime" = $Result.'Last Success Time'
            "LastFailureStatus" = $Result.'Last Failure Status'
    Return $ReplReport

# Gather Data 

Import-Module activedirectory

"Collecting Forest Domain Controllers"

"Starting DCDiag Tests"
foreach ($DC in $DCs | sort)
    $DCDiagRpt+=Get-DCDiagReport $DC.ToUpper()

# Display Results

"Starting Repadmin Tests"

"DCDiag Test Results (Page 1 of 2)"
$DCDiagRpt | ft Server,Connectivity,Advertising,DFSREvent,SysVolCheck,KccEvent,NCSecDesc,Replications,RidManager,Services,Intersite,LocatorCheck -AutoSize
"DCDiag Test Results (Page 2 of 2)"
$DCDiagRpt | ft Server,FrsEvent,KnowsOfRoleHolders,MachineAccount,NetLogons,ObjectsReplicated,SystemLog,VerifyReferences,CheckSDRefDom,CrossRefValidation -AutoSize

"Replication Test Results"
$Servers = $ReplRrt | select -ExpandProperty Source -Unique 

foreach ($Server in ($Servers | Sort))
    $ReplRrt | ? {$_.Source -eq $Server} | select "NamingContext","Dest","SourceSite","DestSite","NumberFailures","LastFailureTime","LastFailureStatus","LastSuccessTime","Transport" | sort NamingContext,Dest | ft -AutoSize

Repartition a USB Thumbdrive

Disk manager won’t let you do it. Here’s how you make it happen in Windows without a 3rd party application.

1 – Open an elevated command prompt.
2 – Run diskpart
3 – list disk

Find the disk number from the list of disks, make sure you have the right on!

DISKPART> list disk
Disk ### Status Size Free Dyn Gpt
——– ————- ——- ——- — —
Disk 0 Online 238 GB 0 B *
Disk 1 Online 7728 MB 7239 MB

4 – list partition (There should only be a 0 and 1 partition number)
5 – select partition 0
6 – delete partition
7 – select partition 1
8 – delete partition
9 – create partition primary
10 – exit

Now you can use Disk Manager to format and name the volume

Shrink LVM Volume – Ubuntu

Boot from an Ubuntu LiveCD

Locate the volume group that you wish to shrink
ubuntu@ubuntu:~$ sudo lvmdiskscan

ubuntu@ubuntu:/dev$ sudo lvmdiskscan
/dev/ram0 [ 64.00 MiB]
/dev/loop0 [ 1.41 GiB]
/dev/ubuntu-vg/root [ 460.32 GiB]

Issue the following command to shrink the file system and the volume
ubuntu@ubuntu:~$ sudo lvreduce –resizefs –size -230G /dev/ubuntu-vg/root


FIM/MIM MA Pending Export Report

This will show what export operations are pending on all of your management agents. It was adapted from a script I found in the FIM Script Box that would show the pending exports for a single MA. Instead, this script queries the Sync Service for all of the management agents and displays the pending exports for all of them.

$MAs = $(Get-WmiObject -class "MIIS_ManagementAgent" -namespace "root\MicrosoftIdentityIntegrationServer"` -computername "." ).name

foreach ($MA in $MAs)
    $MA = @(get-wmiobject -class "MIIS_ManagementAgent" -namespace "root\MicrosoftIdentityIntegrationServer"`
                          -computername "." -filter "Name='$ma'") 
    if($MA.count -eq 0) {throw "MA not found"}

    $Rpt+=New-Object PSObject -Property @{
$Rpt | Sort name | ft Name,Add,Update,Delete -AutoSize

SQL Cheat Sheet

A place to save the SQL queries that I constantly have to Google.

SELECT Statements

  FROM [dbo].[table]
  WHERE (column = 'value1') AND (Column = 'value2')

  FROM [dbo].[table]

SELECT column1, COUNT(column2) 
  FROM [dbo].[table]
  GROUP BY email
  HAVING ( COUNT(email) > 1 )

 DECLARE @Temp TABLE (NAME varchar(20))
  SELECT accountName --, COUNT(AccountName) AS Count
  FROM [StagingDirectory].[dbo].[Identities]
  GROUP BY accountName
  HAVING ( COUNT(accountName) > 1 )

  SELECT [accountName]
  FROM @Temp Temp
  JOIN Identities
  ORDER BY accountName

UPDATE Statements

UPDATE [dbo].[table]
  SET column='value'
  WHERE column='value';

UPDATE [dbo].[table] 
  SET Column = REPLACE(Column,'xx','XX')

INSERT Statements

INSERT INTO [dbo].[table] (column1,column2,column3)
  VALUES ('value1','value2','value3');

DELETE Statements

DELETE FROM [dbo].[table] 
  WHERE column = 'value'

MERGE Statements

ON (T.EmployeeID = S.EmployeeID) 
    THEN INSERT(EmployeeID, EmployeeName) VALUES(S.EmployeeID, S.EmployeeName)
    THEN UPDATE SET T.EmployeeName = S.EmployeeName
OUTPUT $action, inserted.*, deleted.*;

PowerShell to Remove Password Not Required Flag in AD

We had a couple thousand users in our test AD that had the Password Not Required flag set without a password. This was causing an error when Microsoft Identity Management tried to set the password for these user objects.

We used the following script to remove the flag and set a password.

$Users = Get-ADUser -searchscope subtree -ldapfilter "(&(objectCategory=User)(userAccountControl:1.2.840.113556.1.4.803:=32))" 
$newPassword = (Read-Host -Prompt "Provide New Password" -AsSecureString)

foreach ($user in $Users)
    Set-ADAccountPassword -Identity $User.samaccountname -NewPassword $newPassword -Reset
    Set-ADAccountControl $User.samaccountname -PasswordNotRequired $false

MIM 2016 Metaverse Cleanup by Deleting CS

Cleaning up poorly constructed joins in Microsoft Identity Manager by cleaning out the FIMMA and ADMA connector spaces with the following steps:

1 – Disable “Synchronization Rule Provisioning” in the Synchronization Management tool
2 – Disable the Metaverse object deletion rule
3 – Delete the ADMA connector space
4 – Delete the FIMMA connector space
5 – Perform a Delta synchronize on each management agent to process disconnectors clean those objects from the the metaverse
6 – Run a Full Import on the ADMA and FIMMA
7 – Run a Full synchronization on FIMMA first to project objects into the metaverse
8 – RUn a Full synchronization on the ADMA so that the objects in the ADMA CS join objects in the MV
9 – Re-enable “Synchronization Rule Provisioning” in the Synchronization Management tool
10 – Run Full synchronization and Export on both the AD and FIM management agents
11 – Recreate the object deletion rule

Use PowerShell to Create a Storage Usage Report for a Windows Server

This PowerShell script will give you a report for a server’s storage usage. It will give you a status of “Green”, “Amber”, or “Red” for each drive.

$StorageReport = @()
$date = get-date -uformat "%Y-%m-%d"
$Drives = Get-WmiObject -Class Win32_LogicalDisk | ? {$_.drivetype -eq 3} | select DeviceID,Size,Freespace,drivetype,VolumeName

foreach ($Drive in $Drives)
    if ($Drive.freespace)
        $PercentFree = "{0:N2}" -f (($drive.freespace / $drive.size) * 100)
        $Size = "{0:N2}" -f (($drive.size / 1024 / 1024 / 1024))
        $Freespace = "{0:N2}" -f (($drive.freespace / 1024 / 1024 / 1024))
        switch ($PercentFree)
        {$_ -gt 20} {$Status="Green"}
        {($_ -lt 20)-and($_ -gt 10)} {$Status="Amber"}
        {$_ -lt 10} {$Status="Red"}
        Default {$Status="Unknown"}

        $StorageReport += New-object PSObject -Property @{
            "Drive" = $drive.DeviceID
            "DriveName" = $drive.volumeName
            "Freespace" = $Freespace
            "Size" = $Size
            "PercentFree" = $PercentFree + "%"
            "Status" = $Status

$StorageReport | ft Drive,DriveName,Size,FreeSpace,PercentFree,status -AutoSize

The results look like this:

Drive DriveName           Size   Freespace PercentFree Status
----- ---------           ----   --------- ----------- ------
C:    System              99.66  17.28     17.34%      Amber 
H:    SQL Backup          160.00 83.35     52.10%      Green 
I:    MIM Svc SQL Logs    20.00  0.01      0.05%       Red   
J:    MIM Svc SQL Data    140.00 129.86    92.76%      Green 
K:    MIM Svc SQL TempDB  10.00  7.28      72.78%      Green 
L:    MIM Sync SQL Logs   20.00  19.86     99.30%      Green 
M:    MIM Sync SQL Data   80.00  79.12     98.91%      Green 
N:    MIM Sync SQL TempDB 10.00  9.80      98.07%      Green 
O:    MIM SPS SQL Logs    5.00   2.61      52.19%      Green 
P:    MIM SPS SQL Data    10.00  9.95      99.58%      Green 
Q:    MIM SPS SQL TempDB  10.00  9.93      99.37%      Green 
R:    MIM Stage SQL Logs  5.00   4.61      92.25%      Green 
S:    MIM Stage SQL Data  10.00  9.81      98.15%      Green 
T:    MIM Stage TempDB    10.00  9.95      99.49%      Green