great people, great experience, great passion administering sharepoint with windows powershell go...

great people, great experience, great passion

Administering SharePoint with Windows PowerShell

Go Beyond the Management Shell with SharePoint and Windows

PowerShell

great people, great experience, great passion

Gary Lapointe

Aptillon, Inc.– Director and Founding Partner– http://www.aptillon.com

SharePoint MVP since January 2008Blog: http://blog.falchionconsulting.comTwitter: @glapointe

great people, great experience, great passion

Agenda

Conditional LogicIterationFunctions and ParametersSupporting the PipeLineScriptsError HandlingRemoting

great people, great experience, great passion

Load Snap-in For any Editor

great people, great experience, great passion

Conditional Logic

if / elseif / elseif (<expression>) { <code>} elseif (<expression>) { <code>} else { <code>}

switchswitch (<value to evaluate>) { <value 1> { <code> } <value 2> { <code> } <value N> { <code> } default { <code to execute if no condition met> }}

Only perform a given task when an expression evaluates to $true

great people, great experience, great passion

Iteration

Whilewhile (<conditional expression>) { <code> }

Do Whiledo { <code> } while (<conditional expression>)

Do Untildo { <code> } until(<conditional expression>)

For Loopfor (<start exp>; <end condition>; <step exp>) { <code> }

Foreachforeach (<variable> in <collection>) { <code> }

Warning!!!

The foreach statement is not the same as the ForEach-Object cmdlet (aliased as foreach and %)

great people, great experience, great passion

Quick Tips

Verify your conditional logic before making changes!Test your loops before making any changes within them!Watch for disposal issues when iterating through SPSite and SPWeb objects!

great people, great experience, great passion

Abstract common/complex tasks into a reusable unit of codeName and call functions just like cmdlets:function Set-SPListVersioning($list, $enable) {…}Set-SPListVersioning $list $trueSet-SPLIstVersioning -list $list -enable $true

Functionsfunction <Name> (<parameter list>) { <code> [return [<variable>]]}

great people, great experience, great passion

Function Parameters

Can use either implicit or explicit parametersImplicit Example:function <Name>($param1, $param2, $paramN) { … }

Explicit Example:function <Name>() { param ( $param1, $param2 )}

Optionally prefix variable names with type information

great people, great experience, great passion

Advanced Function ParametersWith explicit parameters you can add cmdlet binding attributesfunction Set-SPListVersioning() { [CmdletBinding()] param ( [Parameter(Mandatory=$true, Position=0)], [ValidateNotNull()] [Microsoft.SharePoint.SPList]$List,

[Parameter(Mandatory=$false, Position=1)] [switch]$Enable ) <your code here>}

Type help about_functions_advanced_parameters for more examples

great people, great experience, great passion

Current object is accessible via the $_ automatic variable

Supporting the PipeLine

function <Name> (<parameter list>) { begin { <execute once before processing> } process { <execute for each item> } end { <execute once after processing> }}

Be Careful!!PipeLine enabled functions need extra handling when called like a normal function

great people, great experience, great passion

Quick Tips

Best Practice: Include a Pipeline parameter and name it $InputObjectUse the filter statement if begin {} and end {} are not needed:

great people, great experience, great passion

Scripts

A script is, effectively, just a function known by a file nameA script can contain many different functions, but doesn’t have to have anyA script can have explicit parameters, just like a functionGive scripts a .ps1 file extensionLoad all script functions into memory using “dot source notation”

great people, great experience, great passion

Quick Tips

Be careful of scripts that execute when loaded– Use a function to wrap tasks

Functions within scripts can be made available without dot sourcing by changing the scope of the function:function global:<name>() { … }

great people, great experience, great passion

try/catch/finally only works with V2– Use trap statements for V1 (or just don’t use V1!)

In the catch statement block, use the $_ automatic variable to access the error detailsThe finally statement block is optional

Error Handlingtry { <code>} catch [error type][, [error type]] { <code: executed on error>} finally { <code: always executed when finished>}

great people, great experience, great passion

WINDOWS POWERSHELL REMOTING

Administering SharePoint remotely…

great people, great experience, great passion

Remoting

PowerShell Remoting uses WinRM, Microsoft’s implementation of the WS-Management protocol– WinRM allows you to run scripts against remote

servers over HTTP and HTTPS

Works with V2 onlyRequires that WinRM be enabled on both the client and the server

great people, great experience, great passion

Enabling Remoting

Run Enable-PsRemoting on the client and server machinesMust Enable CredSSP– Credential Security Support Provider– Allows cmdlets to talk to SQL using the provided credentials (handles

the double-hop issue)

Increase the MaxMemoryPerShellMB setting on remote server (default is 150MB)– Set-Item WSMan:\localhost\Shell\MaxMemoryPerShellMB 1000

Decrease MaxShellsPerUser and MaxConcurrentUsers (default is 5)– Set-Item WSMan:\localhost\shell\MaxShellsPerUser 2– Set-Item WSMan:\localhost\shell\MaxConcurrentUsers 2

great people, great experience, great passion

Enabling CredSSP

On the client machine– Group Policy must be edited to allow credential delegation to the

target computer. • Use gpedit.msc

– Computer Configuration -> Administrative Templates -> System -> Credentials Delegation -> Allow Delegating Fresh Credentials

– Verify that it is enabled and configured with an SPN appropriate for the target computer (WSMAN/myserver.domain.com or WSMAN/*.domain.com)

– May have to similarly enable “Allow Fresh Credentials with NTLM-only Server Authentication” if the above setting does not work

– Enable-WSmanCredSSP -Role Client -DelegateComputer <remote server name>

On the server machine– Enable-WSmanCredSSP -Role Server

great people, great experience, great passion

Running Remote Commands

great people, great experience, great passion

Session Configurations

Use Register-PSSessionConfiguration to preload SharePoint PowerShell Snap-In– Must also set threading options

Use Set-PSSessionConfiguration with -ShowSecurityDescriptorUI parameter to set securityProvide configuration name when calling New-PSSession

great people, great experience, great passion

DEMO…Windows PowerShell Remoting

great people, great experience, great passion

Summary

If you plan on writing more than 2-3 lines of PowerShell then consider using a script editorTest your scripts incrementally– Validate your loops and conditionals before

making changes!

Consider PowerShell remoting over integrated login for common admin tasks