Exclude cluster accounts from AD
22 views
Skip to first unread message
Mike Leone
May 22, 2024, 9:16:16 AM5/22/24
to NTPowershell Mailing List
I have a script I need to run against all AD computer objects that are servers. However, I explicitly want to exclude cluster objects. (the script reports on last updates, and last reboot times, so I don't want it to show me the cluster account(s), but DO want it to show me just the cluster nodes).
I know that I can do a "Get-Cluster -Domain <domain>", and that gives me the Windows names of the clusters themselves, which is great. But I'd want to also exclude the cluster resources that appear as computer objects (i.e., SQL Server Name, File Server name, etc).
And I'm not seeing any clear way to do that ... Its looking like I will need to get info using Get-ClusterResource, and compiling a list that includes certain resource types ("Distributed Network Name" ; "Network Name", "SQL Server"). Is there a better way ? am I missing something?
--
Mike. Leone, <mailto:tur...@mike-leone.com>
PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF
Photo Gallery: <http://www.flickr.com/photos/mikeleonephotos>
Mike. Leone, <mailto:tur...@mike-leone.com>
PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF
Photo Gallery: <http://www.flickr.com/photos/mikeleonephotos>
Michael B. Smith
May 22, 2024, 9:22:33 AM5/22/24
to ntpowe...@googlegroups.com
Every CNO has an SPN that you can search against/exclude:
ServicePrincipalName -Like "MSServerCluster/*"
--
You received this message because you are subscribed to the Google Groups "ntpowershell" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
ntpowershell...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ntpowershell/CAHBr%2B%2Bh-cc9hYPBzJfNJokENMJ%3DMUVhRutOC25ewBK3c0i_zmA%40mail.gmail.com.
Mike Leone
May 22, 2024, 10:03:12 AM5/22/24
to ntpowe...@googlegroups.com
On Wed, May 22, 2024 at 9:22 AM Michael B. Smith <mic...@smithcons.com> wrote:
Every CNO has an SPN that you can search against/exclude:
ServicePrincipalName -Like "MSServerCluster/*"
I knew you would know! LOL
Learn something new every day ...
MSServerClusterMgmtAPI/CAU-MSCLUST34.wrk.ads.pha.phila.gov
MSServerClusterMgmtAPI/CAU-MSCLUST34
MSClusterVirtualServer/CAU-MSCLUST34.wrk.ads.pha.phila.gov
MSClusterVirtualServer/CAU-MSCLUST34
HOST/CAU-MSCLUST34.wrk.ads.pha.phila.gov
HOST/CAU-MSCLUST34
So I guess I need to do the above, and if the returned SPN contains "MSClusterVirtualServer", then I should be good to exclude
(the individual cluster nodes have an SPN "MSServerClusterMgmtAPI/<NODE>", and I would want to query that computer, so I can't exclude just any SPN that has "MSServerCluster" in the SPN).
I'll keep poking around, thanks!
To view this discussion on the web visit https://groups.google.com/d/msgid/ntpowershell/49e8fffd9ff949a4b3ec6bcc03990a6d%40smithcons.com.
Reply all
Reply to author
Forward
0 new messages