Backtrack:

showing posts tagged with 'powershell'

by lunarg on March 20th 2020, at 16:02

With the strong increase in hackers targeting Office 365 tenants, it may be useful to see who has Global Administrator access in your tenant. This can be done either via the Office 365 Portal but also through Powershell.

Note: be sure to install the required Powershell cmdlets before attempting this.

Connect to your Office 365 tenant:

Connect-MsolService

To retrieve a list of users with the Global Administrator role, run this:

Get-MsolRoleMember -RoleObjectId $(Get-MsolRole -RoleName "Company Administrator").ObjectId | Select DisplayName,EmailAddress You can append Export-Csv to export the list to a CSV-file. by lunarg on March 17th 2020, at 09:26 If you wish to use TLS, or are using TLS authentication in a Office 365 Hybrid environment, and have manually changed or renewed the SSL certificate, you may still get errors about unable to initiate the TLS session (STARTTLS), even though the SSL certificate has been correctly renewed. Just setting the SSL certificate to be used with SMTP is not enough to make TLS work correctly. You also need to (re-)configure the TLS certificate name on your send and receive connectors. As stated by the manual: TlsCertificateName The TlsCertificateName parameter specifies the X.509 certificate to use with TLS sessions and secure mail. Valid input for this parameter is [I]Issuer[S]Subject. The Issuer val ... by lunarg on September 24th 2019, at 16:37 You can use Powershell to get the block size of a Windows NTFS volume: On newer systems: Get-CimInstance -ClassName Win32_Volume | Select DriveLetter,Label, BlockSize | FT -AutoSize On older systems, the Get-CimInstance may not be available, in which case you can use the (deprecated) Get-WmiObject: Get-WmiObject -Class Win32_Volume | Select DriveLetter,Label, BlockSize | FT -AutoSize by lunarg on July 10th 2018, at 14:46 A few steps to enable management of your Office 365 subscription using Powershell. One uses Powershell because not all configuration is available through the Office 365 Portal, and it's also useful for automation. Note that the old method of installing the Azure Active Directory Module is deprecated. The only supported way is to install the cmdlets directly through Powershell, as described below. UPDATE (2018-07-09): removed all deprecated information. UPDATE (2016-04-20): updated links and information. Download and install the Microsoft Online Services Sign-In Assistant. Download and install Windows Management Framework 5.1. Open an elevated Powershell, and run the following comma ... by lunarg on July 9th 2018, at 14:32 If you are using multi-factor authentication, it is not possible to use the old method of connecting to Exchange Online. You will have to install the Exchange Online Remote PowerShell Module, and use the Connect-EXOPSSession cmdlet to connect. You can install the PowerShell module by following these instructions: Log on to Exchange admin center. In the left menu, click on hybrid. Click the configure button for the Exchange Online Remote PowerShell Module. This will start the installation. In the Application Install that appears, click the Install button. A shortcut will be placed on your desktop which will start PowerShell with the required modules. Start Exchange Online Remote PowerS ... by lunarg on July 9th 2018, at 14:30 You can manage Exchange Online through Powershell in a similar fashion as you would an on-premise Exchange. There are some differences between available cmdlets and what they do between on-premise Exchange and Exchange Online, but the majority are the same. Using multi-factor authentication The method mentioned below is deprecated and only works for non-MFA usage. If you are using multi-factor authentication, you will have to use the Exchange Online Remote PowerShell Module to connect to Exchange Online. Instructions can be found in this article. Using PS remoting, the cmdlets for Exchange Online are imported through the internet, so first, you need to change the Powershell execution polic ... by lunarg on March 12th 2018, at 08:27 Starting from Windows 10 Creators Fall Update, you can use VT escape sequences to colorize the output to console. You can use this to colorize columns in Format-Table, too. A sample snippet, colorizing the output based on the contents of the "Status" field: $somelist | FT FirstName,LastName,@{l="Status";e={
switch ($_.Status) { "OK" {$color = 92; break}
"NOT OK" {$color = 91; break} default {$color = 93}
}
"$e[${color}m$($_.Status)${e}[0m" }} A complete list of color codes can be found here: https://docs.microsoft.com/en-us/windows/console/console-virtual-terminal-sequences by lunarg on September 12th 2017, at 10:31 One of the most common Exchange admin tasks is setting mailbox delegations. Personally, I usually do this through EAC but once you're familiar with the Powershell counterparts, it can be quicker to use that instead. I've created this post as a reference to do just that. In the reference below, the user "Ellen Somebody" requires access to the mailbox of "John Doe". Send on Behalf Set-Mailbox john.doe -GrantSendOnBehalfTo ellen.somebody Send As Add-ADPermission john.doe -ExtendedRights Send-As -user ellen.somebody Full Access Add-MailboxPermission -Identity john.doe -User ellen.somebody -AccessRights FullAccess -InheritanceType All by lunarg on April 6th 2017, at 10:35 Differentiating users that are synchronized from an on-premise AD and users created in Office 365 is easy when logged in through the Office 365 Portal. When using Powershell, it's another matter. While there's a parameter for Get-MsolUser to show only synchronized users, the ability to filter on only cloud users is missing. However, as cloud-only users do not have the ImmutableID set, you can build your own filter. This one's obvious: Get-MsolUser -All -Synchronized You can filter on ImmutableID as it's not set for cloud-only users: Get-MsolUser -All | ? ImmutableID -eq$null

If you want to filter out external users (i.e. if you shared something in Sharepoint Online with users that aren  ...
by lunarg on January 31st 2017, at 15:55
When using credentials in Powershell, you usually use Get-Credential, which essentially creates PSCredential objects. Creating such an object prompts the user to enter a username and password, which is not really usable in unattended scripts. There's a method where you can specify an unencrypted password but this is not secure. Fortunately, there's also a method where you can store the encrypted password in a file and use it to set the password.

To create a password file, run this from a Powershell window:

Read-Host -AsSecureString | ConvertFrom-SecureString | Out-File path-to-file

You will not get a real prompt: simply type the password will show * in the console. Type the password twice  ...
by lunarg on January 23rd 2017, at 10:17

If you have the Exchange Management Tools installed, you can easily import the Exchange module into a standard Powershell by running the Add-PSSnapin cmdlet.

Depending on the Exchange version, the module to add is slightly different:

 Exchange 2007 Microsoft.Exchange.Management.PowerShell.Admin Exchange 2010 Microsoft.Exchange.Management.PowerShell.E2010 Exchange 2013 Microsoft.Exchange.Management.PowerShell.SnapIn

If you're not sure about the version, you can also use wildcard characters:

Add-PSSnapin *Exchange*

If you don't want to install the management tools, you can also use PS remoting to remotely access the management shell from a standard Powershell.

by lunarg on January 9th 2017, at 16:33
A new Powershell module, called Azure AD v2 is available to manage Office365 from Powershell, and is now the preferred method for managing Office365 tenants from Powershell. Unlike the older MSOnline module, you need to download and install this version from the Powershell Gallery, for which there is no direct download link.

Windows 10 already has the PowershellGet module needed to download modules from Powershell Gallery, so all you need to do is run the following in an elevated Powershell:

You may get a message about NuGet provider is required to continue. You can safely confirm this.

Everything pre-Windows 10 and starting from Windows 7 SP1 and 2008R2 SP1, you n  ...
by lunarg on November 18th 2016, at 14:44

When running Get-ReceiveConnector, the contents of the RemoteIPRanges field may be truncated if there are a lot of entries. You can "expand" the list:

Get-ReceiveConnector MyConnector | Select -expand RemoteIPRanges | FT

This will expand each of the IP range objects and FT makes sure it's nicely formatted in a table. For single addresses, you only need the LowerBound column, but if ranges have been specified, you probably want both columns.

by lunarg on October 12th 2016, at 15:46
I found this little snippet online that allows you to preparse your Powershell scripts to ensure there are no syntax errors in it. This is useful if you need to know the script is error-free but are otherwise unable to run it.

Source: https://rkeithhill.wordpress.com/2007/10/30/powershell-quicktip-preparsing-scripts-to-check-for-syntax-errors/# Contents of file TestScript.ps1param($path, [switch]$verbose)if ($verbose) {$VerbosePreference = ‘Continue’}trap { Write-Warning $_;$false; continue }& { $contents = get-content$path $contents = [string]::Join([Environment]::NewLine,$contents) [void]$ExecutionContext.InvokeCommand.NewScriptBlock($contents) Write-Verbose "  ...
by lunarg on August 10th 2016, at 15:31
It may not seem evident to find out which mailboxes are accessible by a particular user or group. Through EAC, there is no apparent way to do this, as giving access for a user to a (shared) mailbox can only be done through the shared mailbox and then providing the user/group access. There is no way to query a particular user/group and show a list of mailboxes that user/group has access to. Fortunately, it seems that Powershell (EMS) does provide an easier answer.

These cmdlets work in both Office365 and on-premise Exchange 2007 or newer.

Get-Mailbox | Get-MailboxPermission -User user1

Although the cmdlet states a user name, replacing th  ...
by lunarg on August 4th 2016, at 10:57

Using ADUC, it can be quite a hassle to find and/or unlock AD accounts. Powershell solves this by providing some neat commands for a system administrator to use.

To list all locked out AD accounts:

Search-ADAccount -LockedOut

Search-ADAccount -LockedOut | FL

Furthermore, you can pipe the output to quickly unlock some/all AD accounts:

Search-ADAccount -LockedOut | Unlock-ADAccount
by lunarg on May 25th 2016, at 15:59

You can quickly check which mailbox has e-mail forwarding settings enabled through the EMS:

Get-Mailbox -Filter {ForwardingAddress -ne \$null} | FT Name,ForwardingAddress,DeliverToMailboxAndForward -Autosize`

You can use the cmdlet above and process its output or export it to a CSV (using Export-CSV).

by lunarg on March 17th 2016, at 13:30
There are a variety of methods to enable Remote Desktop and Remote Management from a script. This is particularly useful if you have many Core Servers and no SCCM or some other deployment system.

Powershell:

(Get-WmiObject Win32_TerminalServiceSetting -Namespace root\cimv2\terminalservices).SetAllowTsConnections(1,1)Set-ExecutionPolicy Unrestricted -ForceEnable-PSRemoting -Force

This enables Remote Desktop with NLA (first param), adjust the required firewall rules (second param), and finally, enables Remote Management.

Batch:

cscript %windir%\system32\scregedit.wsf /ar 0cscript %windir%\system32\scregedit.wsf /cs 1

Like the PS variant, this enables Remote Desktop while the second line   ...
by lunarg on December 15th 2015, at 15:21
Quest Rapid Recovery has a module for Powershell which allows manipulation of Rapid Recovery through several cmdlets. This comes in handy if you want to do some automation, and more importantly, it's a lot faster than the web interface.

To load the AppAssure module for PowerShell:

Import-Module appassurepowershellmodule

Then, to get a list of all available cmdlets for AppAssure, run:

Get-Command -Module appassurepowershellmodule

The majority of core and agent functions are available through PS. There are quite a few, and it would go beyond the scope of the article to explain them all. You can get (limited) help by prepending a cmdlet with the keyword help.

Suspend all backups for all m  ...
by lunarg on November 26th 2015, at 15:10
When scheduling the run of a Powershell script through Task Scheduler, it is highly recommended to set up the task to run accordingly:

powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File "path\to\script.ps1"

Scheduling Powershell scripts in this manner will prevent the dreaded 0x1 exit code from happening.

-NoProfile prevents loading of the user's profile, speeding up the startup of the script and preventing the script from depending on user-specific settings and scripts.

-NonInteractive will allow a script to exit rather than waiting indefinitely when a user prompt occurs.

Setting the -ExecutionPolicy to ByPass or Unrestricted will allow unsigned s  ...

showing posts tagged with 'powershell'
 « ‹ April 2020 › » Sun Mon Tue Wed Thu Fri Sat 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30