Tag: security


Get Users based on LastLogOnTimeStamp x number of days


# ==============================================================================================
# NAME: Get active users that have not signes in for x amount of day
# 
# AUTHOR: Vincent Christiansen, vincent@sameie.com
# DATE  : 16/12/2019
# 
# COMMENT: This script will prompt you for what OU you want the members listed (OUs - distinguishedName), how many days you want it to list from and export them to a txt file
#          If you change the MD directory (bellow), don't forget to change the $location too. Good luck
#
# ==============================================================================================

MD C:\tmp\Scripts -ErrorAction SilentlyContinue

    Write-Host
    Write-host "From what OU (distinguishedName) do you want to list the users? :" -ForegroundColor Yellow -Nonewline
    $OU = Read-Host 

    Write-host  "What do you want to call the file? :" -ForegroundColor Yellow -NoNewLine         
    $File = Read-Host

    Write-host  "How many days? :" -ForegroundColor Yellow -NoNewLine         
    $Days = Read-Host

$tmp = "$OU.tmp"
$location = "c:\tmp\Scripts\"
$output = "$location\$tmp.txt"



Get-ADUser -Filter {Enabled -eq $TRUE} -SearchBase $OU -Properties Name,SamAccountName,LastLogonDate | Where {($_.LastLogonDate -lt (Get-Date).AddDays(-$days)) -and ($_.LastLogonDate -ne $NULL)}| Sort | Select Name,SamAccountName,LastLogonDate | Out-File "$location\$File.txt"

Can’t Create Resources in Resource Group


I created a resource group and gave my colleague the contributor access to the resources group.

Then he was going to deploy Logic App, but got an error that he does not have access and is not authorized. So he tried to deploy a VM, same issue.
I deployed Logic App for him (not problem).

The error he gets looks like this:
Resource creation fails with the error which looks like below- Registering the resource providers has failed. Additional details from the underlying API that might be helpful: ‘AuthorizationFailed’ – The client xxx@xxx.com’ with object id ‘af648edh-5336-sf55-ff2f-14873afdc259’ does not have authorization to perform action ‘Microsoft.Compute/register/action’ over scope ‘/subscriptions/245455vgd4-34gg-afe4-975f-3345gdgs34s’. (Code: AuthorizationFailed)

Hmmmm….. What’s going on here?

With the contributor access to a resource group, you can create a resource e.g. a VM or Logic App. What went wrong here if we look at the error message and focus on ‘Microsoft.Compute/register/action’ over scope ‘/subscriptions/245455vgd4-34gg-afe4-975f-3345gdgs34s’. is that he is not authorized to create a resource, it is the authorization error to register a resource provider. So how do we solve it?

Well after a bit of Googling if found a solution that worked for me,

  • ​Log into Azure with an identity which has a subscription level access to register a resource provider e.g. admin/owner.
  •  Using PowerShell (PoSh) register the resource providers you need at the subscription level. You can also see which providers are available and registered already.

Open Powershell and enter the following:

– Login-AzureRmAccount

#List out all Subscriptions you have access to
– Get-AzureRmSubscription

– $subscriptionId= “<Subscription Id>”

– Select-AzureRmSubscription -SubscriptionId $subscriptionId

 
#List all available providers and register them
– Get-AzureRmResourceProvider -ListAvailable | Register-AzureRmResourceProvider -Force​​
*****UPDATE****
with the “new” AZ Module, you can now run this command:
Get-AzResourceProvider -ListAvailable | Register-AzResourceProvider