Get-OfficeGraphUnifiedGroups.ps1

So I had a need to find all the office 365 unified groups in an office 365 tenant, see if they are active and if they are a team.

So I wrote this.
https://drive.google.com/open?id=1rIq3GbNWWdMSr9fSdgiM7lqeZ3eKGH6J

It uses Office 365 graph and I assumes you have already setup office graph access.  If you have not, check out this link to set things up.
https://blogs.technet.microsoft.com/dawiese/2017/04/15/get-office365-usage-reports-from-the-microsoft-graph-using-windows-powershell/

Let me know what you think!

UPDATE:
YouTube demo can be found here: https://youtu.be/zjN9_WxbXDA

 

Exchange Online Default Email Address Policy

So this was interesting.  I had a user that was failing to create an Exchange Online Mailbox, due to a duplicate tenant address (tenantname.onmicrosoft.com), which us mortal people have zero control over.

After a week of playing I raised a call with Microsoft to see what the hell was going on.

To cut a long story short, the issue was resolved by itself.  “When product group started the troubleshooting mailbox was already created.”  Yeah right! As if by magic after a week it sorts itself .. sorry not convinced!

Anyway, it turns out (according to PSS), that the Default Email Address Policy on Exchange Online actually does nothing, and updating it from the default email template, has zero effect on users!  Which seams a bit odd, but hey!?!

The other interesting thing, is that if two users share the same UPN prefix like bob@domain1.com and bob@domain2.com there will be a conflict because both should get bob@tenantname.onmicrosoft.com as an alias in Office 365.

We have over 100k synced objects and over 600 domains.  So we should have seen this issue before .. but we didn’t.

Anyway, this is where the duplicate attribute resiliency feature of AAD Connect should come in to play, to make sure the attributes are unique. https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsyncservice-duplicate-attribute-resiliency.

However, for the user I had an issue with, this didn’t happen!

The expected behavior should be:

1st user to be synced / provisioned:
UPN / primary SMTP: bob@domain1.com
Secondary SMTP / cloud alias: bob@tenantname.onmicrosoft.com
Remote routing address: whatever is set via Exchange console (using the tenantname.mail.onmicrosoft.com domain)

2nd user to be synced / provisioned:
UPN / primary SMTP: bob@domain2.com
Secondary SMTP / cloud alias: bob1234@tenantname.onmicrosoft.com
Remote routing address: whatever is set via Exchange console (using the tenantname.mail.onmicrosoft.com domain)

So, only the IT gods know what happened, and it shouldn’t have happened in the first place, but welcome to the occasional oddness of cloud computing and Office 365.

UPDATE#1: Resolution from Microsoft: Attribute resiliency feature action generated unique onmicrosoft.com smtp address, but unfortunately with significant delay.

Laters

Office 365 SMTP Relay Using Windows PowerShell

We are looking to the future, and getting ready to remove OnPrem Exchange.  To do this we need to deal with SMTP Relay.

Microsoft have this doc to help: https://support.office.com/en-gb/article/How-to-set-up-a-multifunction-device-or-application-to-send-email-using-Office-365-69f58e99-c550-4274-ad18-c805d654b4c4

But I wanted to code it ;-)

Quite simple, you need to use an Exchange Online Account:
$Password = "#mailbox password"
$emailFrom = "#mailbox"
$SMTPServer = "smtp.office365.com"
$SMTPPort = 587
$emailTo = "#recipient"
$msgsubject = "testing testing 1-2-3"
$msgBody = "hello world"
$message = New-Object Net.Mail.MailMessage($emailFrom, $emailTo, $msgsubject, $msgBody)
$message.IsBodyHTML = $True

$smtp = New-Object Net.Mail.SmtpClient($SMTPServer,$SMTPPort)
$smtp.EnableSSL = $true
$smtp.Credentials = New-Object System.Net.NetworkCredential($emailFrom, $Password);
$smtp.Send($message)

enjoy

Using Windows PowerShell to Find an AD User across multiple domains

So, I have a single forest with multiple domains.  I wanted to use the native ActiveDirectory module for find a SamAccountName.

I came up with this:

$sam = "mysam"
$domains = (Get-ADForest).domains
ForEach($domain in $domains){
  Write-Host $domain
  Get-ADUser -Filter 'SamAccountName -eq $sam ' -Server $domain -Properties *| select DistinguishedName
}

Then I had a brain fart!  Why not use a GC?  Its quicker ;-)

$sam = "mysam"
$forest = (Get-ADForest).Name + ":3268"
Get-ADUser -Filter 'SamAccountName -eq $sam' -Server $forest -Properties * | select DistinguishedName

enjoy!

Quest Support Product Release Notification – Enterprise Reporter 3.0

From Quest

“We are excited to announce a new version of Enterprise Reporter 3.0 is now available for download.
Look what’s new:

  • Check out the “What’s New with Enterprise Reporter 3.0” video
    • Support for Office 365 – Azure AD, Exchange Online, and OneDrive for Business
      • Including Azure Tenant, Subscription and Licensing information
    • Take action with Security Explorer Remediation Reports
    • Performance Enhancements with NTFS Collector
    • Enhanced Data Collections with new attributes
    • Configuration options to integrate with IT Security Search “

Powershell Split String

#Powershell

I wanted to put a disclaimer in my profile.ps1 file, but I wanted it to look nice.  I wanted it to split at 67 characters and split whole words.

It was a painful exercise, but this works!

$message="This system is the property of Flaphead.com, and provided only for authorised used according to Flaphead.com policies. This system may be subject to monitoring for lawful purposes and to ensure compliance with Flaphead.com policies in accordance with all applicable legislation. Use of this system constitutes consent to lawful monitoring, Flaphead.com policies and all applicable legislation."

$SplitAt = 67
$Start = 0
$MessageLength = $Message.Length
$MessageArray = @()
$more = $True
While($more){
$CharsLeft = $MessageLength - $Start
$splitNow = [math]::min($SplitAt, $CharsLeft)
$chars = $Message.substring($start,$SplitNow)
if($splitNow -ne $SplitAt){$tmpLine = $Chars}ELSE{ $tmpLine = $Message.substring($start,$chars.lastindexof(" ")+1)}
$start += $tmpLine.Length
IF([string]::IsNullOrEmpty($tmpLine)){$more=$False}ELSE{ $MessageArray += $tmpLine}
$tmpLine
if($start -gt $MessageLength){$more=$False}
}

Blog Recovery

#webstory

So you may (or may not) remember my story back in December [What the hell happened to you blog maan?] where my Hyper-V host corrupted a disk and so bricked my community server blog.

.. and this Word Press Blog came out of the ashes.

But I managed to get community server to kinda work and wanted to back it up and restore it.

I have been on the hunt for a tool for ages, even looking at PowerShell code to do it,  but over the weekend I discovered WebStory (http://webstory.my/)  Essentially it is a blog editor with one rather handy feature .. it can back you blog up.

It appears to install some kind of database locally (a .CSND?), and then you point it at your blog and you can back it up locally.  How funky is that.  Then, in my case I told it about this blog, and now I can restore from my old and post to my new blog with a few clicks!

It works really well and is a life saver.  It’s a shame it doesn’t have a “restore” blog button, or be able to restore a post with the original post date (you have to manually change it), but it does what it says on the tin.

So far I love it, the actual editor tool is nice too, but i need to get my head around the “credits”.  Not really sure what they are about, but they enforce limits on how many post you do per day, which isn’t great.  I know you need to make money out of an App, but I would rather pay for the App than pay for usage.!

Any ways check it, it rocks if you want to backup your blog, and has potential for full restoration (lets hope the developers read this Winking smile)

What computer locked me out

So following on my other two posts Who locked me out? and AD Account Lockout is what is probably the last on this subject .. What computer locked me out.

Found this and its shweet: http://serverfault.com/questions/32633/how-to-check-who-is-currently-logged-on-to-windows-workstation-from-command-line

My problem today, was that some donkey was logging on to server using a service account, and getting the password wrong Disappointed smile and so locking the service account out!

So you can check on the server itself in the security log for event id 529.  The hope is that this will show a Source Network Address.

What you can then do is use the following command with the Source Network Address to find the donkey that is using the computer and so locking the account out!

WMIC /NODE: <IP or hostname> COMPUTERSYSTEM GET USERNAME

This should return the username currently logged!  How cool is that?!

UK DLVA V5C

I got a new red V5C vehicle log book in the post.  The attached note made me smile. 

Q. Why have you sent me a new V5C(NI)?
A. We are replacing all existing blue V5C(NI)s. The new certificate is being introduced following the theft of a number of blank blue V5Cs. The aim is to reduce the risks to motorists of buying a stolen or cloned vehicle.
For tips and advice go to www.direct.gov.uk/motoring

WTF, you don’t keep them under lock and key?

Some more links

http://www.direct.gov.uk/en/Motoring/BuyingAndSellingAVehicle/RegisteringAVehicle/DG_189329

http://www.direct.gov.uk/en/Nl1/Newsroom/DG_189469

What the hell happened to you blog maan?

#vmware #hyper-v #Synology #wordpress #

Wow, long story but I’ll make is short Winking smile

So I used to run my blog in Hyper-v using an old Mac Pro.  I made the decision to upgrade it to VMware 4, and purchased a new Shuttle PC:

  • Shuttle SX58J3 XPC Barebone for SKT1366 Intel CPUs – 500W PSU
  • Intel Core i7 960 3.2 GHz Socket 1366 8MB L3 Cache Retail Boxed Processor
  • Intel PRO/1000 PT Dual Port PCIe Server Adapter
  • Asus HD 5450 SILENT 512MB DDR2 DVI HDMI VGA Out PCI-E Low Profile Graphics Card
  • 2x Seagate ST2000DL003 Barracuda Green 3.5-inch 2TB SATA 6 Gb/s Drive
  • Synology DS211+ (for ISCSI storage of my VMs)

Scott send me a website (http://www.vm-help.com//esx40i/esx40_whitebox_HCL.php) with VMware whiteboxes and that was shweet.  BUT around the same time, VMware 5 came out.  So I thought, stuff it, lets go VMware 5.  Ah, not so fast .. I just could not get it to install!  The installer would start and just hang, even if I left it for days on end, which the faint hope it would finish.

Bollox! so I tried VMware 4 and that worked fine.  It appears that the HCL for VMware 5 is very different to VMware 4 so I was screwed!

That was it, stuff VMware, lets go back to hyper-v.  Done some reading and thought how about Windows 2008 r2 core?

Nice, but i was expecting a Unix type interface, but you still get GINA and once you log in all you get is a command prompt windows and a funky script called sconfig to do everything.

After a bit of googling, I found Core Configurator 2.0 (http://coreconfig.codeplex.com/)  over on codeplex and this is a god send, but you need to get Windows PowerShell installed on core, which is a bit of fun, but i managed it.

Next was Hyper-v.  This worked fine, but the networking was as slow as a one legged dog.  Then it dawned on me that the built in NIC on the shuttle was pants. Once I switched everything to the Intel Pro NIC, it was fine.

I built up an SCVMM box, and started to move my vm’s from the mac pro to the shuttle.  It was slow but worked a treat.

Last to move was my blog.  It turned out that one of the physical disks had a problem, which turned out to be on one of the virtual disks used by my Blog, and to make it worse it was the C drive.  I was screwed!

After a lot of heart ache, I managed to get the blog backup and running, but community server that was running my blog just didn’t want to play ball. I upgraded the versions but still not joy, I just couldn’t get a “single” blog working properly.

I contacted the community server support guys, and the basically said, you need to buy  a licence before we will help you.

Screw you  thought, so I went on the hunt for another package which is WordPress.

I built a new windows 2008 r2 server and followed these excellent steps (http://webmasterformat.com/blog/install-wordpress-on-windows) and there you have it!

Back in the blogosphere.  Still working on converting my old posts from community server, and they will come, but at least I have my voice back now.

Hope you enjoy the posts