Retrieve infos about Active Directory Based Activation via PowerShell

If you quickly want to retrieve infos about Active Directory Based Activation (ADBA) in your domain, you can use this PowerShell One-liner: 1 Get-ADDomain | %{Get-ADObject -SearchBase "CN=Activation Objects,CN=Microsoft SPP,CN=Services,CN=Configuration,$($_.DistinguishedName)" -LDAPFilter "(objectclass=msspp-activationobject)" -Properties * -ErrorAction SilentlyContinue | fl displayName,DistinguishedName,Name,msspp-csvlkpartialproductkey } I haven’t tested it in a multi-domain environment, but I think it should work. Explanation The code uses aliases, which are not great in scripts, but neat in One-Liners. It uses Get-ADDomain to determine the Distinguished Name for the Domain....

2024-11-25 · 1 min · Andreas Dieckmann

PowerShell NTFS Alternate Data Streams

The NTFS file system is used by default in Windows. And normally a file has only one associated normal data stream with the name :$DATA. But there are also the so-called “Alternate Data Streams” (ADS), which can contain additional data. These ADS are not visible in the Windows Explorer or most other applications. ADS are sometimes used by the system, but could also be used by attackers to hide data....

2024-08-30 · 3 min · Andreas Dieckmann

PowerShell Calculated Properties

If you export data via PowerShell (for example to a CSV file via Export-CSV), the original property names of the PowerShell objects are used. However, if these are not fully fitting for your purpose, you can also customize them. So-called “Calculated Properties” and the cmdlet Select-Object can be used for this. This can be used, for example, to Rename properties Format property values Create completely custom properties (e.g. by calling additional cmdlets) Output objects normally As a reminder: The selection of object properties with Select-Object is possible with the -Property parameter....

2024-08-21 · 7 min · Andreas Dieckmann

PowerShell: Filter Active Directory Computers

I recently worked on a client project, where I had to do some work around Active Directory Computers. I used PowerShell and some light filtering and processing. And now I share those examples, and hopefully someone finds them interesting or helpful. Maybe it will be me, who finds it interesting in the future. In that case: Moin Andi! 👋 Example 1: Filter Computer by Operating System Version The AD attribute OperatingSystemVersion holds the OS version with the build number in a format like this: 10....

2024-08-07 · 2 min · Andreas Dieckmann

Set PowerShell ConstrainedLanguage Mode per Group Policy

PowerShell Language Modes are a way to restrict the functionality of PowerShell to increase the security of a system. Of course, this is only one small piece in a larger security strategy, so this alone is not sufficient protection for a system. At the same time, it’s also a double-edged sword: Advantage: we remove a powerful tool from potential attackers. Disadvantage: We as administrators can no longer use PowerShell properly on a system either....

2023-05-20 · 6 min · Andreas Dieckmann

Automate Exchange Online with Azure Automation in 2024

If you want to manage Exchange Online via Azure Automation, Managed Identities is what you should use (this statement was last checked in June 2024). Legacy approach In the past, RunAs Accounts or Plaintext Credentials (🤢) were also commonly used for this purpose, but this is now considered deprecated. RunAs accounts will be discontinued by fall 2023. And I don’t have to say anything about plaintext passwords, do I? You could still use App Registrations in Entra ID, but if you really just want to automate some Exchange settings via Azure Automation, it’s not really necessary....

2023-01-09 · 4 min · Andreas Dieckmann

Set Azure AD Connect Staging Mode via PowerShell

Here’s a quick tip on howto enable or disable the Staging Mode in Azure AD Connect via PowerShell. Sadly there is no native Cmdlet in the style of Set-ADSyncStagingMode or something like that. In this article I’ll first explain the approach and then later on list the full command block you can use. So feel free to skip below to the end of the post. The following PowerShell Cmdlets have to get executed on the Azure AD Connect Server....

2022-07-21 · 2 min · Andreas Dieckmann

Exchange Server Setup Incomplete but fails to complete

I had an issue with a broken Exchange Server 2016 CU23. Or rather it was not fully installed. It was just a test environment, but I thought it would be useful or interesting to drill down on that issue. I’ll guide you through my troubleshooting steps / thought process. Try to continue Setup First I tried to resume the setup. The setup fails early - at Step 1 of 13: Stopping Services....

2022-06-23 · 8 min · Andreas Dieckmann

How to remove all merged Git Branches on Windows

Here’s a quick tip on howto remove Git Branches that were already merged (thus not necessary to keep around anymore) locally on Windows, using PowerShell. Assuming that you do have Git for Windows installed. Execute these commands on your own risk. List all merged branches You can list all merged Git Branches by running: 1 git branch --merged Exclude current branch and “main” branch Then we |-pipe it into the following, to exclude the currently selected branch (marked with an asterisk *) and the main branch....

2022-06-21 · 2 min · Andreas Dieckmann

List all Users with administrative roles in a Microsoft 365 environment

Option 1: Use M365 Admin Portal There is finally a way in the main Microsoft 365 Admin Portal. Go to “Roles” -> “Role assignments” and click on “Export admin list” to get a CSV file with all admins and their roles. Option 2: Use PowerShell / Azure AD Graph Module Just a short PowerShell snippet to list all users with administrative roles in a Microsoft 365 (or Azure AD) environment. Please note that this uses the older Azure AD Graph Module (already planned for deprecation)....

2021-12-13 · 2 min · Andreas Dieckmann