Connect-AzureAD
Get-AzureADUser -ObjectID "xnverma@nilabh.com" | Select *
Get-AzureADUser -ObjectID "xnverma@nilabh.com" | Select -ExpandProperty ExtensionProperty
November 17, 2022
October 14, 2022
Establish broken domain connection without reboot
Log in to the server with a local Administrator account and run the following command:
Test-ComputerSecureChannelTest-ComputerSecureChannel -credential nilabh\xnverma -Repair
Note: Use the Domain Admins account after the credential switch. Here, "nilabh\xnverma" is part of the Domain Admins group.
Test-ComputerSecureChannelTest-ComputerSecureChannel -credential nilabh\xnverma -Repair
Note: Use the Domain Admins account after the credential switch. Here, "nilabh\xnverma" is part of the Domain Admins group.
August 29, 2022
Run PowerShell script to multiple servers remotely
List all servers (better FQDN or IP) in a txt file name "servers.txt".
Keep the PowerShell script (say script.ps1) at the same location as the text file.
Keep the PowerShell script (say script.ps1) at the same location as the text file.
$server=Get-Content C:\servers.txt
Invoke-Command -ComputerName $server -FilePath C:\script.ps1
August 17, 2022
Get the list of all Hotfix in multiple servers for specific time period
Create a text file (.txt) with the name "serverlist.txt" and mention all server's FQDN. In this example, we will get the hotfix details from 1st August to 30th August 2022.
Note: The date in this script will be MM/DD/YYYY
$server = Get-Content .\serverlist.txtGet-Hotfix -ComputerName $server |
Where {
$_.InstalledOn -gt "8/1/2022" -AND $_.InstalledOn -lt "8/30/2022" } | Select-Object pscomputername,description,hotfixid,installedby,installedon |
Export-Csv August_Patch.csv
Where {
$_.InstalledOn -gt "8/1/2022" -AND $_.InstalledOn -lt "8/30/2022" } | Select-Object pscomputername,description,hotfixid,installedby,installedon |
Export-Csv August_Patch.csv
August 11, 2022
How to Backup all Microsoft DNS Zones
# Get the name of the server with the env variable
$DNSServer=get-content env:computername
# Define folder where to store DNS backup
$BackupFolder="C:\Windows\System32\DNS\Backup"
# Define file name where to store DNS settings
$DNSFile=Join-Path $BackupFolder "input.csv"
# Check if the folder already exists. If exists, delete all content
if (-not(test-path $BackupFolder)) {
new-item $BackupFolder -Type Directory | Out-Null
} else {
Remove-Item $BackupFolder"\*" -recurse
}
# Get DNS settings using WMI Object
$List = get-WMIObject -ComputerName $DNSServer -Namespace root\MicrosoftDNS -Class MicrosoftDNS_Zone
# Export information into input.csv file
$List | Select Name,ZoneType,AllowUpdate,@{Name="MasterServers";Expression={$_.MasterServers}},DsIntegrated | Export-csv $DNSFile -NoTypeInformation
# Call Dnscmd.exe to export DNS zones
$list | foreach {
$path="backup\"+$_.name
$cmd="dnscmd {0} /ZoneExport {1} {2}" -f $DNSServer,$_.Name,$path
Invoke-Expression $cmd
}
#End of script
$DNSServer=get-content env:computername
# Define folder where to store DNS backup
$BackupFolder="C:\Windows\System32\DNS\Backup"
# Define file name where to store DNS settings
$DNSFile=Join-Path $BackupFolder "input.csv"
# Check if the folder already exists. If exists, delete all content
if (-not(test-path $BackupFolder)) {
new-item $BackupFolder -Type Directory | Out-Null
} else {
Remove-Item $BackupFolder"\*" -recurse
}
# Get DNS settings using WMI Object
$List = get-WMIObject -ComputerName $DNSServer -Namespace root\MicrosoftDNS -Class MicrosoftDNS_Zone
# Export information into input.csv file
$List | Select Name,ZoneType,AllowUpdate,@{Name="MasterServers";Expression={$_.MasterServers}},DsIntegrated | Export-csv $DNSFile -NoTypeInformation
# Call Dnscmd.exe to export DNS zones
$list | foreach {
$path="backup\"+$_.name
$cmd="dnscmd {0} /ZoneExport {1} {2}" -f $DNSServer,$_.Name,$path
Invoke-Expression $cmd
}
#End of script
July 27, 2022
Move bulk computer objects listed in TXT file to specific OU in Active Directory
List down the servers you want to move in a file named "server.txt".
Then find the correct OU where you want to move all computer objects.
Then find the correct OU where you want to move all computer objects.
Note: We assume we need to move the computer accounts in Servers OU under the nilabh.com domain.
Run the following script to move all computer objects listed in the notepad file to the required OU.
$Servers = Get-Content "C:\servers.txt"
$TargetOU = "OU=Servers,DC=nilabh,DC=com"
$TargetOU = "OU=Servers,DC=nilabh,DC=com"
ForEach( $Computer in $Servers ) {
Get-ADComputer $Computer | Move-ADObject -TargetPath $TargetOU
}
Get-ADComputer $Computer | Move-ADObject -TargetPath $TargetOU
}
July 23, 2022
Upgrade the Exchange Server Schema to the latest version
Download the latest schema update from the below links:
Exchange Server 2019
Exchange Server 2016
Check the adequate build numbers of effective Cumulative Updates after the upgrade from the below links:
Exchange 2019 Active Directory versions
Exchange 2016 Active Directory versions
Exchange 2013 Active Directory versions
Upgrade steps:
Exchange Server 2019
Exchange Server 2016
Check the adequate build numbers of effective Cumulative Updates after the upgrade from the below links:
Exchange 2019 Active Directory versions
Exchange 2016 Active Directory versions
Exchange 2013 Active Directory versions
Upgrade steps:
Copy and paste the latest exchange setup in the Schema Master domain controller.
Mount the ISO image to the server.
Open PowerShell as Administrator. Navigate to the DVD disk drive and run the following commands:
Setup.EXE /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF /PrepareSchema
Force the AD replication - repadmin /syncall /AdePS
Setup.EXE /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF /PrepareAD /OrganizationName:"MESSAGING"
Note: Change the Organization Name according to your organization. If you are not sure, check with the Exchange Administrator.
Force the AD replication - repadmin /syncall /AdePS
Setup.EXE /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF /PrepareAllDomains
Force the AD replication - repadmin /syncall /AdePS
Once the Schema has been upgraded, validate the latest version from this script.
Note: The value will depend upon the CU version. Please verify this in the links provided above.
Force the AD replication - repadmin /syncall /AdePS
Setup.EXE /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF /PrepareAD /OrganizationName:"MESSAGING"
Note: Change the Organization Name according to your organization. If you are not sure, check with the Exchange Administrator.
Force the AD replication - repadmin /syncall /AdePS
Setup.EXE /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF /PrepareAllDomains
Force the AD replication - repadmin /syncall /AdePS
Once the Schema has been upgraded, validate the latest version from this script.
Note: The value will depend upon the CU version. Please verify this in the links provided above.
June 22, 2022
Convert SID to Username and Username to SID using PowerShell
Convert SID to Username
$SID ='S-1-5-21-1924530255-1943933946-939161726-500'
$objSID = New-Object System.Security.Principal.SecurityIdentifier($SID) $objUser = $objSID.Translate([System.Security.Principal.NTAccount]) Write-Host "Resolved user name: " $objUser.Value
Convert Username to SID
$user ='TestDomainMorgan'
$objUser = New-Object System.Security.Principal.NTAccount($user) $objSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier]) Write-Host "Resolved user's sid: " $objSID.Value
$SID ='S-1-5-21-1924530255-1943933946-939161726-500'
$objSID = New-Object System.Security.Principal.SecurityIdentifier($SID) $objUser = $objSID.Translate([System.Security.Principal.NTAccount]) Write-Host "Resolved user name: " $objUser.Value
Convert Username to SID
$user ='TestDomainMorgan'
$objUser = New-Object System.Security.Principal.NTAccount($user) $objSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier]) Write-Host "Resolved user's sid: " $objSID.Value
June 7, 2022
Grant Admin Consent for API permission in Managed Identity object in Azure
Unlike the SPNs (App Registration) in Azure, a manual Admin Consent can't be given to a Managed Identity object. We have to use the script to do that. Before creating the script, you need to find the below details:
TenantID: Go to Azure Active Directory and in Overview, you will find the Tenant ID.
TenantID: Go to Azure Active Directory and in Overview, you will find the Tenant ID.
GraphAppID: It's the ID for different types of APIs, such as Microsoft Graph. Most of the time we use Microsoft Graph and its ID is 00000003-0000-0000-c000-000000000000. You can find IDs for commonly used Microsoft apps here.
DisplayNameofMSI: Give the name same as your app.
PermissionName: API permission you need on your app, such as User.Read.All or Sites.Read.All etc. I am taking Directory.Read.All as an example in this script.
$TenantID="provide the tenant ID"
$GraphAppId = "00000003-0000-0000-c000-000000000000"
$DisplayNameOfMSI="provide the App name"
$PermissionName = "Directory.Read.All"
Install-Module AzureAD
Connect-AzureAD -TenantId $TenantID
$MSI = (Get-AzureADServicePrincipal -Filter "displayName eq '$DisplayNameOfMSI'")
Start-Sleep -Seconds 10
$GraphServicePrincipal = Get-AzureADServicePrincipal -Filter "appId eq '$GraphAppId'"
$AppRole = $GraphServicePrincipal.AppRoles | `
Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains "Application"}
New-AzureAdServiceAppRoleAssignment -ObjectId $MSI.ObjectId -PrincipalId $MSI.ObjectId `
-ResourceId $GraphServicePrincipal.ObjectId -Id $AppRole.Id
Once you are done, it will give you confirmation. Then you can go to the app and see the API permission in the Permission tab.
$DisplayNameOfMSI="provide the App name"
$PermissionName = "Directory.Read.All"
Install-Module AzureAD
Connect-AzureAD -TenantId $TenantID
$MSI = (Get-AzureADServicePrincipal -Filter "displayName eq '$DisplayNameOfMSI'")
Start-Sleep -Seconds 10
$GraphServicePrincipal = Get-AzureADServicePrincipal -Filter "appId eq '$GraphAppId'"
$AppRole = $GraphServicePrincipal.AppRoles | `
Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains "Application"}
New-AzureAdServiceAppRoleAssignment -ObjectId $MSI.ObjectId -PrincipalId $MSI.ObjectId `
-ResourceId $GraphServicePrincipal.ObjectId -Id $AppRole.Id
Once you are done, it will give you confirmation. Then you can go to the app and see the API permission in the Permission tab.
Subscribe to:
Posts (Atom)