amidaware
diff --git a/‎scripts_staging/Build/Upgrade OS to Windows Server X Standard.ps1
Lines changed: 187 additions & 0 deletions b/‎scripts_staging/Build/Upgrade OS to Windows Server X Standard.ps1
Lines changed: 187 additions & 0 deletions
diff --git a/‎scripts_staging/Checks/Internet uplink.ps1
Lines changed: 9 additions & 8 deletions b/‎scripts_staging/Checks/Internet uplink.ps1
Lines changed: 9 additions & 8 deletions
diff --git a/‎scripts_staging/Checks/SQL Health.ps1
Lines changed: 87 additions & 11 deletions b/‎scripts_staging/Checks/SQL Health.ps1
Lines changed: 87 additions & 11 deletions
diff --git a/‎scripts_staging/Checks/Windows Services.ps1
Lines changed: 3 additions & 2 deletions b/‎scripts_staging/Checks/Windows Services.ps1
Lines changed: 3 additions & 2 deletions
@@ -0,0 +1,187 @@
+<#
+.SYNOPSIS
+This script performs an in-place upgrade of a Windows Server machine by downloading and extracting the ISO file from a specified Nextcloud share.
+
+.DESCRIPTION
+The script downloads the ISO from a Nextcloud share, verifies its checksum, extracts it using 7-Zip, and then initiates an in-place upgrade of the server.
+The Nextcloud share URL format should be as follows:
+https://nextcloud.xxx.xxx/s/xxxxxxxxx/download?path=%2F&files=
+All keys are valid for initial installation and from https://learn.microsoft.com/en-us/windows-server/get-started/kms-client-activation-keys?tabs=server2016%2Cwindows1110ltsc%2Cversion1803%2Cwindows81
+
+.EXAMPLE
+    TARGETED_VERSION=2019
+    Download_Source=https://nextcloud.xxx.xxx/s/xxxxxxxxx/download?path=%2F&files=
+
+
+.NOTE
+    Author: SAN
+    Date: 14.11.24
+    #Public
+
+.CHANGELOG
+
+    27.03.25 SAN Full code refactorisation for more locale support & checksum verification & transfer repo to a single NC share
+
+.TODO
+    more testing
+    find solutions for automated DC server upgrades
+    Add password on the nextcloud repo and make the script use it
+    Find a way to use UUP to download the ISO of all windows versions
+#>
+
+
+# Windows Server Versions Metadata
+$serverVersions = @{
+    "2016" = @{
+        "en" = @{
+            "file" = "en_windows_server_2016_vl_x64_dvd_11636701.iso"
+            "checksum" = "47919CE8B4993F531CA1FA3F85941F4A72B47EBAA4D3A321FECF83CA9D17E6B8" # pragma: allowlist-secret
+            "licenseKey" = "WC2BQ-8NRM3-FDDYY-2BFGV-KHKQY"
+        }
+        "fr" = @{
+            "file" = "fr_windows_server_2016_vl_x64_dvd_11636729.iso"
+            "checksum" = "81B809A9782C046A48D461AAEBFCD33D07A566C5A990373D0A36CDA1E08EA6F0" # pragma: allowlist-secret
+            "licenseKey" = "WC2BQ-8NRM3-FDDYY-2BFGV-KHKQY"
+        }
+    }
+    "2019" = @{
+        "en" = @{
+            "file" = "en-us_windows_server_2019_x64_dvd_f9475476.iso"
+            "checksum" = "EA247E5CF4DF3E5829BFAAF45D899933A2A67B1C700A02EE8141287A8520261C" # pragma: allowlist-secret
+            "licenseKey" = "N69G4-B89J2-4G8F4-WWYCC-J464C"
+        }
+        "fr" = @{
+            "file" = "fr-fr_windows_server_2019_x64_dvd_f6f6acf6.iso"
+            "checksum" = "E0C6958E94F41163AA1EA9500825B8523136E1B8C5FC03CB7E3900858C7134AD" # pragma: allowlist-secret
+            "licenseKey" = "N69G4-B89J2-4G8F4-WWYCC-J464C"
+        }
+    }
+    "2022" = @{
+        "en" = @{
+            "file" = "en-us_windows_server_2022_updated_nov_2024_x64_dvd_4e34897c.iso"
+            "checksum" = "0C388FE9D0A524AC603945F5CFFB7CC600A73432BCCCEA3E95274BF851973C96" # pragma: allowlist-secret
+            "licenseKey" = "VDYBN-27WPP-V4HQT-9VMD4-VMK7H" 
+        }
+        "fr" = @{
+            "file" = "fr-fr_windows_server_2022_updated_nov_2024_x64_dvd_4e34897c.iso"
+            "checksum" = "CCF7FF49503C652E59EE87DE5E66260739F5B20BFB448B3D68411455C291F423" # pragma: allowlist-secret
+            "licenseKey" = "VDYBN-27WPP-V4HQT-9VMD4-VMK7H"
+        }
+    }
+    "2025" = @{
+        "en" = @{
+            "file" = "en-us_windows_server_2025_x64_dvd_b7ec10f3.iso"
+            "checksum" = "854109E1F215A29FC3541188297A6CA97C8A8F0F8C4DD6236B78DFDF845BF75E" # pragma: allowlist-secret
+            "licenseKey" = "TVRH6-WHNXV-R9WG3-9XRFY-MY832"
+        }
+        "fr" = @{
+            "file" = "fr-fr_windows_server_2025_x64_dvd_bd6be507.iso"
+            "checksum" = "45384960A3F430D26454955D1198A6E38E7AA98C9E3906AC1AE9367229C103D0" # pragma: allowlist-secret
+            "licenseKey" = "TVRH6-WHNXV-R9WG3-9XRFY-MY832"
+        }
+    }
+}
+
+
+# Function to compute SHA256 checksum
+function Get-FileChecksum {
+    param ([string]$filePath)
+    $hashAlgorithm = [System.Security.Cryptography.SHA256]::Create()
+    $fileStream = [System.IO.File]::OpenRead($filePath)
+    $checksum = [BitConverter]::ToString($hashAlgorithm.ComputeHash($fileStream)).Replace("-", "").ToUpper()
+    $fileStream.Close()
+    return $checksum
+}
+
+# Function to verify the checksum of the downloaded file
+function Verify-Checksum {
+    param ([string]$filePath, [string]$expectedChecksum)
+    if (-not (Test-Path $filePath)) { return $false }
+    return (Get-FileChecksum -filePath $filePath) -eq $expectedChecksum
+}
+
+# Function to perform in-place upgrade
+function Perform-InPlaceUpgrade {
+    param ([string]$setupPath, [string]$licenseKey)
+    $upgradeArgs = "/auto upgrade /quiet /dynamicupdate disable /imageindex 2 /eula accept /pkey $licenseKey"
+    Write-Host "Starting in-place upgrade..."
+    Start-Process -FilePath $setupPath -ArgumentList $upgradeArgs -Wait -NoNewWindow
+    Write-Host "Upgrade process initiated."
+}
+
+# Function to check requirements
+function Check-Requirements {
+    param ([string]$targetedVersion, [string]$baseUrl)
+    
+    if (-not $targetedVersion) { Write-Host "TARGETED_VERSION is not set. Exiting."; exit 1 }
+    if (-not $baseUrl) { Write-Host "Download_Source is not set. Exiting."; exit 1 }
+    
+    # Detect system language (first two letters)
+    $systemLocale = (Get-WinSystemLocale).Name.Substring(0,2).ToLower()
+    
+    # Validate language availability
+    if (-not $serverVersions[$targetedVersion].ContainsKey($systemLocale)) {
+        Write-Host "Unsupported language: $systemLocale. Exiting."
+        exit 1
+    }
+    
+    # Check for 7-Zip
+    $sevenZipPath = (Get-Command 7z.exe -ErrorAction SilentlyContinue).Source
+    if (-not $sevenZipPath) {
+        $sevenZipPath = "C:\\Program Files\\7-Zip\\7z.exe"
+        if (-not (Test-Path $sevenZipPath)) {
+            Write-Host "7-Zip not found in PATH or default location. Exiting."
+            exit 1
+        }
+    }
+    
+    # Check available disk space
+    $freeSpace = (Get-PSDrive C).Free
+    if ($freeSpace -lt 12GB) { 
+        Write-Host "Not enough disk space. Exiting."
+        exit 1
+    }
+    
+    return $systemLocale, $sevenZipPath
+}
+
+# Main Execution
+$targetedVersion = [Environment]::GetEnvironmentVariable("TARGETED_VERSION")
+$baseUrl = $env:Download_Source
+
+# Perform requirements check
+$checkResult = Check-Requirements -targetedVersion $targetedVersion -baseUrl $baseUrl
+$language = $checkResult[0]
+$sevenZipPath = $checkResult[1]
+
+# Fetch metadata
+$metadata = $serverVersions[$targetedVersion][$language]
+$isoFile = "C:\\Windows\\Temp\\$($metadata.file)"
+$extractFolder = "C:\\Windows\\Temp\\windows_server_extract"
+
+# Validate or download ISO
+if (!(Verify-Checksum -filePath $isoFile -expectedChecksum $metadata.checksum)) {
+    Write-Host "Downloading ISO..."
+    Invoke-WebRequest -Uri "$baseUrl$($metadata.file)" -OutFile $isoFile
+    if (!(Verify-Checksum -filePath $isoFile -expectedChecksum $metadata.checksum)) {
+        Write-Host "Checksum verification failed. Exiting."; exit 1
+    }
+}
+
+# Clean and extract ISO
+if (Test-Path $extractFolder) { Remove-Item -Recurse -Force $extractFolder }
+Write-Host "Extracting ISO..."
+Start-Process -FilePath $sevenZipPath -ArgumentList "x `"$isoFile`" -o`"$extractFolder`" -y" -Wait
+
+# Delete ISO file to free up space
+Write-Host "Deleting ISO file to free up space..."
+Remove-Item -Path $isoFile -Force
+
+# Locate and execute setup.exe
+$setupPath = Get-ChildItem -Path $extractFolder -Recurse -Filter "setup.exe" -File | Select-Object -First 1
+if ($setupPath) {
+    Perform-InPlaceUpgrade -setupPath $setupPath.FullName -licenseKey $metadata.licenseKey
+} else {
+    Write-Host "setup.exe not found. Exiting."; exit 1
+}
+
@@ -16,16 +16,17 @@
 
 .NOTES
     Author: SAN
-    Date: ???
+    Date: 01.01.25
     #public
 
 .CHANGELOG
-
+    25.03.25 SAN Format output
 .TODO
     Include customizable input for the list of IP addresses.
     Enhance error handling for unreachable hosts.
-    for test all to env
-    tnc has some relability issue maybe use normal ping
+    move test all to env
+    tnc has some relability issue maybe use normal ping as fallback
+
 #>
 
 
@@ -59,10 +60,10 @@ if ($TestAll) {
         $pingResult = Test-Connection -ComputerName $ip -Count 1 -Quiet
 
         if (-not $pingResult) {
-            Write-Host "Ping to $ip ($owner) failed."
+            Write-Host "KO: Ping to $ip ($owner) failed."
             $pingFailed = $true
         } else {
-            Write-Host "Ping to $ip ($owner) succeeded."
+            Write-Host "OK: Ping to $ip ($owner) succeeded."
         }
     }
 
@@ -80,9 +81,9 @@ if ($TestAll) {
 
     # Check the result of the ping and exit with status code 1 if it fails
     if (-not $pingResult) {
-        Write-Host "Ping to $randomIp ($owner) failed."
+        Write-Host "KO: Ping to $randomIp ($owner) failed."
         exit 1
     } else {
-        Write-Host "Ping to $randomIp ($owner) succeeded."
+        Write-Host "OK: Ping to $randomIp ($owner) succeeded."
     }
 }
@@ -3,20 +3,24 @@
     This script performs health checks on a machine with SQL Server installed.
 
 .DESCRIPTION
-    The script checks various aspects of SQL Server health, including version and blocked requests.
-    It provides a modular approach with separate functions for each check.
+    The script checks various aspects of SQL Server health, including version, blocked requests, 
+    and availability group synchronization. It provides a modular approach with separate functions 
+    for each check.
 
 .NOTES
     Author: SAN
-    Date: 01.01.24
+    Date: 01.01.2024
     #public
+
+.CHANGELOG
+    SAN 12.12.2023 Changed outputs
+    SAN 14.03.2024 Added availability group checks
     
 .TODO
-    Need to go back to version 1 and implement the missing functions of this check
-    handle Master-slave monitoring
+    Optimize query execution
+    Improve error handling
+
 
-.CHANGELOG
-    SAN 12.12.24 Changed outputs
 #>
 
 function Get-SqlServerVersion {
@@ -126,13 +130,79 @@ function Get-BlockedSqlRequests {
     }
 
     if ($errorEncountered) {
-        return "Error"  # Return "Error" if any error occurred during the process
+        return "Error" 
     } else {
-        return "OK"  # Return "OK" if no errors occurred
+        return "OK"
+    }
+}
+
+Function Get-SqlAgSyncStatus {
+    Write-Host "Function Get-SqlAgSyncStatus"
+    
+    $server = "$( $env:COMPUTERNAME)\$( (Get-Item 'HKLM:\Software\Microsoft\Microsoft SQL Server\Instance Names\SQL').Property[0])"
+    Write-Host "Detected SQL Server Instance: $server"
+    
+    Function RunQuery($query) {
+        Try {
+            $conn = New-Object System.Data.SqlClient.SqlConnection
+            $conn.ConnectionString = "Server=$server;Database=master;Integrated Security=True"
+            $conn.Open()
+            
+            $userQuery = "SELECT SUSER_NAME(), USER_NAME();"
+            $cmdUser = New-Object System.Data.SqlClient.SqlCommand($userQuery, $conn)
+            $userReader = $cmdUser.ExecuteReader()
+            If ($userReader.Read()) {
+                Write-Host "Connected as: $($userReader.GetString(0)) ($($userReader.GetString(1)))"
+            }
+            $userReader.Close()
+            
+            Write-Host "SQL Connection Successful: $server"
+            
+            $cmd = New-Object System.Data.SqlClient.SqlCommand($query, $conn)
+            $adapter = New-Object System.Data.SqlClient.SqlDataAdapter($cmd)
+            $dataSet = New-Object System.Data.DataSet
+            $adapter.Fill($dataSet) | Out-Null
+            $conn.Close()
+            
+            return $dataSet.Tables[0]
+        } Catch {
+            Write-Host "SQL Error: $_"
+            return $null
+        }
     }
+    
+    $query = "SELECT c.name, s.synchronization_health FROM sys.availability_groups_cluster c 
+    JOIN sys.dm_hadr_availability_group_states s ON c.group_id = s.group_id 
+    WHERE LOWER(s.primary_replica) = LOWER('$server') OR LOWER('$server') IN 
+    (SELECT LOWER(replica_server_name) FROM sys.availability_replicas);"
+    
+    $result = RunQuery $query 
+    
+    if ($null -eq $result -or $result.Rows.Count -eq 0) {
+        Write-Host "OK : $server AG SYNCHRO : No Availability Groups found."
+        return "OK"
+    }
+    
+    Write-Host "Query Result Count: $($result.Rows.Count)"
+    Write-Host "Query Result: $($result | Out-String)"
+    
+    $description = ""
+    $statusLevel = 0
+    foreach ($row in $result) {
+        switch ($row.synchronization_health) {
+            0 { $statusLevel = [Math]::Max($statusLevel, 2); $description += "$($row.name): Not Healthy " }
+            1 { $statusLevel = [Math]::Max($statusLevel, 1); $description += "$($row.name): Partially Healthy " }
+            2 { $description += "$($row.name): Healthy " }
+        }
+    }
+    
+    $status = @("OK", "WARNING", "CRITICAL")[$statusLevel]
+    Write-Host "$status : $server AG SYNCHRO : $description"
+    return $status
 }
 
 
+
 function Check-SqlServerInstallation {
     # Check if Invoke-Sqlcmd is available
     if (Get-Command Invoke-Sqlcmd -ErrorAction SilentlyContinue) {
@@ -150,9 +220,10 @@ if (Check-SqlServerInstallation) {
     # Run each function and report the result
     $result1 = Get-SqlServerVersion
     $result2 = Get-BlockedSqlRequests
+    $result3 = Get-SqlAgSyncStatus
 
     # Check the results and provide the overall status
-    if ($result1 -eq "OK" -and $result2 -eq "OK") {
+    if ($result1 -eq "OK" -and $result2 -eq "OK" -and $result3 -eq "OK") {
         Write-Host "OK: All components are functioning properly"
     } else {
         $errorComponents = @()
@@ -164,9 +235,14 @@ if (Check-SqlServerInstallation) {
         if ($result2 -ne "OK") {
             $errorComponents += "Blocked SQL Requests Check"
         }
+        
+        if ($result3 -ne "OK") {
+            $errorComponents += "AG Synchronization Check"
+        }
 
         $errorList = $errorComponents -join ", "
         Write-Host "Overall Status: Some components encountered errors. Errors in: $errorList"
         Exit 1
     }
-}
+}
+
@@ -24,7 +24,7 @@
     28.10.24 SAN - Removed ignored output without the debug flag.
     28.10.24 SAN - cleanup documentation.
     21.01.25 SAN - Code cleanup
-
+    27.03.25 SAN - added kerberos local key to default
 
 #>
 
@@ -59,7 +59,8 @@ $ignoredByDefault = @(
     "CDPSvc",
     "AGSService",
     "ShellHWDetection", # Frequently failing; unclear if actionable
-    "DropboxUpdater"
+    "DropboxUpdater",
+    "LocalKDC" # https://learn.microsoft.com/en-us/answers/questions/2136070/windows-server-2025-kerberos-local-key-distributio
 )
 
 # Check if the "IgnoredServices" environment variable exists and add those services to the ignore list