IAS (Radius / NPS / Network Policy Server) Log Parser-
https://www.deepsoftware.com/iasviewer/
Blue Screen Viewer-
https://www.nirsoft.net/utils/blue_screen_view.html
Tuesday, March 5, 2019
Monday, March 4, 2019
PowerShell / Exchange Quick Reference
#Connect-MsolService
#Connect-ExchangeOnline -UserPrincipalName youradmin@yourdomain.com
#Disable AADSync-
#Set-MsolDirSyncEnabled -EnableDirSync $false
-----
#Download- https://www.microsoft.com/en-us/download/details.aspx?id=41950
#Run powershell as admin, Install-Module MSOnline
#If you can't, install- http://aka.ms/wmf5download
#Unable to install Nugent Provider?
#Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' #-Name 'SchUseStrongCrypto' -Value '1' -Type DWord
#Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name #'SchUseStrongCrypto' -Value '1' -Type DWord
#Restart Powershell, then-
#Install-Module PowershellGet -F
#Connect-MsolService -Credential $credential
#$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri #https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -#AllowRedirection
#Import-PSSession $Session -DisableNameChecking
Force Azure AD Sync (Skip 30-minute wait)-
import-module adsync
Start-ADSyncSyncCycle -PolicyType Delta
Set-User callie@providentconstruction.com -PermanentlyClearPreviousMailboxInfo
#Run powershell as admin, Install-Module MSOnline
#If you can't, install- http://aka.ms/wmf5download
#Unable to install Nugent Provider?
#Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' #-Name 'SchUseStrongCrypto' -Value '1' -Type DWord
#Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name #'SchUseStrongCrypto' -Value '1' -Type DWord
#Restart Powershell, then-
#Install-Module PowershellGet -F
#Connect-MsolService -Credential $credential
#$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri #https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -#AllowRedirection
#Import-PSSession $Session -DisableNameChecking
Force Azure AD Sync (Skip 30-minute wait)-
import-module adsync
Start-ADSyncSyncCycle -PolicyType Delta
Import-Module -Name "C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync" -Verbose
Purge Exchange Attributes in Office 365. Set-User nwitte@fourpointenergy.com -PermanentlyClearPreviousMailboxInfo
Purge Exchange Attributes in Office 365. Set-User nwitte@fourpointenergy.com -PermanentlyClearPreviousMailboxInfo
Some on-site IT admin deletes the Office 365 object in Exchange Admin Center, you need to re-add it on-prem-
Enable-RemoteMailbox "Alison.Bell@exoip.com"
Put DAG in Maintenance Mode-
Set-ServerComponentState -Identity “EXCH002” -Component HubTransport -State Draining -Requester Maintenance
Redirect-Message -Server “EXCH002” -Target “EXCH001.mgmt.local”
Suspend-ClusterNode “EXCH002”
Set-MailboxServer “EXCH002” -DatabaseCopyActivationDisabledAndMoveNow $true
Get-MailboxServer “EXCH002” | Select DatabaseCopyAutoActivationPolicy (Make sure it's unrestricted)
Set-MailboxServer “EXCH002” -DatabaseCopyAutoActivationPolicy Blocked
Move-ActiveMailboxDatabase -Server "EXCH002" -ActivateOnServer "EXCH001"
Get-MailboxDatabaseCopyStatus -Server “EXCH002” | Where {$_.Status -eq “Mounted”}
Put DAG in Maintenance Mode-
Set-ServerComponentState -Identity “EXCH002” -Component HubTransport -State Draining -Requester Maintenance
Redirect-Message -Server “EXCH002” -Target “EXCH001.mgmt.local”
Suspend-ClusterNode “EXCH002”
Set-MailboxServer “EXCH002” -DatabaseCopyActivationDisabledAndMoveNow $true
Get-MailboxServer “EXCH002” | Select DatabaseCopyAutoActivationPolicy (Make sure it's unrestricted)
Set-MailboxServer “EXCH002” -DatabaseCopyAutoActivationPolicy Blocked
Move-ActiveMailboxDatabase -Server "EXCH002" -ActivateOnServer "EXCH001"
Get-MailboxDatabaseCopyStatus -Server “EXCH002” | Where {$_.Status -eq “Mounted”}
Get-Queue
Set-ServerComponentState “EXCH002” -Component ServerWideOffline -State Inactive -Requester Maintenance
Get-ServerComponentState “EXCH002” | Select Component, State
Get-ServerComponentState “EXCH002” | Select Component, State
Take Dag out Maintenance Mode-
Set-ServerComponentState “EXCH002” -Component ServerWideOffline -State Active -Requester Maintenance
Resume-ClusterNode “EXCH002”
Set-MailboxServer EXCH002 –DatabaseCopyAutoActivationPolicy Unrestricted
Set-ServerComponentState EXCH002 –Component HubTransport –State Active –Requester Maintenance
Set-MailboxServer “EXCH002” -DatabaseCopyActivationDisabledAndMoveNow $false
Set-ServerComponentState “EXCH002” -Component ServerWideOffline -State Active -Requester Maintenance
Resume-ClusterNode “EXCH002”
Set-MailboxServer EXCH002 –DatabaseCopyAutoActivationPolicy Unrestricted
Set-ServerComponentState EXCH002 –Component HubTransport –State Active –Requester Maintenance
Set-MailboxServer “EXCH002” -DatabaseCopyActivationDisabledAndMoveNow $false
Get-ServerComponentState “EXCH002” | Select Component, State
Check Dag Health-
(Get-DatabaseAvailabilityGroup) | ForEach {$_.Servers | ForEach {Get-MailboxDatabaseCopyStatus -Server $_}}
Check Dag Database Active Server-
Get-MailboxDatabaseCopyStatus * -Active | Select Name,Status,MailboxServer,ActivationPreference,ContentIndexState
(Get-DatabaseAvailabilityGroup) | ForEach {$_.Servers | ForEach {Get-MailboxDatabaseCopyStatus -Server $_}}
Check Dag Database Active Server-
Get-MailboxDatabaseCopyStatus * -Active | Select Name,Status,MailboxServer,ActivationPreference,ContentIndexState
Resume Mailbox Copy-
Resume-MailboxDatabaseCopy -Identity DB1\MBX1
Non-Exchange-
Get list of enabled accounts sorted by password last changed date-
Get-ADUser -filter {Enabled -eq $True} -Properties passwordlastset | sort passwordlastset -descend | ft -property samaccountname,passwordlastset
Get Members of Domain Admin-
Get-ADGroupMember "Domain Admins" | ft -property samaccountname
Get Password Never Expires-
Get-ADUser -filter {Enabled -eq $True} -Properties passwordneverexpires | sort PasswordNeverExpires | ft -property SamAccountName,PasswordNeverExpires
Last Logon-
Get-ADUser -filter {Enabled -eq $True} -Properties LastLogonDate | sort LastLogonDate | ft -property SamAccountName,LastLogonDate
Find Windows 7 Computers that logged in within 30 days-
Get-ADComputer -Properties * -Filter {Enabled -eq $True -and OperatingSystem -like "Windows 7*"} | Where { $_.LastLogonDate -GT (Get-Date).AddDays(-30) } | FT Name, OperatingSystem, LastLogonDate -Autosize
To sync AD sync-
Import-Module ADSync
# For a Delta Sync (most common, and used for most situations):
Start-ADSyncSyncCycle -PolicyType Delta
# For a Full Sync (only necessary in some situations):
Start-ADSyncSyncCycle -PolicyType Initial
Resume-MailboxDatabaseCopy -Identity DB1\MBX1
Mailbox Size
Get-MailboxDatabase | Get-MailboxStatistics | Sort-Object TotalItemSize -Descendin | ft -property DisplayName,TotalItemSize
How to find discovery mailbox name-
Get-Mailbox -Resultsize unlimited -Filter {RecipientTypeDetails -eq "DiscoveryMailbox"}
How to create discover mailbox-
New-Mailbox -Name "Discovery Search Mailbox" -Discovery
Add-MailboxPermission "Discovery Search Mailbox" -User Administrator -AccessRights FullAccess -InheritanceType all
Get-MailboxDatabase | Get-MailboxStatistics | Sort-Object TotalItemSize -Descendin | ft -property DisplayName,TotalItemSize
How to find discovery mailbox name-
Get-Mailbox -Resultsize unlimited -Filter {RecipientTypeDetails -eq "DiscoveryMailbox"}
How to create discover mailbox-
New-Mailbox -Name "Discovery Search Mailbox" -Discovery
Add-MailboxPermission "Discovery Search Mailbox" -User Administrator -AccessRights FullAccess -InheritanceType all
How to export discovery mailbox (or any other mailbox) to PST-
New-MailboxExportRequest -Mailbox "Discovery Search Mailbox" -FilePath "\\server\share\export.pst"
Get-MailboxExportRequest | Get-MailboxExportRequestStatistic
Get all Mailbox Move Statistics-
Get-MoveRequest -resultsize unlimited | Where-Object {$_.status -notlike “null”} | Get-MoveRequestStatistics | select DisplayName, StatusDetail, *Size, *Percent* | ft
Get list of who has full access to a mailbox-
Get-Mailbox | Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | Select Identity,User,@{Name='Access Rights';Expression={[string]::join(', ', $_.AccessRights)}} | Export-Csv -NoTypeInformation mailboxpermissions.csv
Calendar Permissions-
Get-MailboxFolderPermission -identity “username:\Calendar”
To change permissions on a Calendar item, type the following command:
Add-MailboxFolderPermission -identity “Managingdirector:\Calendar” -user “personalassistant” -AccessRights Editor
Give user full access to mailbox-
Add-MailboxPermission -identity Bob@domain.com –user Alan@domain.com –AccessRights FullAccess -AutoMapping:$false
Give user full access to ALL mailboxes-
Get-Mailbox | Add-mailboxpermission -user Alan@domain.com -AccessRights FullAccess
Forward to External Email address *without* making a contact-
Set-Mailbox -Identity user@internaldomain.com -DeliverToMailboxAndForward $true -ForwardingSMTPAddress user@externaldomain.com
See if mail is forwarding-
Get-Mailbox user@domain.com | FL DeliverToMailboxAndForward,ForwardingAddress,ForwardingSmtpAddress
Check all forwarding-
Get-Mailbox -ResultSize Unlimited | Where {($_.ForwardingAddress -ne $Null) -or ($_.ForwardingsmtpAddress -ne $Null)} | Select Name, ForwardingAddress, ForwardingsmtpAddress, DeliverToMailboxAndForward
Change UPN-
Set-MsolUserPrincipalName -UserPrincipalName <OldUPN> -NewUserPrincipalName <NewUPN>
Check Searching-
Get-MailboxDatabaseCopyStatus -Server $env:ComputerName | Format-Table Name,Status,ContentIndex* -Auto
Test-ExchangeSearch -Identity AlanBrewer@contoso.com
Distribution Group Send As
Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline -UserPrincipalName admin@Megastarfinance.onmicrosoft.com
Add-RecipientPermission -Identity accounting@megastarfinancial.com -Trustee dlewis@megastarfinancial.com -AccessRights SendAs
New-MailboxExportRequest -Mailbox "Discovery Search Mailbox" -FilePath "\\server\share\export.pst"
Get-MailboxExportRequest | Get-MailboxExportRequestStatistic
Get all Mailbox Move Statistics-
Get-MoveRequest -resultsize unlimited | Where-Object {$_.status -notlike “null”} | Get-MoveRequestStatistics | select DisplayName, StatusDetail, *Size, *Percent* | ft
Get list of who has full access to a mailbox-
Get-Mailbox | Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | Select Identity,User,@{Name='Access Rights';Expression={[string]::join(', ', $_.AccessRights)}} | Export-Csv -NoTypeInformation mailboxpermissions.csv
Calendar Permissions-
Get-MailboxFolderPermission -identity “username:\Calendar”
To change permissions on a Calendar item, type the following command:
Add-MailboxFolderPermission -identity “Managingdirector:\Calendar” -user “personalassistant” -AccessRights Editor
Give user full access to mailbox-
Add-MailboxPermission -identity Bob@domain.com –user Alan@domain.com –AccessRights FullAccess -AutoMapping:$false
Give user full access to ALL mailboxes-
Get-Mailbox | Add-mailboxpermission -user Alan@domain.com -AccessRights FullAccess
Forward to External Email address *without* making a contact-
Set-Mailbox -Identity user@internaldomain.com -DeliverToMailboxAndForward $true -ForwardingSMTPAddress user@externaldomain.com
See if mail is forwarding-
Get-Mailbox user@domain.com | FL DeliverToMailboxAndForward,ForwardingAddress,ForwardingSmtpAddress
Check all forwarding-
Get-Mailbox -ResultSize Unlimited | Where {($_.ForwardingAddress -ne $Null) -or ($_.ForwardingsmtpAddress -ne $Null)} | Select Name, ForwardingAddress, ForwardingsmtpAddress, DeliverToMailboxAndForward
Change UPN-
Set-MsolUserPrincipalName -UserPrincipalName <OldUPN> -NewUserPrincipalName <NewUPN>
Check Searching-
Get-MailboxDatabaseCopyStatus -Server $env:ComputerName | Format-Table Name,Status,ContentIndex* -Auto
Test-ExchangeSearch -Identity AlanBrewer@contoso.com
Distribution Group Send As
Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline -UserPrincipalName admin@Megastarfinance.onmicrosoft.com
Add-RecipientPermission -Identity accounting@megastarfinancial.com -Trustee dlewis@megastarfinancial.com -AccessRights SendAs
Non-Exchange-
Get-ADUser -filter {Enabled -eq $True} -Properties passwordlastset | sort passwordlastset -descend | ft -property samaccountname,passwordlastset
Get Members of Domain Admin-
Get-ADGroupMember "Domain Admins" | ft -property samaccountname
Get Password Never Expires-
Get-ADUser -filter {Enabled -eq $True} -Properties passwordneverexpires | sort PasswordNeverExpires | ft -property SamAccountName,PasswordNeverExpires
Last Logon-
Get-ADUser -filter {Enabled -eq $True} -Properties LastLogonDate | sort LastLogonDate | ft -property SamAccountName,LastLogonDate
Find Windows 7 Computers that logged in within 30 days-
Get-ADComputer -Properties * -Filter {Enabled -eq $True -and OperatingSystem -like "Windows 7*"} | Where { $_.LastLogonDate -GT (Get-Date).AddDays(-30) } | FT Name, OperatingSystem, LastLogonDate -Autosize
Only enabled accounts
Get-ADUser -filter {Enabled -eq $True} -Properties passwordlastset | ft -property samaccountname,passwordlastset | export-csv test.csv
All accounts-
Get-ADUser -filter * -Properties passwordlastset | select Name,samaccountname,passwordlastset,Enabled | export-csv test.csv
Get-ADUser -filter * -Properties passwordlastset | select Name,samaccountname,passwordlastset,Enabled | export-csv test.csv
Sample user inventory-
$date = Get-Date -Format ddMMMyyyy_HH_mm
$date = Get-Date -Format ddMMMyyyy_HH_mm
Get-ADUser -Filter * -server dc1 -Properties DistinguishedName, DisplayName, Enabled, whenCreated, whenChanged, lastLogon, LastLogonDate, memberOf | Select Name,DisplayName,DistinguishedName,Enabled,@{n='LastLogon';e={[DateTime]::FromFileTime($_.LastLogon)}},LastLogonDate, whenCreated,whenChanged,@{n="memberof";e={[string]$_.memberof}}, @{N='DOMAIN';E={("XXX ")}} | Export-Csv -Delimiter ~ c:\temp\AD_Users_$date.txt -NoTypeInformation
To sync AD sync-
Import-Module ADSync
# For a Delta Sync (most common, and used for most situations):
Start-ADSyncSyncCycle -PolicyType Delta
# For a Full Sync (only necessary in some situations):
Start-ADSyncSyncCycle -PolicyType Initial
Output - Out-GridView
Set-User callie@providentconstruction.com -PermanentlyClearPreviousMailboxInfo
Open PowerShell, type-
get-aduser -filter * -properties passwordlastset, passwordneverexpires |ft Name, passwordlastset, Passwordneverexpires
To Export to CSV-
Get-ADUser -filter * -properties passwordlastset, passwordneverexpires | sort-object name | select-object Name, passwordlastset, passwordneverexpires | Export-csv -path c:tempuser-password-info-20131119.csv
For enabled only-
get-aduser -filter 'enabled -eq $true' -properties passwordlastset, passwordneverexpires |ft Name, passwordlastset, Passwordneverexpires
To see an accounts creation date-
Get-ADUser <UserName> -Properties whenCreated | Format-List Name,whenCreated
Search for files after a certain date-
forfiles /p z:\ /s /d +07/01/2024 /M *.pdf /c "cmd /c echo @path"
forfiles /p z:\ /s /d +07/01/2024 /M *.pdf /c "cmd /c echo @path"
Friday, February 8, 2019
Cisco ASA Anyconnect, some users can't resolve DNS queries.
group-policy <name> attributes
client-bypass-protocl enable
This will disable IPv6 if it's not enabled on the vpn.
client-bypass-protocl enable
This will disable IPv6 if it's not enabled on the vpn.
Thursday, January 17, 2019
Windows Server 2019, The product key you entered didn't work. Check the product key and try again, or enter a different one. (0x80070490)
Open a command prompt as administrator.
Run-
c:\windows\system32\slmgr.vbs /ipk <product_key>
OR
DISM /online /Set-Edition:ServerStandard /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX /AcceptEula
Tuesday, January 15, 2019
How to get your Dell Service Tag from the command prompt
How to get your Dell Service Tag from the command prompt-
Type-
wmic bios get serialnumber
Type-
wmic bios get serialnumber
Saturday, January 12, 2019
You try to upgrade a VMware ESXi host and get "conflicting vibs"
You try to upgrade a VMware ESXi host and get "The system encountered the following error(s)." "conflicting vibs"
SSH into the host.
SSH into the host.
esxcli software vib list | grep Mell
esxcli network nic liste
sxcli software vib remove -n net-mst
How to get an old iDrac7 to work with Java
Note- this is a bad idea from a security standpoint, so bear that in mind.
Open a command prompt as Administrator
Navigate to- C:\Program Files (x86)\Java\jre1.8.0_131\lib\security
Edit java.security (notepad)
Remove the algorithms jdk.jar.disabledAlgorithms and comment out the line that begins with jdk.tls.disabledAlgorithms=.
Open a command prompt as Administrator
Navigate to- C:\Program Files (x86)\Java\jre1.8.0_131\lib\security
Edit java.security (notepad)
Remove the algorithms jdk.jar.disabledAlgorithms and comment out the line that begins with jdk.tls.disabledAlgorithms=.
Subscribe to:
Posts (Atom)