Category: Powershell
How can I see what OS version my Azure VM is running?
I wanted to check what OS version I had deployed on a server in Azure, but I couldn’t remember if it was 2012 R2 or 2016.
I checked the server object in Azure and it gave me this
Hmmm…. that didn’t really answer my question (yes I could connect via RDP, but some times you can’t)
I know there are several scripts you can run to get information (that will need a connection, running scripts and so on, not everyone has this access, so they should be able to view this without scripts)
So I decided to check the disk connected to the server, and that gave me a better answer 🙂
There I can see it was a 2012 R2 DC based on the image 4.127….
So in the Resource group (or on VM) find the disk for the server, and you will see the Disk info in the Overview.
Enjoy
Get system uptime
We all have our own ways of finding a servers / computers uptime.
But I thought I’d share my favorite way:
function Get-SrvUptime
{
$operatingSystem = Get-WmiObject Win32_OperatingSystem
[Management.ManagementDateTimeConverter]::ToDateTime($operatingSystem.LastBootUpTime)
}
Remove – AzureRmApplicationGateway
If you want to remove Azure Application Gateway Backend HTTP Settings / Probe configs / Backend Address Pools / HTTP Listeners or something else from the Azure Application Gateway, you might end up with the same Microsoft Doc’s as me.
https://docs.microsoft.com/en-us/powershell/module/azurerm.network/remove-azurermapplicationgatewaybackendhttpsettings?view=azurermps-4.4.1
As you see from the post it tells you what to do, but when you check the config in the Portal, it is not gone.
What is missing from the information feed here is that you get the Azure Application Gateway info, then you remove it, and get the code to define it, so the missing ingredient is:
Set-AzureRmApplicationGateway -ApplicationGateway $AppGw
That way you list out the current config, then get the new config, then SET the new config.
And now it is correct in the GUI too 🙂
Create #HASHED password file for PowerShell use
Connect to Azure/Office365 based on encrypted txt file
$encrypted = Get-Content “D:\Scripts\Azure_Encrypted_Password.txt” | ConvertTo-SecureString
Update UPN on multiple users
I recently did an LDIFDE import of a lot of users to a test domain, and the UPN is not sett on the user objects.
So to change/set the UPN for all my users in the test domain I used this little string. Worked like a charm
I gets all the users objects in the Domain Sameie.com, and it sets the UPN to username@sameie.info
Get-ADUser -searchbase “DC=sameie,DC=com” -filter * | foreach {set-adusers $_ -userprincipalname (“{0}@{1}” -f $_.samaccountname,”sameie.info”)}
Select Azure Subscription to work with
When you have a larger organisation, you will have several Azure Subscriptions to work against. So here is how you switch.
1. Open Powershell
2. Type in: Add-AzureRmAccount
(in pop-up enter admin id and password)
3. It will list up the subscription you are connected to when you have authenticated
4. Type in: Get-AzureRmSubscription
(will list out all your subscriptions)
5. Find the Subscription you want to connect to
6. Type in: Select-AzureRmSubscription -SubscriptionId “ENTER THE SUBSCRIPTION ID”
You can choose SubscriptionName too, but I prefere SubscriptionID
Count directory Objects in Active Directory
Some times you need to find out how many directory Objects you have in your AD.
A quick way of getting this done is to use the following PowerShell string
Get-ADObject -Filter {name -like ‘*’} -SearchBase ‘CN=Schema,CN=Configuration,DC=sameie,DC=COM’ -ResultSetSize $null | Measure-Object >c:\tmp\object_dump.txt
This will dump the information into a easy to read text file
Now you know how many Objects you have.
Can’t Create Resources in Resource Group
I created a resource group and gave my colleague the contributor access to the resources group.
Then he was going to deploy Logic App, but got an error that he does not have access and is not authorized. So he tried to deploy a VM, same issue.
I deployed Logic App for him (not problem).
The error he gets looks like this:
Resource creation fails with the error which looks like below- Registering the resource providers has failed. Additional details from the underlying API that might be helpful: ‘AuthorizationFailed’ – The client xxx@xxx.com’ with object id ‘af648edh-5336-sf55-ff2f-14873afdc259’ does not have authorization to perform action ‘Microsoft.Compute/register/action’ over scope ‘/subscriptions/245455vgd4-34gg-afe4-975f-3345gdgs34s’. (Code: AuthorizationFailed)
Hmmmm….. What’s going on here?
With the contributor access to a resource group, you can create a resource e.g. a VM or Logic App. What went wrong here if we look at the error message and focus on ‘Microsoft.Compute/register/action’ over scope ‘/subscriptions/245455vgd4-34gg-afe4-975f-3345gdgs34s’. is that he is not authorized to create a resource, it is the authorization error to register a resource provider. So how do we solve it?
Well after a bit of Googling if found a solution that worked for me,
- Log into Azure with an identity which has a subscription level access to register a resource provider e.g. admin/owner.
- Using PowerShell (PoSh) register the resource providers you need at the subscription level. You can also see which providers are available and registered already.
Open Powershell and enter the following:
– Login-AzureRmAccount
#List out all Subscriptions you have access to
– Get-AzureRmSubscription
– $subscriptionId= “<Subscription Id>”
– Select-AzureRmSubscription -SubscriptionId $subscriptionId
– Get-AzureRmResourceProvider -ListAvailable | Register-AzureRmResourceProvider -Force
Get Users based on LastLogOnTimeStamp x number of days
December 16, 2019
Active Directory, Powershell, Security, Tips and Trix, Windows
No Comments
vincent
active directoryadpowershellsecuritytooluser