.NET Framework - Add servers to a security group

Asked By Keith

19-Jul-08 01:16 AM

I am trying to construct a script that will gather a list of new servers in
the domain and then add them to one of three security groups in a even
distribution.  I plan to have this run nightly to capture any new servers
added.  The two problems I am having is 1) my incrementing doesn't seem to be
working exactly and 2) if there is an even number among the groups it doesn't
work.

Can someone take a look at this and offer any suggestions?  Many thanks in
advance!

$Group1 = 'domain\MS02'
$Group2 = 'domain\MS03'
$Group3 = 'domain\MS04'

$Size_G1 = (Get-QADGroupMember $Group1).Count
$Size_G2 = (Get-QADGroupMember $Group2).Count
$Size_G3 = (Get-QADGroupMember $Group3).Count

$ActiveGroup = $Group1

$AllServers = Get-QADComputer -OSName 'Windows*Server*'

$GroupMembers = $Group1, $Group2, $Group3 | Get-QADGroupMember |
Where-Object -FilterScript {$_.Type -eq "computer"}

ForEach($Server in $AllServers) {

## Find group with lowest membership
If(($Size_G1 -lt $Size_G2) -and ($Size_G1 -lt $Size_G3)) {
$ActiveGroup = $Group1
} ElseIf(($Size_G2 -lt $Size_G1) -and ($Size_G2 -lt $Size_G3)) {
$ActiveGroup = $Group2
} ElseIf(($Size_G3 -lt $Size_G1) -and ($Size_G3 -lt $Size_G2)) {
$ActiveGroup = $Group3
} Else {
$ActiveGroup = $Group1
}

If($GroupMembers -notcontains $Server) {
Add-QADGroupMember -Identity $ActiveGroup -Member $Server

## Increment the size of the group we just added to
If($ActiveGroup = $Group1) {
$Size_G1 += 1
} ElseIf($ActiveGroup = $Group2) {
$Size_G2 += 1
} ElseIf($ActiveGroup = $Group3) {
$Size_G3 += 1
}
}
}G2

19-Jul-08 04:32 AM

Hi Keith,

You aren't properly comparing ActiveGroup to the various groups at the end
of your script.  That's why your incrementing isn't working.  Replace this:

If($ActiveGroup = $Group1) {
$Size_G1 += 1
} ElseIf($ActiveGroup = $Group2) {
$Size_G2 += 1
} ElseIf($ActiveGroup = $Group3) {
$Size_G3 += 1
}

with this:

If($ActiveGroup -eq $Group1) {
$Size_G1 += 1
} ElseIf($ActiveGroup -eq $Group2) {
$Size_G2 += 1
} ElseIf($ActiveGroup -eq $Group3) {
$Size_G3 += 1
}

Also Get-QADGroupMember is a little expensive for your needs.
Get-QADGroupMember will give you back a rich object for each member of a
group, complete with lots of ldap properties.  All you really care about is
the dn, so to save yourself the overhead I recommend you replace your usage
of Get-QADGroupMember with (Get-QADGroup groupName).members and then drop
the filter on the type (is that really buying you something in your
script?).

And lastly you might find your script easier to manage if you maintain a
hash table of group names and their current members.  Here's what your
script could look like if you did that:

$groups = @{}
$groupNames = @('domain\MS02','domain\MS03','domain\MS04')
foreach ($groupName in $groupNames) {
$groups[$groupName] = (Get-QADGroup $groupName).members
}

$AllServers = Get-QADComputer -OSName 'Windows*Server*'


## Pick the first group as the default smallest group
$smallestGroup = $groupNames[0]
foreach ($groupName in $groupNames) {
## If any group contains our server dn, get the next server dn
if ($groups[$groupName] -contains $server.dn) {
continue serverLoop
}
## Update the smallest group if the current one is smaller
if ($groups[$groupName].count -lt $groups[$smallestGroup].count) {
$smallestGroup = $groupName
}
}

## Add the server and update the appropriate members hash table
Add-QADGroupMember -Identity $smallestGroup -Member $server
$groups[$smallestGroup] += $server.dn
}

The nice part about this script is that you can increase the number of
groups you are using to balance the server counts without changing the core
script logic: just add another group name to the list at the top of the
script and away you go.

Note that I'm not set up to test this script right now, but it was pretty
straightforward to write so I just did it here.  Test it carefully if you
use this version.  It may contain a typo that I didn't pick up on.

--
Kirk Munro [MVP]
Poshoholic
http://poshoholic.com

groupe de discussion : 2D47CA5E-B556-4E7C-8E36-FFF5C5C865FF@microsoft.com...

19-Jul-08 09:59 AM

Kirk,

Awesome!  Many thanks!  I have tested it out and so far it appears to work.
The only hitch I found is if there are no computers in any one of the groups
then it just completly ignores it.  In other words it will never see it as
the smalest group and hence never add any computers in.  It appears to need
at least one member for it to work.  I can easily live with this as we will
always have something in there.  I'll let you know after I have others test
and review, but again many thanks!

19-Jul-08 10:10 AM

Last question... The last concern is that I have 1600 servers and maybe 20000
workstations in AD.  How long do you think this will take to run each time?
Would you say that this would be too much to run each night?

19-Jul-08 10:13 AM

My pleasure Keith.  Regarding the issue with groups that don't contain any
members, just replace this line:

$groups[$groupName] = (Get-QADGroup $groupName).members

with this:

$groups[$groupName] = @((Get-QADGroup $groupName).members)

That will force it to create an array with the members, and if members is
not assigned it will create an empty array.  I thought you might like to
know in case you added a new group to your collection for balancing and that
group happened to be empty.  This should cover that scenario well.

--
Kirk Munro [MVP]
Poshoholic
http://poshoholic.com

groupe de discussion : 2177A4B1-E502-436C-8B33-929D01588F8B@microsoft.com...

19-Jul-08 01:54 PM

I modified the code to try and include computers in other domains (w/ two
trusts), but it doesn't seem to be adding them.  Is this correct?  (I updated
only the code in the "## Get all computer objects that are windows servers"
section.)

$groups = @{}
$groupNames = @('domain\MS02','domain\MS03','domain\MS04')
foreach ($groupName in $groupNames) {
$groups[$groupName] = @((Get-QADGroup $groupName).members)

}

$AllServersus = Get-QADComputer -searchroot
'DC=us,DC=test2ad,DC=super,DC=com' -OSName 'Windows*Server*'
$AllServersinvest = Get-QADComputer -searchroot
'DC=invest,DC=test2ad,DC=super,DC=com' -OSName 'Windows*Server*'
$AllServerstest2ad = Get-QADComputer -searchroot
'DC=test2ad,DC=super,DC=com' -OSName 'Windows*Server*'
$AllServers = $AllServersus,$AllServersinvest,$AllServerstest2ad


## Pick the first group as the default smallest group
$smallestGroup = $groupNames[0]
foreach ($groupName in $groupNames) {
## If any group contains our server dn, get the next server dn
if ($groups[$groupName] -contains $server.dn) {
continue serverLoop
}
## Update the smallest group if the current one is smaller
if ($groups[$groupName].count -lt $groups[$smallestGroup].count) {
$smallestGroup = $groupName
}
}

## Add the server and update the appropriate members hash table
Add-QADGroupMember -Identity $smallestGroup -Member $server
$groups[$smallestGroup] += $server.dn
}

19-Jul-08 02:24 PM

You want this instead:

$AllServers =
'us.test2ad.super.com','invest.test2ad.super.com','test2ad.super.com' |
ForEach-Object {Get-QADComputer -OSName 'Windows*Server*' -Service
$_ -SizeLimit 0}

Or if you want to use those computers in a pipeline:

'us.test2ad.super.com','invest.test2ad.super.com','test2ad.super.com' |
ForEach-Object {Get-QADComputer -OSName 'Windows*Server*' -Service
$_ -SizeLimit 0} | ForEach-Object {
...
}

And again, this can be a variable like this:

$domains =
@('us.test2ad.super.com','invest.test2ad.super.com','test2ad.super.com')

Then you can use $domains in place of the list of domain names, and you have
the means to add domains without changing your core script logic.

(see the other post I made about using ForEach-Object to reduce the memory
requirements and about using SizeLimit 0 to retrieve all objects, something
I had forgotten when I posted my first script).

--
Kirk Munro [MVP]
Poshoholic
http://poshoholic.com

groupe de discussion : 61088093-AFEC-4897-9B37-2B2A459B9678@microsoft.com...

20-Jul-08 12:00 AM

Kirk,

Thanks for all the feedback.  Does the following code look right?  I am
getting a bunch of syntax errors.  For example it didn't seem to like     ...
and there were some apparently missing "}".   I am not %100 (or maybe even
%50) on what is neccessary, so I don't want to just start taking things out
of your code without full well what I am taking out.  It could be the right
syntax , but maybe the positioning.  Not really sure.  I got a ways to go
with PoSH as you can see, but I am working at it.

$groups = @{}
$groupNames =

@('domain\MS02','domain\MS03','domain\MS04')
foreach ($groupName in $groupNames) {
$groups[$groupName] = @((Get-QADGroup

$groupName).members)

}

$domains =
@('us.test2ad.super.com','invest.test2ad.super.com','test2ad.super.com'
$AllServers = $domains | ForEach-Object {Get-QADComputer

-OSName 'Windows*Server*' -Service
$_ -SizeLimit 0} | ForEach-Object {
...
}


Get-QADComputer -OSName 'Windows*Server*' -SizeLimit 0 | ForEach-Object {

## Pick the first group as the default smallest group
$smallestGroup = $groupNames[0]
foreach ($groupName in $groupNames) {
## If any group contains our server dn, get the next server dn
if ($groups[$groupName] -contains $_.dn) {
return
}
## Update the smallest group if the current one is smaller
if ($groups[$groupName].count -lt $groups[$smallestGroup].count) {
$smallestGroup = $groupName
}
}

## Add the server and update the appropriate members hash table
Add-QADGroupMember -Identity $smallestGroup -Member $_
$groups[$smallestGroup] += $_.dn
}

20-Jul-08 12:40 AM

I thought I would take it a step at a time.  For starters I ran the following
line of code and expected to get back the servers in
the'invest.test2ad.super.com domain, but instead I got the servers in the
domain which I ran this command in.  Is this right?

$AllServers = 'invest.test2ad.super.com' | ForEach-Object {Get-QADComputer
-OSName 'Windows *Server*'}

20-Jul-08 07:32 AM

Unfortunately line wrap in newsgroup posts causes problems sometimes.  In
your command below you're missing "-Service $_ -SizeLimit 0" at the end of
your Get-QADComputer call.  Like this:

'invest.test2ad.super.com' | ForEach-Object {
Get-QADComputer -OSName 'Windows*Server*' -Service $_ -SizeLimit 0
}

In PowerShell, when you are working in a ForEach-Object script block, $_ is
a variable containing the object that was passed in from the previous stage
in the pipeline.  Pipelines are executed in a streaming fashion, so in this
example the string 'invest.test2ad.super.com' is passed into ForEach-Object.
Inside ForEach-Object, $_ is that string.  -Service identifies the AD
service you want to connect to, and -SizeLimit 0 tells Get-QADComputer not
to stop at the default size limit and instead to retrieve everything it can
that matches.

I'll reply to the other post with more details, maybe another 'putting it
all together' script.

--
Kirk Munro [MVP]
Poshoholic
http://poshoholic.com

groupe de discussion : 8813106D-4437-4EF7-9307-DE07D5168333@microsoft.com...

20-Jul-08 07:53 AM

Hi Keith,

Sorry, I was in a hurry when I made the last reply.  By ... I meant "the
rest of the script to work with your computers as described in the post
talking about performance tips". :)

Here's the full script as I see it now, supporting multiple domains,
retrieving all computers from AD, using streaming so that the computers are
checked as soon as they are retrieved, and supporting groups with no members
(beware line wraps...this script is indented 2 characters per level of
indent, so if it looks odd when you copied and pasted it, it may be because
the line was wrapped in the newsgroup):

$groups = @{}
$groupNames = @('domain\MS02','domain\MS03','domain\MS04')
$domains =
@('us.test2ad.super.com','invest.test2ad.super.com','test2ad.super.com')

foreach ($groupName in $groupNames) {
$groups[$groupName] = @((Get-QADGroup $groupName).members)
}

$domains | ForEach-Object {
Get-QADComputer -OSName 'Windows*Server*' -SizeLimit 0 -Service $_ |
ForEach-Object {
## Pick the first group as the default smallest group
$smallestGroup = $groupNames[0]
foreach ($groupName in $groupNames) {
## If any group contains our server dn, get the next server dn
if ($groups[$groupName] -contains $_.dn) {
return
}
## Update the smallest group if the current one is smaller
if ($groups[$groupName].count -lt $groups[$smallestGroup].count) {
$smallestGroup = $groupName
}
}

## Add the server and update the appropriate members hash table
Add-QADGroupMember -Identity $smallestGroup -Member $_
$groups[$smallestGroup] += $_.dn
}
}

--
Kirk Munro [MVP]
Poshoholic
http://poshoholic.com

groupe de discussion : 82551081-CD49-4BD6-8411-D940FD792391@microsoft.com...

21-Jul-08 12:01 AM

Thanks Kirk.  This works exactly as expected.... except that it doesn't seem
to be returning members from other domains.  More specifically, I am running
this from within the 'us.test2ad.super.com' domain and can get members  from
there, but can't get members from
'invest.test2ad.super.com','test2ad.super.com'

'test2ad.super.com' is the root forrest, 'invest.test2ad.super.com' is a
child and 'us.test2ad.super.com' is a child.  They all have two way trust.
Do you have any thoughts on this?  So close I can taste it!

Keith

21-Jul-08 12:54 AM

Thanks Kirk.  Just realized that I'll need to pull only members that are only
Windows 2000 with SP4 and any version of Windows 2003.

Therefore I need to modify the following nipet of code I presume:

Get-QADComputer -OSName 'Windows*Server*' -SizeLimit 0 -Service $_ |

I presume it would have to be an "or" operator with -OSName 'Windows Server
2000' -osservicepack 'Service Pack 4'.

Can you provide the right syntax for this?

Thanks

21-Jul-08 01:22 AM

Sure.  Here you go:

Get-QADComputer -LdapFilter '(|(operatingSystem=Windows Server
2003)(&(operatingSystem=Windows 2000
Server)(operatingSystemServicePack=Service Pack 4)))' -SizeLimit 0 -Service
$_

This is getting a little more advanced because you're no longer querying one
attribute for one value.  When you get into more advanced queries, you need
to use LdapFilter and specify the Ldap query you want.  In this particular
call it's looking for any computer with operatingsystem set to 'Windows
Server 2003' or with operatingsystem set to 'Windows 2000 Server' and
operatingsystemservicepack set to 'Service Pack 4'.

--
Kirk Munro [MVP]
Poshoholic
http://poshoholic.com

groupe de discussion : AB7FD166-02C4-4EA8-B875-7E64B6F9C0AC@microsoft.com...

21-Jul-08 01:35 AM

Have you run Get-QADComputer by itself against either the test2ad.super.com
or the invest.test2ad.super.com domains with a sizelimit of 1 to see if it
gets any objects back?  What kind of groups are the groups you're using to
balance the servers across?  Are they domain local, global or universal (I'm
wondering because I want to make sure they can hold computer objects from
other domains)?  Can you manually add computer accounts from the other
domains to them using Active Directory Users and Computers?

Also, if you want me to troubleshoot further, maybe you could run the
following and send me the results.  You can send them offline if you like.
My email account name on the hotmail.com domain is Poshoholic (sorry for
obfuscating it, trying to avoid unnecessary spam).

Start-Transcript C:\Poshoholic.txt
$QADConnection | Format-List *
Get-QADComputer -sizeLimit 1 -service 'invest.test2ad.super.com'
Get-QADComputer -sizeLimit 1 -service 'test2ad.super.com'
Get-QADComputer -sizeLimit 1 -service 'us.test2ad.super.com'
Connect-QADService -service 'invest.test2ad.super.com'
$QADConnection | Format-List *
Get-QADComputer -sizeLimit 1
Connect-QADService -service 'test2ad.super.com'
$QADConnection | Format-List *
Get-QADComputer -sizeLimit 1
Connect-QADService
Stop-Transcript

After that's done, just send me C:\Poshoholic.txt along with the answers to
the questions I asked above and I'll see what I can figure out.

--
Kirk Munro [MVP]
Poshoholic
http://poshoholic.com

groupe de discussion : 8B3C84F7-49C9-4F6D-BB03-7BE26D42827E@microsoft.com...

21-Jul-08 03:22 PM

Hi Kirk,

1) Yes, Get-QADComputer by itself against either the test2ad.super.com
or the invest.test2ad.super.com domains with a sizelimit of 1 returns the
correct results.

2) The groups are Universal groups

3) I can manually add from other domains using ADUC.

4) I ran the script as suggested, but got a message that this host does not
support transcription.  I took that out and it ran fine and returned all the
results.

21-Jul-08 03:25 PM

I forgot 2008.  Would this be correct?

Get-QADComputer -LdapFilter '(|(operatingSystem=Windows Server
2008)(&(operatingSystem=Windows Server
2003)(&(operatingSystem=Windows 2000
Server)(operatingSystemServicePack=Service Pack 4)))' -SizeLimit 0 -Service
$_

21-Jul-08 04:34 PM

Almost.  To add Windows Server 2008 you would just need to insert one pair
of brackets with the OS matching string.  I'm less familiar with 2008 OS
labels that appear in Active Directory (Standard, Enterprise, Datacenter)
and each one has their own text string, plus there is the registered symbol
in the string as well so I would do something like this to be on the safe
side and cover all flavours of Windows Server 2008 in addition to the other
server versions:

Get-QADComputer -LdapFilter '(|(operatingSystem=Windows
Server*2008*)(operatingSystem=Windows Server 2003)(&(operatingSystem=Windows
2000 Server)(operatingSystemServicePack=Service Pack 4)))' -SizeLimit
0 -Service $_

If you're trying to understand the LdapFilter syntax, I recommend looking at
it across multiple lines.  It always helps me out when I build the filters.

(|
(operatingSystem=Windows Server*2008*)
(operatingSystem=Windows Server 2003)
(&
(operatingSystem=Windows 2000 Server)
(operatingSystemServicePack=Service Pack 4)
)
)

I see you replied to the other question as well.  I'll look at that soon,
but not today because I'm fighting some fires at work.

--
Kirk Munro [MVP]
Poshoholic
http://poshoholic.com

groupe de discussion : 6B2B89E9-055C-48FF-B086-4AA870C94175@microsoft.com...

21-Jul-08 05:22 PM

Thanks Kirk!  I look forward to hearing from you when you are free and clear.

24-Jul-08 04:56 PM

Thanks Kirk!  I am getting the following error message:

Missing an argument for parameter 'Connection'. Specify a parameter of type
'Quest.ActiveRoles.ArsPowerShellSnapIn.Data.ArsConnection' and try again.
At line 19, position 0
ForEach-Object {

24-Jul-08 07:18 PM

That first part worked!

The second part still gives me the same message.  I made sure I considered
word wrapping as well.  What is $_ signify?

24-Jul-08 07:40 PM

More info:

I am using PowerGui script editor, and when I steped into each line in order
to debug, it threw the error after it processed the following line:

Add-QADGroupMember -Identity $smallestGroup -Member $_ -Connection

Interesting  however the error message refferred to the first character of
the last line of the following string:

Get-QADComputer -LdapFilter '(|(operatingSystem=Windows
Server*2008*)(operatingSystem=Windows Server 2003)(&(operatingSystem=Windows
2000 Server)(operatingSystemServicePack=Service Pack 4)))' -SizeLimit 0
-Connection $_ |
ForEach-Object {

24-Jul-08 09:41 PM

Ah ha!  PowerShell errors aren't always what you expect them to be! :)

This is also one line:

Add-QADGroupMember -Identity $smallestGroup -Member $_ -Connection
$defaultConnection

I think right now you have $defaultConnection on a separate line.

Also, to answer your question, $_ represents the current object coming down
the pipeline.  $ being a variable (or an object) and the underbar being a
visual cue for something coming down the pipe (from right to left).  At
least that's how the Microsoft PM who came up with that syntax described his
reasoning behind it.  $_ only works in certain places like inside script
blocks or functions called in a pipeline.

--
Kirk Munro [MVP]
Poshoholic
http://poshoholic.com

groupe de discussion : 154628E0-A335-45FB-8715-C90331B0444D@microsoft.com...

24-Jul-08 10:05 PM

Good news is no errors!  Bad news still not grabbing the computer from one
domain and adding it to the security group (universal) in the other domain.
however I think I found a clue...

From the security group membership in domain1 I can browse AD and all other
domains and add the computer, but I can't go into the membership of the
computer in domain2 and see any other domains let alone see the security
group in domain1.

What do you think?

28-Jul-08 11:28 AM

Ok, I think I see a few things that might need to change.  Let's try
referring to the groups and computers by DN rather than by name so that they
can be found from domains other than the one in which they reside, and let's
use the parent domain connection which should be able to resolve DNs to the
children domains just fine.

Here's that script:

$defaultConnection = Connect-QADService
$groups = @{}
$groupNames = @(
'cn=MS02,dc=us,dc=test2ad,dc=super,dc=com',
'cn=MS03,dc=us,dc=test2ad,dc=super,dc=com',
'cn=MS04,dc=us,dc=test2ad,dc=super,dc=com'
)
$domainConnections =@(
(Connect-QADService -Service 'test2ad.super.com'),
(Connect-QADService -Service 'us.test2ad.super.com'),
(Connect-QADService -Service 'invest.test2ad.super.com')
)
$rootDomainConnection = $domainConnections[0]

foreach ($groupName in $groupNames) {
$groups[$groupName] = @((Get-QADGroup $groupName -Connection
$rootDomainConnection).members)
}

$domainConnections | ForEach-Object {
Get-QADComputer -OSName 'Windows*Server*' -SizeLimit 0 -Connection $_ |
ForEach-Object {
## Pick the first group as the default smallest group
$smallestGroup = $groupNames[0]
foreach ($groupName in $groupNames) {
## If any group contains our server dn, get the next server dn
if ($groups[$groupName] -contains $_.dn) {
return
}
## Update the smallest group if the current one is smaller
if ($groups[$groupName].count -lt $groups[$smallestGroup].count)
{
$smallestGroup = $groupName
}
}

## Add the server and update the appropriate members hash table
Add-QADGroupMember -Identity $smallestGroup -Member
$_.dn -Connection $rootDomainConnection
$groups[$smallestGroup] += $_.dn
}
}

Does this get us any closer?  Sure we can always go the route of having
groups in each domain but I don't think that should be necessary.  It seems
we're just having an issue with the recognition of the group and the
computer using the same connection, so I wanted to try using DNs to identify
each object and using the root connection to manage the objects correctly.
Please let me know how this works out for you.

--
Kirk Munro [MVP]
Poshoholic
http://poshoholic.com

groupe de discussion : A0C30C4F-31F4-4E4E-AAD3-45A09E0F372B@microsoft.com...

28-Jul-08 03:25 PM

I keep getting the following exact message, but my DN IS correct.

Cannot resolve DN for the given identity:
'cn=MS02,dc=us,dc=test2ad,dc=super,dc=com'
At line 39, position 35
Add-QADGroupMember -Identity $smallestGroup -Member $_.dn
-Connection $rootDomainConnection

28-Jul-08 04:25 PM

So the DN you have entered in your script is the same DN you get when you
run this:

Get-QADGroup Domain\MS02 -service us.test2ad.super.com | ForEach-Object {
$_.dn }

?

If that's the case, then the DN simply can't be resolved using the root
domain connection.

Of the following, which ones work?

Get-QADGroup 'cn=MS02,dc=us,dc=test2ad,dc=super,dc=com' -service
us.test2ad.super.com
Get-QADGroup 'cn=MS02,dc=us,dc=test2ad,dc=super,dc=com' -service
invest.test2ad.super.com
Get-QADGroup 'cn=MS02,dc=us,dc=test2ad,dc=super,dc=com' -service
test2ad.super.com

The first one absolutely should work.  I'm mostly concerned about the other
two.

--
Kirk Munro [MVP]
Poshoholic
http://poshoholic.com

groupe de discussion : 955AB29B-8816-4338-A95A-91E60E76920E@microsoft.com...

28-Jul-08 04:29 PM

I just tried something simple:

$G1 = Get-QADGroupMember 'CN=MS02,DC=us,DC=test2ad,DC=super,DC=com'

Write-Host $G1

and got the same message.

Cannot resolve DN for the given identity:
'CN=OM_MS02,DC=us,DC=test2ad,DC=super,DC=com'
At line 2, position 25
$G1 = Get-QADGroupMember 'CN=MS02,DC=us,DC=test2ad,DC=super,DC=com'

The following will work though:

$G1 = Get-QADGroupMember 'domain\MS02'

Write-Host $G1

It displays the list of computers DN's

28-Jul-08 04:49 PM

To answer your first question: Yes.

I ran the three commands you provided and got back no errors, but no results
either.