SFTP using Powershell POSH-SSH

Install POSH-SSH module in PowerShell using command: REFERENCE

iex (New-Object Net.WebClient).DownloadString("https://gist.github.com/darkoperator/6152630/raw/c67de4f7cd780ba367cccbc2593f38d18ce6df89/instposhsshdev")

Example Output:



Import-Module Posh-SSH #Load the Posh-SSH module

#Set the credentials
$Password = ConvertTo-SecureString 'Password' -AsPlainText -Force
$Credential = New-Object System.Management.Automation.PSCredential ('user', $Password)

#Set local file path, SFTP path, and the backup location path which I assume is an SMB path
$FilePath = "C:\Sumit\SFTP.txt"
$SftpPath = '/home/user/SFTP-TEST/'

#Set the IP of the SFTP server
$SftpIp = ''

#Establish the SFTP connection
New-SFTPSession -ComputerName $SftpIp -Credential $Credential

#Upload the file to the SFTP path
Set-SFTPFile -SessionId 0 -LocalFile $FilePath -RemotePath $SftpPath

#Disconnect SFTP session
(Get-SFTPSession -SessionId 0).Disconnect()

Example script:


Another Example for authentication using Private Key:

# Define Serve Name
$ComputerName = ""

# Define UserName
$UserName = "user"

#Define the Private Key file path
$KeyFile = "C:\Users\sumit\MyPrivateKeyRSA\Key"
$nopasswd = new-object System.Security.SecureString

#Set Credetials to connect to server
$Credential = New-Object System.Management.Automation.PSCredential ($UserName, $nopasswd)

# Set local file path, SFTP path, and the backup location path which I assume is an SMB path
$FilePath = "C:\Sumit\SFTP1.txt"
$SftpPath = 'data/'

#Command to connect to the server for SFTP
#New-SSHSession -ComputerName $ComputerName -Credential $Crendtial -KeyFile $KeyFile

# Establish the SFTP connection
$SFTPSession = New-SFTPSession -ComputerName $ComputerName -Credential $Credential -KeyFile $KeyFile

# Upload the file to the SFTP path
Set-SFTPFile -SessionId $SFTPSession.SessionID -LocalFile $FilePath -RemotePath $SftpPath

# Disconnect SFTP session

Acronyms / Status Codes – Microsoft Services

Ref: https://technet.microsoft.com/en-us/library/bb496992.aspx

Acronym Definition
ABC Abstract Base Class
ACE Access Control Entry
ACID Atomicity, Consistency, Isolation, and Durability
ACL Access Control List
ACPI Advanced Configuration and Power Interface
ADO ActiveX® Data Objects
ADSI Active Directory Service Interfaces
AIC Application Integration Component
ANSI American National Standards Institute
ANSI SQL American National Standards Institute Structured Query Language
API Application Programming Interface
APM Advanced Power Management
APPC Advanced Program-to-Program Communication
ASCII American Standard Code for Information Interchange
ASP Active Server Pages
ATL ActiveX® Library Template
ATM Asynchronous Transfer Mode
AXFR Asynchronous Full Transfer Zone
BASH Bourne Again Shell
BDC Backup Domain Controller
BDM Business Development Manager
BIOS Basic Input/Output System
BINL Boot Information Negotiation Layer
BLOB Binary Large Object
BSD Berkeley Software Distribution
CA Certification Authority
CAL Client Access License
CDFS Compact Disk File System
CICS Customer Interface Control System
CIFS Common Internet File System
CIM 1. Common Information Model
2. Computer Information Model
CIP Commerce Interchange Pipeline
CLB Component Load Balancing
CLSID Class Identifier
CMOS Complementary Metal Oxide Semiconductor
COFF Common Object File Format
COM Component Object Model
COMAdmin Component Services Administration
CORBA Common Object Request Broker Architecture
CRM Compensating Resource Manager
CSMI CICS Mirror Transaction
CTM Coordinating Transaction Manager
DACL Discretionary Access Control List
DB Database
DBG Debug Format
DBMS Database Management System
DCOM Distributed Component Object Mode
DDF 1. Distributed Database Facility
2. Data Decryption Field
DDL Data Definition Language
DDM/DRDA Distributed Data Management / Distributed Relational Data Access
DDNS Dynamic Domain Name Service
DFS Distributed File System
DHCP Dynamic Host Configuration Protocol
DLL Dynamic-link Library
DMI Desktop Management Interface
DML Data Manipulation/Modification Language
DMTF 1. Distributed Management Task Force
2. Desktop Management Task Force
DNA Distributed InterNet Applications
DNS Domain Name System
DPA Demand Protocol Architecture
DPL Distributed Program Link
DRF Data Recovery Field
DSA Directory System Agent
DSN 1. Data Source Name
2. Domain Server Name
DTC Distributed Transaction Coordinator
DTD Document Type Definition
DTS Data Transformation Services
DVD Digital Video (or Versatile) Disk
EAP 1. Extensible Authentication Protocol
2. Early Adopter Program
ECMA European Computer Manufacturing Association
EFS Encrypting File System (Windows 2000)
EDI Electronic Data Interchange
ELSA Electronic Library Services and Applications
ERP Enterprise Resource Planning
EXE Executable File
FAT File Allocation Table
FEK File Encryption Key
FPNW File and Print Services for NetWare
FQDN Fully Qualified Domain Name
FTP File Transfer Protocol
GC Global Catalog
GDB GNU Debugger
GINA Graphical Identification and Authentication
GIT Global Interface Table
GPE Group Policy Editor
GPL General Public License
GPO Group Policy Object
GSSC Global Solutions Support Center
GSNW Gateway Services for NetWare
GTM Go to Market
GUI Graphic User Interface
HAL Hardware Abstraction Layer
HCL Hardware Compatibility List
HIP High Impact Project
HLLAPI High Level Language Application Programming Interface
HKCU HKey_Current_User
HKLM HKey_Local_Machine
HSM Hierarchical Storage Management
HTML Hypertext Markup Language
HTTP Hypertext Transfer Protocol
IANA Internet Assigned Numbers Authority
IPC Interprocess Communication
IDE 1. Integrated Development Environment
2. Integrated Drive Electronics
IDL 1. Interface Description Language
2. Interface Definition Language
IDOC Intermediate Document
IEAK Internet Explorer Administrator Kit
IID Interface Identifier
IETF Internet Engineering Task Force
IIS Internet Information Services (Internet Information Server)
IME Input Method Editor
IMS Information Management System
IP 1. Internet Protocol
2. Intellectual Property
IPsec Internet Protocol security
IPX Internetwork Packet eXchange
IrDA Infrared Data Association
ISAM Indexed Sequential Access Method
ISO International Organization for Standardization
ISV Independent Software Vendor
ITIL Information Technology Infrastructure Library
ITS Incompatible Time-Sharing System
IXFR Incremental Transfer
JDBC Java Data Base Connectivity
JIT Just-in-Time
JMS Java Message Service
JNDI Java Naming and Directory Interface
JRMI Java Remote Method Invocation
JTS Java Transaction Service
KCC Knowledge Consistency Checker
KDC Key Distribution Center
L2TP Layer 2 Tunneling Protocol
LAN Local Area Network
LCE Loosely Coupled Events
LDAP Lightweight Directory Access Protocol
LISP List Processor
LORG Large Organization
LSA Local Security Authority
LU Logical Unit
MDAC Microsoft Data Access Components
MICR Magnetic Ink Character Recognition
MIME Multipurpose Internet Mail Extensions
MLV Multilanguage Version
MMC Microsoft Management Console
MOF Managed Object Format
MOM Microsoft Operations Manager
MORG Medium-sized Organization
MQS Message Queue Series
MRO Maintenance Repair and Operations
MSCS Microsoft Cluster Service
MSDE 1. Microsoft Data Engine
2. Microsoft SQL Server 2000 Desktop Engine
MSF Microsoft Solutions Framework
MSI Microsoft Windows Installer
MSMQ Message Queuing
MSP 1. Managed Service Provider
2. Messaging Service Provider
3. Message Security Protocol
MTA Multi-threaded Architecture
MTS 1. Microsoft Transaction Server

2. Microsoft Technical Support

MVS Multiple Virtual System
NAL NetWare Applications Launcher
NAV Net Asset Value
NCP 1. Network Control Program
2. Network Control Protocol
3. NetWare Core Protocol
NDIS Network Driver Interface Specification
NDPS Novell Distributed Print Services
NDS NetWare Directory Service
NFS Network File System
NIC Network Adapter
NIS Network Information Service
NLB Network Load Balancing
NLS National Language Support
NNTP Network News Transport Protocol
NTP Network Time Protocol
NTW New Technology Workstation
NVT Network Virtual Terminal
OCR Optical Character Recognition
OCX 1. OLE Custom Control
2. OLE Control Extension
ODBC Open Database Connectivity
OLAP Online Analytical Processing
OLTP Online Transaction Processing
OMG Object Management Group
OO Object Oriented
OOAD Object Oriented Analysis and Design
OPP Order Processing Pipeline
ORB Object Request Broker
OS Operating System
OSTA Optical Storage Technology Association
OTM Object Transaction Middleware
PAC Privilege Attribute Certificate
PCL Printer Control Language
PCMCIA Personal Computer Memory Card International Association
PDC Primary Domain Controller
PEC Primary Enterprise Controller
PG Product Group
PK Primary Key
PKI Public Key Infrastructure
PMI Project Management Institute
PnP Plug and Play
POS 1. Programmable Option Select
2. Point of Sale
3. Point of Service
4. Packet Over Sonet
5. Persistent Object Server
POSIX Portable Operating System Interface
PPP Point-to-Point Protocol
PPTP Point to Point Tunneling Protocol
PSS Product Support Services
PTM Participating Transaction Manager
PTR Point-in-Time Repair
PXE Pre-boot Execution Environment
QCE Quality Customer Experience
QFE Quick Fix Engineering
RADIUS Remote Authentication Dial-In User Service
RAID Redundant Array of Independent Disks
RAS Remote Access Services
RDO Remote Data Object
RDP 1. Remote Display (or Desktop) Protocol
2. Reliable Datagram Protocol
RDS Remote Data Services
RFC Request for Comment
RID 1. Relative Identifier
2. Record ID
RIS Remote Installation Services
RM Resource Manager
ROLAP Relational Online Analytical Processing
RPC Remote Procedure Call
RSM Removable Storage Management
RR Resource Records
RSS Remote Storage
RTL Register Transfer Language
RUP Roaming User Profile
SAA System Application Architecture
SACL System Access-Control List
SAM Security Accounts Manager
SAN Storage Area Network
SAS Secure Attention Sequence
SCA Security Configuration and Analysis
SCE Security Configuration Editor
SCM 1. Service Control Manager
2. Security Control Monitor
SCSI Small Computer System Interface
SCTS Security Configuration Toolset
SD Security Descriptor
SDI 1. Secure Dial-In
2. Single Document Interface
3. Smart Database Interface
SDK Software Development Kit
SFU Windows Services for UNIX
SI System Integrator
SID Security Identifier
SIS Single Instance Store
SMB Server Message Block
SMS Systems Management Server
SMTP Simple Mail Transfer Protocol
SNA Systems Network Architecture
SNMP Simple Network Management Protocol
SP Stored Procedure
SPM Shared Property Manager
SRM Security Reference Monitor
SSD Solid State Disk
SSL Secure Socket Layer
SSO Single Sign-on
SSPI Security Support Provider Interface
SVID System V Interface Definition
TCE Tightly Coupled Events System
TCO Total Cost of Ownership
TCP/IP Transmission Control Protocol/Internet Protocol
TCT Terminal Control Table
TFTP Trivial File Transfer Protocol
TGS Ticket-Granting Service
TGT 1. Transaction Group Type
2. Ticket Granting Ticket
3. Target Tracker
TIP Transaction Internet Protocol
TLB Type Library
TLS Thread Local Storage
TM Transaction Manager
TP Transaction Program
TPD Transactions Per Day
TPH Transactions Per Hour
TPM Transactions Per Minute
TPS Transactions Per Second
TSA Target Service Agent
TTL Time to Live
UCS 1. User Coordinate System
2. Universal Character Set
3. Unicode Conversion Support
UDF 1. Universal Disk Format
2. User-defined function
3. Uniqueness Database File
UDP User Datagram Protocol
UI User Interface
UML 1. Unified Modeling Language
2. Universal Markup Language
UNC Universal Naming Convention
UPN User Principal Name
URL Uniform Resource Locator
USB Universal Serial Bus
USMT User State Migration Tool
USN Update Sequence Numbers
UTF Unicode Transformation Format
VAN Value Added Network
VPN Virtual Private Network
VxD Virtual Device Driver
WAN Wide Area Network
WBEM Web-based Enterprise Management
WDM Win32 Driver Model
WFP Windows File Protection
WHQL Windows Hardware Quality Lab
WINS Windows Internet Name Service
WMI Windows Management Instrumentation
WQL WMI Query Language
WSH Windows Script Host
XA Extended Architecture
XDR External Data Representation
XML Extensible Markup Language
XML TI XML Transaction Integration
XSL Extensible Style Language
XSLT Extensible Stylesheet Language Transformations
ZAW Zero Administration for Windows

Cleanup WinSXS folder in Server 2012 R2

LABOPS-0082The WinSxS folder contains the files for all the Windows Features you can install in the default operating system. Each time you run a windows update files in the WinSxS folder get update and the size will continue to grow.

In Windows Server 2012, A new feature called “Features on Demand” introduced. Instead of WinSxS containing all the binaries for all the features you could possibly install on the server, “Features on Demand” allows you to remove the files for features you aren’t using.

You can specify the source files location in case you want to install removed windows features.



Here in the screenshot, the folder size is 7.19GB.



Open PowerShell, and run the command Get-WindowsFeature to list all the features with their “Install State”.


The command to uninstall windows feature is:

Uninstall-WindowsFeature -Name “featurename” -Remove

With this command we can remove windows features one by one. Since we have list of features that can be uninstalled we can combine few commands as:

Get-WindowsFeature | Where-Object -FilterScript {$_.Installed -Eq $FALSE} | Uninstall-WindowsFeature -Remove



Now run the following command to verify the uninstallation of windows features

Get-WindowsFeature | WhereObject -FilterScript {$_.Installed -Eq $FALSE}


Also lets take a look on WinSxS folder size:


Windows Time service cannot start – System error 1290 has occurred error on Windows

This error usually comes up when you try to start a new service that would get the same service ID as another service in the process:

System error 1290 has occurred.

The service start failed since one or more services in the same process have an incompatible service SID type setting. A service with restricted service SID type can only coexist in the same process with other services with a restricted SID type. If the service SID type for this service was just configured, the hosting process must be restarted in order to start this service.

To resolve this error, open a new command prompt as administrator and enter the following command:

sc config w32time type= own

Try starting the windows time service. You should be able to start now.

Best Practices for placing FSMO Roles

FSMO Roles (Flexible Single Master Operation)

Each domain in an AD-based network has three FSMO roles that must be assigned to domain controllers within the domain:

  • PDC Emulator. The DC holding this role plays PDC for any legacy Windows NT BDCs you may still have running. But even if you’ve migrated all your legacy DCs and your domains are running in Windows 2000 mixed functional level or higher, the PDC Emulator role is still important because the PDC Emulator enforces account lockout, handles password changes, and synchronizes time for all DCs in the domain.
  • RID Master. When an administrator creates a new security principle in Active Directory (typically a new user or group) the SID for the new object is constructed from the domain SID and a relative ID (RID) selected from a pool of RIDs on the domain’s DCs. If this pool starts running low (under 50% remaining) the RID Master replenishes it.
  • Infrastructure Master. Ensures cross-domain object references are handled properly, such as when objects in one domain are referenced by objects in a different domain.

The forest root domain also has two additional FSMO roles that must be assigned to domain controllers in that domain:

  • Domain Naming Master. Handles changes to the namespace, for example when a new child domain is added to a parent domain.
  • Schema Master. Handles changes to the schema and replicates these changes to all other DCs throughout the forest.

There are a number of ways you can determine which DCs are FSMO roles holders on your network, but the simplest is to install the Support Tools from the SupportTools folder on your product CD and type netdom query fsmo at a command prompt:


The Infrastructure Master for the lab.local domain can be held by secondary domain controller while all other roles are held by PDC. Other ways of determining FSMO role holders are outlined in KB 234790. The Script Center on Microsoft TechNet has a handy script for this purpose, too.

Symptoms of FSMO Problems

If one or more of your FSMO role holders has problems, bad things can happen. To help you troubleshoot such situations, the table below describes some of the symptoms that can occur when FSMO role holders go missing or don’t work properly.

Symptom Possible Role Involved Reason
Users can’t log on. PDC Emulator If system clocks become unsynchronized, Kerberos may fail.
Can’t change passwords. PDC Emulator Password changes need this role holder.
Account lockout not working. PDC Emulator Account lockout enforcement needs this role holder.
Can’t raise the functional level for a domain. PDC Emulator This role holder must be available when the raising the domain functional level.
Can’t create new users or groups. RID Master RID pool has been depleted.
Problems with universal group memberships. Infrastructure Master Cross-domain object references need this role holder.
Can’t add or remove a domain. Domain Naming Master Changes to the namespace need this role holder.
Can’t promote or demote a DC. Domain Naming Master Changes to the namespace need this role holder.
Can’t modify the schema. Schema Master Changes to the schema need this role holder.
Can’t raise the functional level for the forest. Schema Master This role holder must be available when the raising the forest functional level.


Rules for FSMO Role Placement

Since FSMO roles are crucial for the proper functioning of an AD-based network, it’s a good idea to get them right from the planning stage of your deployment. By default, when you install the first DC of your forest root domain, this first DC holds all five FSMO roles. When you install the first DC of any other domain in your forest, that DC will hold all three domain FSMO roles (PDC Emulator, RID Master, and Infrastructure Master). Depending on the complexity of your network, however, this default roles assignment may not be appropriate, so you need to transfer some of your roles to a different machine to achieve optimal FSMO-role placement on your network. See KB 223787 and KB 255504 for how to transfer roles. KB 321469 also has information on how to transfer roles using scripts.

Proper FSMO role placement basically boils down to a few simple rules, tips, and exceptions:

Rule 1: The PDC Emulator and RID Master roles should be on the same machine because the PDC Emulator is a large consumer of RIDs.

  • Tip: Since the PDC Emulator is the role that does the most work by far of any FSMO role, if the machine holding the PDC Emulator role is heavily utilized then move this role and the RID Master role to a different DC, preferable not a global catalog server (GC) since those are often heavily used also.

Rule 2: The Infrastructure Master should not be placed on a GC.

  • Tip: Make sure the Infrastructure Master has a GC in the same site as a direct replication partner.
  • Exception 1: It’s OK to put the Infrastructure Master on a GC if your forest has only one domain.
  • Exception 2: It’s OK to put the Infrastructure Master on a GC if every DC in your forest has the GC.

Rule 3: For simpler management, the Schema Master and Domain Naming Master can be on the same machine, which should also be a GC.

  • Exception: If you’ve raised your forest functional level to Windows Server 2003, the Domain Naming Master doesn’t need to be on a GC, but it should at least be a direct replication partner with a GC in the same site.

Rule 4: Proactively check from time to time to confirm that all FSMO roles are available or write a script to do this automatically.

  • Tip: If any FSMO role holders at a remote site are unavailable, check first to see if your WAN link is down.

Active Directory Questions and Answers

There are some list of definitions in terms of Questions and answers relating to Active Directory (AD) which i have taken from different sources and gathered here

What is active directory?

What is Domain

What is domain controller? (a domain controller (DC) is a server that responds to security authentication requests (logging in, checking permissions, etc.) within a Windows domain)

What is a standalone server (A standalone server is a server that runs alone and is not a part of a group. In fact, in the context of Microsoft Windows networks, astandalone server is one that does not belong to or is not governed by a Windows domain)

What I s a member server (Member server is a server role defined by Microsoft Active Directory (AD), a service that runs on the Windows 2000 and Windows Server2003 operating systems. A member server belongs to a domain but is not the domain controller)

What is Object

What is attribute (Single property of an object)

How do you make a server domain controller (By installing the role AD DS or by running command DCPROMO on older version of operating systems (older than 2008 R2))

What is the name of Active directory Database ( NTDS.dit)

What are the partitions on AD 2003 Database (Application, Domain Directory Partition, Schema Directory, Configuration Directory Partition)

What tool you can use to modify the Ad database (adsi.edit, ntdsutil)

What is DRO and what objects are in this partition (Resident Directory Object. Objects included in this partition are Users, Groups, computer accounts)

What is Schema

How many FSMO roles available

Name Operations Masters

Which FSMO role is the most important (PDC emulator) Reference

Which FSMO role is the less important (Rid master/ Infrastructure – Not Sure)

What is OU

What are 3 primary functions of OU

What is a Site

What is KCC

What is LSASS.EXE (Local Security Authority Subsystem Service (LSASS) is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens.)

What is SYSVOL (The term SYSVOL refers to a set of files and folders that reside on the local hard disk of each domain controller in a domain and that are replicated by the File Replication service (FRS). Network clients access the contents of the SYSVOL tree by using the NETLOGON and SYSVOL shared folders.)

What is Journal Wrap and how to troubleshoot journal wrap issues?

DNS Questions and Answers

There are some list of definitions in terms of Questions and answers relating to DNS which i have taken from different sources and gathered here

What Is DNS

What does Active directory integrated DNS mean

What is a Zone?

What port DNS operates on? 53

What is A record : (The A in A record stands for Address. Simply put, an A record is used to find the address of a computer connected to the internet from a name. Whenever you visit a web site, send an email, connect to Twitter or Facebook or do almost anything on the Internet, the address you enter is a series of words connected with dots.)

What is Host record (The Domain Name System, more popular as DNS, is responsible for associating domain names, the user-friendly names of websites, with their corresponding real system names – IP addresses. These IP addresses are vital for bringing the website online and in the DNS system are known as A records.)

What is Glue Record (A glue record is a term for a record that’s served by a DNS server that’s not authoritative for the zone, to avoid a condition of impossible dependencies for a DNS zone.)

What is PTR Record (Pointer records are used for the reverse DNS (Domain Name System) lookup. Using the IP address you can get the associated domain/hostname. An A record should exist for every PTR record.)

What is Forward lookup zone

What is Reverse lookup zone

What is Alias record (An ALIAS record is a virtual record type that we created to provide CNAME-like behavior on apex domains)

What is Cname record (CNAME stands for Canonical Name. CNAME records can be used to alias one name to another)

What is MX Record (An MX (Mail eXchange) record will redirect email sent to any user’s machine (joe@norbert.dept1.cornell.edu, for example) to a designated mailhost. It tells the MDA where to route email)

What is default priority for MX record : 10

What is SRV record (A Service record (SRV record) is a specification of data in the Domain Name System defining the location, i.e. the hostname and port number, of servers for specified services. It is defined in RFC 2782, and its type code is 33)

What tool can be used for DNS troubleshooting (NSLOOKUP)

What is DCDiag.exe (DC Diagnostic Tool)

What is Repmon.exe (Replication Monitor)

What is FRSDiag.exe (File Replication Diagnostic Tool)

What is Netlogon service, what does it do? (A service that is responsible for communication between systems in response to account logon events)

What is root hint servers (Root hints are used to prepare servers authoritative for non-root zones so that they can learn and discover authoritative servers that manage domains located at a higher level or in other subtrees of the DNS domain namespace)

How many root hint servers available by default 13

List of Root Servers

Hostname IP Addresses Manager
a.root-servers.net, 2001:503:ba3e::2:30 VeriSign, Inc.
b.root-servers.net, 2001:500:84::b University of Southern California (ISI)
c.root-servers.net, 2001:500:2::c Cogent Communications
d.root-servers.net, 2001:500:2d::d University of Maryland
e.root-servers.net NASA (Ames Research Center)
f.root-servers.net, 2001:500:2f::f Internet Systems Consortium, Inc.
g.root-servers.net US Department of Defence (NIC)
h.root-servers.net, 2001:500:1::803f:235 US Army (Research Lab)
i.root-servers.net, 2001:7fe::53 Netnod
j.root-servers.net, 2001:503:c27::2:30 VeriSign, Inc.
k.root-servers.net, 2001:7fd::1 RIPE NCC
l.root-servers.net, 2001:500:3::42 ICANN
m.root-servers.net, 2001:dc3::35 WIDE Project

Where do I locate root hint servers in DNS