powershell

PowerShell Language Modes are a way to restrict the functionality of PowerShell to increase the security of a system. Of course, this is only one small piece in a larger security strategy, so this alone is not sufficient protection for a system. At the same time, it’s also a double-edged sword: Advantage: we remove a powerful tool from potential attackers. Disadvantage: We as administrators can no longer use PowerShell properly on a system either....

I’ll try to keep it short: If you want to manage Exchange Online via Azure Automation, Managed Identities is what you should use (as of early 2023). Legacy approach In the past, RunAs Accounts or Plaintext Credentials (🤢) were also commonly used for this purpose, but this is now considered deprecated. RunAs accounts will be discontinued by fall 2023. And I don’t have to say anything about plaintext passwords, do I?...

Here’s a quick tip on howto enable or disable the Staging Mode in Azure AD Connect via PowerShell. Sadly there is no native Cmdlet in the style of Set-ADSyncStagingMode or something like that. In this article I’ll first explain the approach and then later on list the full command block you can use. So feel free to skip below to the end of the post. The following PowerShell Cmdlets have to get executed on the Azure AD Connect Server....

I had an issue with a broken Exchange Server 2016 CU23. Or rather it was not fully installed. It was just a test environment, but I thought it would be useful or interesting to drill down on that issue. I’ll guide you through my troubleshooting steps / thought process. Try to continue Setup First I tried to resume the setup. The setup fails early - at Step 1 of 13: Stopping Services....

Here’s a quick tip on howto remove Git Branches that were already merged (thus not necessary to keep around anymore) locally on Windows, using PowerShell. Assuming that you do have Git for Windows installed. Execute these commands on your own risk. List all merged branches You can list all merged Git Branches by running: 1 git branch --merged Exclude current branch and “main” branch Then we |-pipe it into the following, to exclude the currently selected branch (marked with an asterisk *) and the main branch....

Option 1: Use M365 Admin Portal There is finally a way in the main Microsoft 365 Admin Portal. Go to “Roles” -> “Role assignments” and click on “Export admin list” to get a CSV file with all admins and their roles. Option 2: Use PowerShell / Azure AD Graph Module Just a short PowerShell snippet to list all users with administrative roles in a Microsoft 365 (or Azure AD) environment. Please note that this uses the older Azure AD Graph Module (already planned for deprecation)....

If you’re using Microsoft Booking in your Microsoft 365 Tenant, you might want to list all of the Booking calendars. Booking uses Exchange Online Mailboxes in the background. Every Booking Calendar has a corresponding Mailbox of the type “SchedulingMailbox”. If an user gets assigned “Administrator” for a Booking Calendar, they get “FullAccess” permissions for the Scheduling Mailbox. List all Booking Calendars with permission I wrote a PowerShell script to list all the Booking Mailboxes with the users that have access....

If you have Auto-Expanding Archives for Exchange Online Mailboxes enabled, you might want to find out, if it actually provisions additional storage. In the Exchange Admin Center (EAC), open the info pane of the user’s mailbox. Click on “Manage mailbox archive”. An Auto-Expanding Archive provisions more Archive storage space, if needed. Default Archives have 100 GB of storage available. If the archive is already bigger than 100 GB, we must have additional storage....

A short example for PowerShell Regular Expressions. Scenario: Match filenames like ID1234_MyDocumentXYZ.pdf.lnk. We want go get the number after ID and the rest of the filename between the underscore _ and the file extension .lnk. 1 2 3 4 5 $oldLink = "ID1337_MyDocumentXYZ.pdf.lnk" if($oldLink -match 'ID(?<id>\d+)_(?<actualFilename>.+)\.lnk$') { Write-Output "ID: $($Matches.id)" Write-Output "Actual Filename: $($Matches.actualFilename)" } (?<id>\d+) is a named regex capture group (initialized by ?<groupname>). The group matches any numeric character (\d)....

More ore less quick note for myself - on how to run a PowerShell Script using Windows Task Scheduler. Open Task Scheduler A quick way to open Task Scheduler: WIN + R, then run taskschd.msc. Create New Task Open “Task Scheduler Library” → “Create New Task”. Set all the self-explanatory options like Name, Description, User Account, Triggers, etc. Set Action Setting Value Action Start a program Program/script powershell.exe Add arguments (optional) -file "C:\Path\Script....