Working with Active Directory using Get-ADUsers

Working with Active Directory using Get-ADUsers

When working with Active Directory Users sometimes its a lot easier using PowerShell to obtain all the information you require from your environment. As a Consultant I have lost count how many times I’ve used PowerShell to get information out of Active Directory and its essential to your skill set.

The most simple and effective way by running the following command, as it will dump all Active Directory Users and their properties to a CSV file located on your desktop

# Command
Get-ADUser -Filter * -Properties * | Export-CSV $env:userprofile\desktop\ADExport.csv

or

# Command
Get-ADUser -Filter * | Export-CSV $env:userprofile\desktop\ADExport.csv

What if you only require bits of information? The command only targets the Name and SamAccountName Field. Simple right?

# Command
Get-ADUSer -Filter * -Properties Name,SamAccountName | Export-CSV $env:userprofile\desktop\ADExport.csv

or

# Command
Get-ADUSer -Filter * -Properties * | Select-Object -Property Name,SamAccountName | Export-CSV $env:userprofile\desktop\ADExport.csv

The possibilities are endless, you can call all everything from the below table because it exists on the AD object by default. If you have used ExtensionAttributes or CustomAttributes you can also call these as well by adding them to your filter.

PropertySyntaxR/RWlDAPDisplayName
AccountExpirationDateDateTimeRWaccountExpires, converted to local time
AccountLockoutTimeDateTimeRWlockoutTime, converted to local time
AccountNotDelegatedBooleanRWuserAccountControl (bit mask 1048576)
AllowReversiblePasswordEncryptionBooleanRWuserAccountControl (bit mask 128)
BadLogonCountInt32RbadPwdCount
CannotChangePasswordBooleanRWnTSecurityDescriptor
CanonicalNameStringRcanonicalName
CertificatesADCollectionRWuserCertificate
ChangePasswordAtLogonBooleanWIf pwdLastSet = 0
CityStringRWl
CNStringRcn
CompanyStringRWcompany
CountryStringRWc (2 character abbreviation)
CreatedDateTimeRwhenCreated
DeletedBooleanRisDeleted
DepartmentStringRWdepartment
DescriptionStringRWdescription
DisplayNameStringRWdisplayName
DistinguishedNameString (DN)RdistinguishedName
DivisionStringRWdivision
DoesNotRequirePreAuthBooleanRWuserAccountControl (bit mask 4194304)
EmailAddressStringRWmail
EmployeeIDStringRWemployeeID
EmployeeNumberStringRWemployeeNumber
EnabledBooleanRWuserAccountControl (bit mask not 2)
FaxStringRWfacsimileTelephoneNumber
GivenNameStringRWgivenName
HomeDirectoryStringRWhomeDirectory
HomedirRequiredBooleanRWuserAccountControl (bit mask 8)
HomeDriveStringRWhomeDrive
HomePageStringRWwWWHomePage
HomePhoneStringRWhomePhone
InitialsStringRWinitials
LastBadPasswordAttemptDateTimeRbadPasswordTime, converted to local time
LastKnownParentString (DN)RlastKnownParent
LastLogonDateDateTimeRlastLogonTimeStamp, converted to local time
LockedOutBooleanRWmsDS-User-Account-Control-Computed (bit mask 16)
LogonWorkstationsStringRWuserWorkstations
ManagerString (DN)RWmanager
MemberOfADCollectionRmemberOf
MNSLogonAccountBooleanRWuserAccountControl (bit mask 131072)
MobilePhoneStringRWmobile
ModifiedDateTimeRwhenChanged
NameStringRcn (Relative Distinguished Name)
ObjectCategoryStringRobjectCategory
ObjectClassStringRobjectClass, most specific value
ObjectGUIDGuidRobjectGUID converted to string
OfficeStringRWphysicalDeliveryOfficeName
OfficePhoneStringRWtelephoneNumber
OrganizationStringRWo
OtherNameStringRWmiddleName
PasswordExpiredBooleanRWmsDS-User-Account-Control-Computed (bit mask 8388608) (see Note 1)
PasswordLastSetDateTimeRWpwdLastSet, local time
PasswordNeverExpiresBooleanRWuserAccountControl (bit mask 65536)
PasswordNotRequiredBooleanRWuserAccountControl (bit mask 32)
POBoxStringRWpostOfficeBox
PostalCodeStringRWpostalCode
PrimaryGroupStringRGroup with primaryGroupToken
ProfilePathStringRWprofilePath
ProtectedFromAccidentalDeletionBooleanRWnTSecurityDescriptor
SamAccountNameStringRWsAMAccountName
ScriptPathStringRWscriptPath
ServicePrincipalNamesADCollectionRWservicePrincipalName
SIDSidRobjectSID converted to string
SIDHistoryADCollectionRsIDHistory
SmartcardLogonRequiredBooleanRWuserAccountControl (bit mask 262144)
StateStringRWst
StreetAddressStringRWstreetAddress
SurnameStringRWsn
TitleStringRWtitle
TrustedForDelegationBooleanRWuserAccountControl (bit mask 524288)
TrustedToAuthForDelegationBooleanRWuserAccountControl (bit mask 16777216)
UseDESKeyOnlyBooleanRWuserAccountControl (bit mask 2097152)
UserPrincipalNameStringRWuserPrincipalName

Regards
The Author – Blogabout.Cloud

Dealing with SQL AlwaysOn in Skype for Business Server 2015/2019 Powershell Style

Dealing with SQL AlwaysOn in Skype for Business Server 2015/2019 Powershell Style

Dealing with a Skype for Business deployment with SQL AlwaysOn isn’t an easy task as there are a number of different elements involved from ensuring your databases are in the correct configuration to security permissions across the nodes.

I did originally create the following script while doing a customer deployment and have improved/modified to ensure I take out most of the headaches involved when deploying your backend databases.

The script runs through the following actions;

  • Check if SQL Instance
  • Check if Failover Clustering Role in configured on the two SQL servers
  • Ask to configure Failover Clustering Role (If required)
  • Convert and backup all Skype for Business Databases
  • Detect Skype for Business Folder on source SQL Server and copy to secondary
  • Configure SQL Server Service for AlwaysOn
    • Repeat task manually on the secondary server

Complete your AlwaysOn Configuration using the SQL Management Studio

Download

Set-SfBSQLDatabases (532 downloads)

Change Log

Version 1.1 – Features

  • Support Skype for Business 2019
  • Support for SQL Server 2014 Enterprise, SQL Server 2016 Enterprise

Video

Reporting Issues

If you identity any issues within running the script please email theauthor@blogabout.cloud

Regards
The Author – Blogabout.Cloud

Office ProPlus ToolKit

Office ProPlus ToolKit

Installing Office 365 ProPlus can be a bit of a headache and also there are many different tricks/hacks which can be implemented to test out the latest channels.

The Office ProPlus ToolKit script is built with following options to help you test and deploy ProPlus in the most effective way. This script is built with the following menu options

1) Configure Monthly Channel –>
2) Configure Semi Annual (Targeted) Channel –>
3) Configure Semi Annual Channel –>
4) Configure Monthly (Targeted) Channel –>
5) Configure Insider (Unsupported) Channel –>
6) Check your Office 365 ProPlus Configuration –>

7) Download the Office Readiness Toolkit for Add-ins & VBS –>
8) Download Microsoft FixIT Removal Tool –>
9) Download Offscrub Files (Office 03,07,10, O15 & O16) –>
10) Download Office 2016/2019/ProPlus Group Policy Templates –>
11) Download Office Telemetry Requirements –>

15) Download Office Deployment Tool (Official) –>
16) Download Pre-Loaded Office 365 Configuration Files –>

20) Install Office 365 ProPlus –>
21) Install SQL Express –>
22) Install SQL Management Studio –>
23) Install Office Telemetry Dashboard –>

30) Build your own configuration.xml (config.office.com) –>
31) Install Office using your modified configuration.xml –>

This script has seen a number of updates recently which have been logged below

Download

Get-OfficeProPlusToolKit.ps1 (589 downloads)

Change Log

Version 1.1 – Features

  • Download Pro-Loaded Office 365 Configuration Files – This contains Office 365 ProPlus and Office 2019. This option supports menu 20 which calls the downloaded setup.exe and xml files.
  • Support for PowerShell Version 5 – This script using Version 5 to expand Zip archives which allows the script to call the contents. If Version 5 is not detected you will be prompted to extract the required files manually.

Reporting Issues

If you identity any issues within running the script please email theauthor@blogabout.cloud

Regards
The Author – Blogabout.Cloud

PowerShell – Filtering your PowerShell outputs using Where-Object and Select-Object

PowerShell – Filtering your PowerShell outputs using Where-Object and Select-Object

When working with PowerShell and using a (get-command | fl or format-list) you will receive a whole list of information which sometimes can be difficult to digest as shown below. In most cases normally you are only after one or two pieces of key information.

Using Select-Object

Select-Object is a great command when filtering PowerShell output by a particular property example Get-Service and Name/Status

# Command
Get-Service | Select-Object -Property Name,Status

Get-Service | Select-Object -Property Name,Status

This command isnt limited to just Get-Service and can be used across all Microsoft workloads for example you wanted to see UserPrincipleName and O365 licence, Select-Object can help you achieve that.

Using Where-Object

Where-Object is a powerful option when filtering PowerShell output by a particular value, for example, Get-Service state based on stopped services

# Command

Get-Service | select -Property Name,Status | where {$_.Status -like 'Stopped'}
Get-Service | select -Property Name,Status | where {$_.Status -like ‘Stopped’}

Where-Object doesn’t just stop there, what if you just wanted all the Stopped Service begining with the letter C?

# Command

Get-Service | select -Property Name,Status | where {($_.Name -like 'C*') -and ($_.Status -like 'Stopped')
Get-Service | select -Property Name,Status | where {($_.Name -like ‘C*’) -and ($_.Status -like ‘Stopped’)}

Again where-object isnt just limited to this command, I have just both commands in PowerShell scripts I have written for a customer to achieve a desired state.

Now go and try this commands within on your computer or organisation and see what you automate.

Regards
The Author – Blogabout.Cloud



PowerShell – How to format your PowerShell output into a table using Format-Table

PowerShell – How to format your PowerShell output into a table using Format-Table

When working with PowerShell and using a (get-command | fl or format-list) you will receive a whole list of information which sometimes can be difficult to digest as shown below. In most cases normally you are only after one or two peices of key information

Get-SPOSite | Format-List

Using Format-List or LT you can specify the required information into something a bit more readable.

For example, I am currently working Get-SPOSite (SharePoint Online Sites) and I would like to know if any of the sites have sharing capabilities and site defined sharing capabilities.

# Command
Get-SPOSite | Select-Object -Property URL,SharingCapability,SiteDefinedSharingCapability | ft
Get-SPOSite | Select-Object -Property URL,SharingCapability,SiteDefinedSharingCapability | ft

As you can see from the above image the output for the required fields is more readable to my needs. You can use this approach for many different scenarios and maybe within a technical script you are writing for a deployment or an action.


Regards

The Author – Blogabout.Cloud

Office365 and PowerShell DSC? Whats this all about

Office365 and PowerShell DSC? Whats this all about

Just come across an interesting blog post about Office365DSC Module and like a kid in the candy store. Just had to have it and start playing

The module has been created by a number of Microsoft Premier Field Engineers (PFE’s) and its very much in the earlier stages but supports the following.

  • O365Group: Office 365 Groups (Security, Distribution List, Mail enabled and Office 365)
  • O365User: Office 365 User and Licenses
  • SPOSite: SharePoint Online site collection

The blog is quite vague of information but the goal is to make the community aware that the effort is currently undergoing, and that if people want to contribute to it, that they are encouraged to report issues, comments/feedback or to fork and submit Pull Requests to help out with the code base.

https://GitHub.com/Microsoft/Office365DSC

To install the Early Preview, run the following line of Powershell

install-module – Name Office365DSC -AllowPrerelease

The Author – Blogabout.Cloud



Microsoft Teams PowerShell Module Updates (Version 0.9.6 now available)

Microsoft Teams PowerShell Module Updates (Version 0.9.6 now available)

Microsoft have recently released an update to the Microsoft Teams powershell module, in this update we see 3 new exciting additions allowing more control for your Microsoft 365 Global Adminstrator or dedicated Microsoft Teams Service Administrator.

New-Team -Owner Parameter

You can now create Microsoft Teams using the Owner parameter

Edit all Teams settings on all Teams without ownership

Now as a Microsoft 365 Global Admin or Microsoft Teams Service Admi, you can edit all setting within a Microsoft Team located within your tenant.

What no licence require?

The administration account no longer requires a Microsoft Teams Licence in order to use the PowerShell Module

So now lets update Microsoft Teams PowerShell module.

I have created the following script which will check your client machine to see what version is installed and install the latest version.

Detect, Remove, Destroy and Upgrade your Microsoft Teams Module`

Regards

The Author – Blogabout.Cloud

QuickTips: Install-CsDatabase failed

QuickTips: Install-CsDatabase failed

Deploying Skype for Business and ran into the following error? Well here’s a quick tip to resolve the error.

Error(s)

Install-CsDatabase failed.

System.Management.Automation.CmdletInvocationException: Command execution failed: Requested registry access is not allowed.

Resolution(s)

Remove-CsConfigurationStoreLocation to ensure no corrupt legacy information

Run Skype for Business Topology Builder as Administrator

Once this command has been executed, you will be able to successfully publish the Skype for Business Topology.

Regards

The Author – Blogabout.Cloud

QuickTips: Get-CsManagementStoreLocation did not return a valid connection

QuickTips: Get-CsManagementStoreLocation did not return a valid connection

Deploying Skype for Business and ran into the following error? Well here’s a quick tip to resolve the error.

Error(s)

Topology Builder encountered an issue and cannot publish this topology.

Topology Builder has encountered an unexpected error from Skype for Business Server 2019 Management Shell.

Error Details:

Get-CsManagementStoreLocation did not return a valid connection.

Resolution(s)

Remove-CsConfigurationStoreLocation

Once this command has been executed, you will be able to successfully publish the Skype for Business Topology.

Regards

The Author – Blogabout.Cloud

Microsoft Teams Direct Routing with Azure Audiocodes SBC

Microsoft Teams Direct Routing with Azure Audiocodes SBC

Microsoft Teams Direct Routing is the latest in connecting your SIP trunk provider but how about leveraging the Microsoft cloud and deploy your Session Boarder Controller (SBC) into Azure.

Audiocodes are one of many SBC providers using Azure to provide an additional options with your approach to moving to Microsoft Teams.  If your a consultant deploying AudioCodes Mediant VE SBC for Microsoft Azure, this process couldnt be any easier with using Azure Resource Manager (ARM) templates which can be developed to adapt to any customer requirements.

If you have a bit of Azure knowledge in deploying new resources the below image will not be to difficult understand.

But if this is the first time you’ve looked deploying a resource in Azure, I highly recommend looking at creating a template and use Visual Studio. This will allow you to make modification in the code and learn how ARM templates work.

How much does the Audiocodes Virtual Machine cost?

The below tables is based on today costing as of 12 November 2018 and these prices may change.

VM Size Offering Family VCPU RAM Data Disk Max IOSP Temporay Storage SIP Sessions Price
D2_v2 Standard General Purpose 2 7 8 8×500 100GB 200 £75.41
D2_v3 Standard General Purpose 2 8 4 4×500 50GB 500 £66.54
D3_v2 Standard General Purpose 4 14 16 16×500 200GB 900 £150.83

Microsoft Teams Direct Routing will only get bigger as time goes on and you can expect the number of supported SIP sessions to increase (expected 6000 sessions in Q1 2019). It is also worth noting that Audiocodes also offer a multi tenant SBC so if you are a service provider, you can house multi customers on a single SBC appliance.

Regards

Author – Blogabout.Cloud