Category Archives: Uncategorized

Start/Stop EC2 instances by Tags using PowerShell

Published / by / Leave a Comment

In most cases, organizations will be running their AWS instances 24-hours a day, 7 days a week. You can reduce your costs significantly by scheduling non-production EC2  instances to shutdown when they are not required.

  • Start and Shutdown EC2 instances to run during business hours
  • Stop all non-production EC2 instances at evenings and weekends

Lambda function below can be scheduled to stop the instances and save costs

#Ge AWS credentials from metadata
$proxy = "x.x.x.x"
$webClient = new-object System.Net.WebClient
$proxy = new-object System.Net.WebProxy $proxyServerToDefine,"True","169.*"
$iam = $webClient.DownloadString("")
$iamProfileInfo= ConvertFrom-Json ($webClient.DownloadString("$iam"))
Set-AWSCredentials -AccessKey $iamProfileInfo.AccessKeyId -SecretKey $iamProfileInfo.SecretAccessKey -SessionToken $iamProfileInfo.Token
#This is to get all the instanced with a tag name Environment with value DEV
$instances = (Get-EC2Tag | where {$_.Key -eq "Environment" -and $_.ResourceType -eq "instance" -and $_.Value -eq "DEV"}).ResourceId
foreach ($instance in $instances)
$instancestatus = Get-EC2InstanceStatus -InstanceIds $instance
$InstanceName = (Get-EC2Tag | where {$_.ResourceId -eq $instance -and $_.Key -eq "Name" }).Value
#Instance Value is NULL for all stopped instances on AWS using Powershell
if($instancestatus -eq $null)
Write-Host "(NO ACTION)" $InstanceName "is stopped"
Write-Host "Stopping Instance: " $InstanceName
Stop-EC2Instance -Instance $instance

AWS EC2 with IAM Role: No credentials specified or obtained from persisted/shell defaults.

Published / by / Leave a Comment

Get-EC2Instance : No credentials specified or obtained from persisted/shell defaults.
At line:1 char:1
+ Get-EC2Instance
+ ~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (Amazon.PowerShe…2InstanceCmdlet:GetEC2InstanceCmdlet) [Get-EC2Insta
nce], InvalidOperationException
+ FullyQualifiedErrorId : InvalidOperationException,Amazon.PowerShell.Cmdlets.EC2.GetEC2InstanceCmdlet

For EC2 machines that are assigned IAM roles, AccessKeyId, SecreteAccessKey and SessionToken needs to be obtained frmo metadata before making AWS calls.

$iam = (Invoke-WebRequest
$iamProfileInfo= ConvertFrom-Json (Invoke-WebRequest$iam).Content
Set-AWSCredentials -AccessKey $iamProfileInfo.AccessKeyId -SecretKey $iamProfileInfo.SecretAccessKey -SessionTok
en $iamProfileInfo.Token

SharePoint 2013: PowerShell script to create a new User Profile Property

Published / by / Leave a Comment

$site = new-object Microsoft.SharePoint.SPSite(“”);
$serviceContext = [Microsoft.SharePoint.SPServiceContext]::GetContext($site);

$userProfileConfigManager = New-Object Microsoft.Office.Server.UserProfiles.UserProfileConfigManager($serviceContext)
$profilePropertyManager = $userProfileConfigManager.ProfilePropertyManager
$corePropertyManager = $profilePropertyManager.GetCoreProperties()
$profileTypePropertyManager = $profilePropertyManager.GetProfileTypeProperties([Microsoft.Office.Server.UserProfiles.ProfileType]::User)
$profileSubTypeManager = [Microsoft.Office.Server.UserProfiles.ProfileSubTypeManager]::Get($serviceContext)
$defaultSubType = [Microsoft.Office.Server.UserProfiles.ProfileSubtypeManager]::GetDefaultProfileName([Microsoft.Office.Server.UserProfiles.ProfileType]::User)
$profileSubType = $profileSubTypeManager.GetProfileSubtype($defaultSubType)
$profileSubTypePropertyManager = $profileSubType.Properties

#Create Core Property
$PropertyName = “Supervisor”
$PropertyDisplayName = “Supervisor”
$coreProperty = $corePropertyManager.Create($false)
$coreProperty.Name = $PropertyName
$coreProperty.DisplayName = $PropertyDisplayName
$coreProperty.Type = “string”
$coreProperty.Length = “50”

#Create Profile Property
$profileTypeProperty = $profileTypePropertyManager.Create($coreProperty)
$profileTypeProperty.IsVisibleOnEditor = $false
$profileTypeProperty.IsVisibleOnViewer = $true
$profileTypeProperty.IsEventLog = $false

#Create Profile Sub Property
$profileSubTypeProperty = $profileSubTypePropertyManager.Create($profileTypeProperty)
$profileSubTypeProperty.DefaultPrivacy =[Microsoft.Office.Server.UserProfiles.Privacy]::$Privacy
$profileSubTypeProperty.PrivacyPolicy =[Microsoft.Office.Server.UserProfiles.PrivacyPolicy]::$PrivacyPolicy

#Add New Mapping for synchronization user profile data
$connectionName =”BDC”
$attributeName =”Supervisor”
$synchConnection = $userProfileConfigManager.ConnectionManager[$connectionName]

SharePoint: Script to update User information from AD

Published / by / Leave a Comment

In SharePoint some of the user information is stored at the site collection level in user information list (_catalogs/users/simple.aspx). User name and other changes are not synchronized with User profile information  (user last name changed, not updated at site level). The below script can be used to update it at all the site collection.


function Sync-SPUser([string]$userName) {

Get-SPSite -Limit All | foreach {
$web = $_.RootWeb
$user = $web | Get-SPUser -Identity $userName -ErrorAction SilentlyContinue
if ($user -ne $null)
$web | Set-SPUser -Identity $user -SyncFromAD
$path = “D:\Temp\Greg_User_sites.txt”
$web.Url | Out-File -FilePath $path -Append

Sync-SPUser “Contoso\Admin”

Can’t start User Profile Synchronization service in SharePoint 2013 – UnauthorizedAccessException

Published / by / Leave a Comment

Error from Log Files

Exception trying to write the management agent stack size for the Moss MA. System.UnauthorizedAccessException: Access to the registry key ‘HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FIMSynchronizationService\Parameters\PerMAInstance\MOSS-UserProfile’ is denied.
at Microsoft.Win32.RegistryKey.Win32Error(Int32 errorCode, String str)
at Microsoft.Win32.RegistryKey.CreateSubKeyInternal(String subkey, RegistryKeyPermissionCheck permissionCheck, Object registrySecurityObj, RegistryOptions registryOptions)
at Microsoft.Win32.RegistryKey.CreateSubKey(String subkey, RegistryKeyPermissionCheck permissionCheck)
at Microsoft.Office.Server.Administration.UserProfileApplication.SetupSynchronizationService(ProfileSynchronizationServiceInstance profileSyncInstance)


  • Go to Central Admin -> Security -> Service Accounts
  • Find the account running “User Profile Synchronization Service”
  • Add the account as admin on the servers
  • Restart the servers