PowerShell

Auditing Active Directory Password Quality

Posted by robd on April 24, 2018
Active Directory, powershell / No Comments

Hi All,

A chap called Michael Grafnetter has created a brilliant PowerShell script to check password hashes in Active Directory against a list of simple or common passwords.

This is great to encourage users not to use obvious passwords, for example if a company is called Contoso then you’d want to encourage users not to use Contoso1 etc.

Here’s how:

Download the software:

https://github.com/MichaelGrafnetter/DSInternals/releases/tag/v2.22

Copy the DSInternals directory to your PowerShell modules directory, e.g.

Launch Windows PowerShell.
(Optional) If you copied the module to a different directory than advised in step 4, you have to manually import it using the Import-Module .\DSInternals\DSInternals.psd1 command.

Next create a text file called passwords.txt and fill it with passwords you’d like to scan for, example:

Then here’s an example script:

First set the password txt file.

Then set the Domain Contoller, in this case DC1

Then set the distinguished name of the OU and sub OUs you can to scan:

Note ” and ‘ are not showing up properly,

$dictionary = Get-Content passwords.txt | ConvertTo-NTHashDictionary Get-ADReplAccount -All -Server DC1 -NamingContext ‘dc=adatum,dc=com’ | Test-PasswordQuality -WeakPasswordHashes $dictionary -ShowPlainTextPasswords -IncludeDisabledAccounts

Here’s an output:

Tags: , ,

DirectAccess IP-HTTPS Error 0x2af9

Posted by robd on October 26, 2017
Direct Access, powershell, Server / 1 Comment

My Windows 10 client wouldn’t connect to our Direct Access severs today, kept just getting Connecting

So to troubleshoot I’d recommend:

Checking your internet connection:

Now its worth running some PowerShell commands to get the actual error:

This likeley means your proxy is in the way of your connection.

Check the settings:

Get-NetIPHttpsConfiguration

Double check your internet connection

Test-NetConnection

I think its time to check the proxy settings:

Check if you can get to a website via IE and try via another browser such as Firefox.

If you cant then check if your proxy is off:

Now check the windows 10 proxy and the Netsh proxy:

Windows 10, turn it off:

Check the netsh and then turn it off or reset it to IE:

When reset should look like this:

 

Failing that reset the IP Helper in services.msc or reboot:

 

The netsh settings fixed it for me, the reason I’d set it was to allow PowerShell out to the internet for Exchange 365 work.

Tags: , , ,

Convert Exchange 2003 Email Address book Policies to Exchange 2010 Email Address book polices

Posted by robd on May 24, 2017
exchange, exchange 2010 / 2 Comments

If you ever get this annoying message when opening an Email Address book policy:

This means the policies were created with old versions of Exchange, in my case Exchange 2003, you can find them all, looking for the word Legacy:

As you can this will show the ldap query too, the problem is if you run the Set-EmailAddressPolicy against this then you’ll break it, all custom filters (LDAP queries) will be reset to “mailnickname=*” which can result significant email outages.

So how to fix it.

Download this PS script: https://gallery.technet.microsoft.com/office/7c04b866-f83d-4b34-98ec-f944811dd48d

Choose a policy to convert, copy the query from above and run the following:

So now we have this:

Now finially lets run the Set-EmailAddressPolicy (NOTE THE {} at the beginning and end, not a ” :

Done, F5 it in Exchange console and see if you can open it!!

Tags: , ,

Change the DNS from a list of Servers

Posted by robd on October 27, 2016
powershell / No Comments

Change the DNS from a list of servers:

Tags: ,

Get the DNS Addresses from a list of Servers

Posted by robd on October 27, 2016
powershell / No Comments

As per the title, find the DNS addresses from a text list of servers:

Tags: ,

Find WWN for a Converged network Adapeter via PowerCLI

Posted by robd on October 26, 2016
Encyrption / No Comments

As per the title:

Tags: , , ,

Exchange 2010 – Add SendAs permissions from MailboxPermissions

Posted by robd on July 24, 2016
exchange 2010, powershell / No Comments

To add send as permissions from the existing permissions on a mailbox you can use this script:

All you need to do is specify the username twice:

Tags: , ,

Exchange 2010 – Change the language of folder names in Outlook

Posted by robd on July 19, 2016
exchange 2010, powershell / No Comments

So We had a shared mailbox that was originally opened in Finland and as such the inbox was named postilaatikkoon and sent items was named Lähetetyt.

So I thought I’d jump into OWA and change the language there, well it turns out that has nothing to do with Folder names.

So after some research I found I could use:

But the mailbox is shared so doesn’t have a enabled user to logon with so I found this Exchange PowerShell command:

Job done.

Tags: , , ,

Exchange 2010 – PowerShell from another PC

Posted by robd on June 24, 2016
exchange 2010, powershell / No Comments

To connect to Exchange and use powershell use this command:

 

Tags: ,

Office 365 Group Functions

Posted by robd on April 16, 2016
Office 365, powershell / No Comments

Before I get started this is not referring to standard Distribution Groups, this email refers to the groups that can be created in the newer version of Office 365 that allow a “Lync-esque” conversation feature but with added functionality, such as reviewing previous messages when added at a later date.

 

In most environments this would be a great feature, workplace and alike, however in environments like  schools it can lead to some administrative troubles as there is no, current, way to administrate the groups once created as they are hidden to the admin unless viewed within the mailbox/OWA of the user doing the creating.

 

In this particular case these groups needed to be, A: removed manually, and B: disabled from future creation.

 

First you have to log in to the exchange mailbox via PowerShell, so have your admin credentials ready, once you are in and are ready to make changes, this is the command to run;

 


 

You can create a new policy and apply the above change to it, then set that policy as the default for your users/groups.

 

Please see this article for a much more in-depth overview of the feature and how to disable or utilize it.

 

If you have any questions please email me.

Tags: , , ,

Copy Protected by Chetan's WP-Copyprotect.