Hackviking He killed Chuck Norris, he ruled dancing so he took up a new hobby…

10Feb/200

Dealing with credentials in PowerShell

Whenever you write PowerShell scripts that are going to be used for automation you need to secure your credentials. The best practice is to use a service account to execute the PowerShell script and delegate whatever privileges it needs to execute. When dealing with internal systems and resources that are usually pretty easy if they all authenticate from the same ecosystem or are integrated properly. But there is instances where you need to store credentials like when working with external APIs or deattached internal system.

Continue reading...
30Jan/200

On-prem AD vs Office365

When using a local Active Directory connected to Office365 via Azure Active Directory and Azure AD Connect you will run into issues controlling Exchange features via Active Directory. Here is a quick guide how to manage it anyway.

The problem

When you connect your local Active Directory via Azure AD connect to sync everything with Office365 every synced account has to be managed locally. You can't create a local user, distribution list or contact and then change properties like who can send e-mails to it in the Office365 web ui.

At the same time there is no way to set these properties locally since properties on your Active Directory objects are missing. Fields like authOrig that controls who can send e-mails to a distribution group just isn't their.

Continue reading...
8Jan/180

Powershell: IIS Application Pool Killer

Every now and then IIS application pools lock up and needs to be killed. You can add the field PID in Task Manager and then use cmd tools to find which one of the IIS Worker Process is the right one and kill it. I created a simple script that lists all the IIS Application Pools by name, select the one you need to kill and the script kills it. The script is available on my Github and is named IISAppPoolKiller.ps1. Please comment below what you have been using this for!

Continue reading...

5Jan/180

Powershell: Pending Windows Updates

Every now and then you need to check if your servers or client computers have pending updates. You can generate a simple list of this with Powershell. I have created a script for this on my Github named ListPendingWindowsUpdates.ps1. Here is a quick breakdown of the script, feel free to use and modify it anyway you like. Please comment below what you ended up doing with it.

We always need to declare the functions of the Powershell script first but I will dig into the only function of this script below and start with the locally executed code. This script have one locally executed part and then a function that is executed on each and every server/client it lists. For this to work you need to run the script with domain admin rights. Both to access the Active Directory and to remote execute the code on each server/client.

Continue reading...

4Jan/180

Powershell: Manage folder permissions

Working with folder and share security is to often treated as set and forget. A good practice is to run daily jobs to check, report and reset permissions on shared folders and home directories. There are several ways to do this but it can easily be done from Powershell. This can also be used when migrating between servers and access needs to be added or removed. Here is a few useful code snippets when working with folder access and shares in Powershell.

Continue reading...

17Dec/170

Powershell: Manage IIS SMTP server

Setting up Microsoft Internet Information Services (IIS) SMTP service is pretty straight forward for simple implementations. It hasn't really keept up with time and I'm pretty sure not to many people use it anymore. Working with an older implementation in a system that used distributed SMTP on each and every IIS server I realized we needed to centralize it so we could secure it properly. This included re configuring an old IIS SMTP server and then add a bunch of aliases to make sure the server accepted all the incoming e-mails.

Continue reading...

18Jun/140

Exchange – List all e-mail addresses on domain

Listing all e-mail addresses for a domain on an Exchange server. It's pretty easy from Powershell but it took me a while to figure out so I thought I would share it.

get-recipient | where {$_.emailaddresses -match “<domain>”} | fl name,emailaddresses >> c:\addresses.txt
23Feb/130

View Members Dynamic E-mail Group – Exchange 2010

Always nice to be able to check who a dynamic group contains. Easy to do from the powershell with these two commands:

$DynGroup = Get-DynamicDistributionGroup "{name of dynamic distribution group}"
Get-Recipient -RecipientPreviewFilter $Dyn.RecipientFilter -OrganizationalUnit $DynGroup.RecipientContainer