Addressing the PowerShell Garbage Collection bug

by Jeremy Saunders on September 25, 2017

There is a known bug where PowerShell does not correctly manage a garbage collection whilst executing a pipeline or loop of an object.

Simply using [System.GC]::Collect() within the pipeline or loop does not work as expected. Memory continually grows until the pipeline or loop has completed. This becomes a serious problem if you’re script is processing large objects. You can potentially exhaust memory resources and your script will fail with out of memory errors. This has been driving me nuts for years, as many of my Active Directory Health Check, Audit and Remediation Scripts process large objects in large environments.

There is a good overview of the bug here: No garbage collection while PowerShell pipeline is executing. Whilst this post claims that it seems to have been resolved in PowerShell 5, this doesn’t appear to be the case from my testing. [click to continue…]


Installing, Configuring, Securing and Using MDT Webservices – Part 2

December 22, 2016

In Part 1 we walked through the installation and configuration of Deployment Webservices. In this part we will focus on securing the Webservice. There are five (5) main areas that I focus on to lock down the Webservice, and I’ll include two (2) optional areas for consideration: Use Request Filtering, which is basically what the old […]

Read the full article →

Installing, Configuring, Securing and Using MDT Webservices – Part 1

December 12, 2016

This will be a three part article on installing, configuring, securing and using Maik Koster’s Deployment Webservice. Part 1 – Installing and Configuring Deployment Webservices Part 2 – Securing Deployment Webservices Part 3 – Using Deployment Webservices I’m a massive fan of Microsoft Deployment Toolkit (MDT) and use it for all customer deployments that don’t already have […]

Read the full article →

Script to modify the defaultSecurityDescriptor attribute on the Group-Policy-Container schema class object

June 29, 2016

Last week I published an article about the changes in the behavior of Group Policy processing after the deployment of security update MS16-072 under KB3163622. It included a script to assist with the remediation of Group Policy permissions: Script to report on and remediate the Group Policy security change in MS16-072. Of course that’s not where it […]

Read the full article →

Script to report on and remediate the Group Policy security change in MS16-072

June 22, 2016

On June 14th 2016 Microsoft released security update MS16-072 under KB3163622 that changes the behavior of Group Policy processing so that user group policies are now retrieved by using the machine’s security context instead of the user’s security context. This is a by-design behavior change from Microsoft to protect computers from a security vulnerability. Update 23/06/2016: Microsoft […]

Read the full article →

Netlogon parser for Message Analyzer

January 25, 2015

The Microsoft Message Analyzer is a very cool tool which helps us read and analyse a number of different log and trace file formats. In fact Message Analyzer is the replacement for the old Network Monitor (AKA Netmon) tool. Brandon Wilson from Microsoft wrote a parser for the NetLogon.log files. Here are the references to Brandon’s TechNet blogs: […]

Read the full article →

Script to Import and Bind a Certificate to the Default Web Site

January 4, 2015

This Powershell script will import and bind a certificate to the Default Web Site. I use this script for Citrix StoreFront and Director deployments, but it’s written to be very flexible and versatile so can be used for other tasks. The original idea came from scripts written by Thomas Albaek and Jerome Quief for Citrix StoreFront. The way I’ve written […]

Read the full article →

Script to Change the Drive Letter of all CDROM and DVD Drives

January 4, 2015

This PowerShell script will change the drive letter of all CDROM & DVD Drives found starting from whatever is set as $LastDriveLetter variable, working backwards until it finds an available drive letter. Too many IT Pros leave CDROM/DVD Drives as the drive letter Windows assigns them when first detected, which is typically usually either D: or E:. Then […]

Read the full article →

Custom MDT Wizard For Network Settings

January 4, 2015

Setting a fixed IP Address during the MDT task sequences has always been ugly. It’s an area that I believe needs to be revisited by Microsoft. I don’t like the concept behind the “Apply Network Settings” task action. I don’t find it dynamic enough. In my opinion it’s too cumbersome and involved. The old “NICSettings_Definition_ENU.xml” […]

Read the full article →

Script to Create a Summary Overview and Full Report of all Contact Objects in a Domain

January 2, 2015

This PowerShell script is one of the most comprehensive you will find that provides a thorough overview and full report of all contact objects in a domain. It is the culmination of many Active Directory audit and reviews and therefore contains valuable input from many customers. A lot of thought has been put into the logic […]

Read the full article →