WRISH

Download it here https://gallery.technet.microsoft.com/Check-and-Update-ADFS-3f27ee5e This script has probably lived its useful life, but I’m sharing it anyway, because.. well why not! When you want to quickly check to see if your published federation metadata (containing your ADFS token signing certificates) exists on Office 365 you can use Get-MsolFederationProperty that’s great if you have one domain.. but what if you have 25 or 50. Create a profile on your ADFS servers

You’ve finally made the switch on your Microsoft AD CS PKI infrastructure to SHA2 (SHA256)… but there is always one. One outlier application that won’t accept an SHA-2 certificate and needs an SHA1 certificate to keep chugging for 1 more year. Don’t worry, you can switch your Active Directory Certificate Services PKI infrastructure back to SHA-1 for a little bit. certutil -setreg ca\csp\CNGHashAlgorithm SHA1 restart-service certsvc Now issue your certificate, and switch back.

I am unashamedly cheap. Here is how to host your personal website for no cost on github pages running on a windows platform. Install a GIT client There are lots - I chose the one that came up first in a Google search and haven’t tried any others. Download Git For Windows Run Git-2.xx.x-64-bit.exe that you just downloaded and install setting the following options Use Git from the Windows Command Prompt (default) Checkout as-is, commit as-is (not default) Everything else default Choosing the second item just means you will see less verbose output if you are using a Windows only environment.

Two quick scripts to convert between ImmutableIDs and AD Objects with pipeline capability.

Download the script here Auditing user access is hard, usually you audit from resource out - eg, finding all Domain Admins, or finding all users with full acecss to SecretShare$ share on SecretServer01. But occasionally want to audit from user out.. this is hard.. even impossible (if you have a very big environment). Lets talk about the first step Enumerating Nested Groups. Token Groups Each user has a constructed attribute called tokengroups that returns a list of all transitive group memberships.

A quick, semi-powershell way to clone an OU structure from a source domain to a destination domain is to use the ldifde tool and then just modify the output. To generate the Output file Oustructure-cleaned.ldif we use ldifde to export all OUs and then remove the domain name (this is not necessary but helps later).

If you landed here, then you are very unlucky. You downloaded AADConnect version 1.1.370.0 with it’s known issue. You don’t have port 9090 open externally, so you don’t get an undocumented error Cannot retrieve single sign on status. Learn more. But do not fear. Just go and download the latest version.

When replacing certificates on servers it is nice to be able to verify that the certificate has been updated after you have done the change. Download Retrieve-ServerCertFromSocket.ps1 With websites this tends to be very easy - enter the address in Internet Explorer and doubleclick the padlock to view the certificate. This doesn’t work in lots of situations though - no IE available in the environment, when you are trying to use a particular SNI header that doesn’t match your connectivity method on your client machine, or when you want to get a secure LDAP certificate - port 636 or 3269 from a Domain Controller.

Occasionally in Exchange you will accidentally or intentionally recreate a user, or delete some values from their object - this will impact the LegacyExchangeDN value. I have seen this happen where mailuser objects were removed from Office 365, the user objects were cloud only and the LegacyExchangeDN was gone forever. Contrary to its name, the LegacyExchangeDN value is critical to maintaining active conversations within your organisation. When a user’s legacyExchagneDN is lost, collegues replying to conversations with that user will get an NDR.

When I perform schema changes in very large forests it is nice to be able to track the status of the change as it replicates throughout the forest. I wanted to create a script that would quickly tell me what the current schema was on over 100 DCs. If you don’t want to see how it was done you can just Download Track-LyncSchema.ps1 Starting with some scripts that I have built before foreach-parallel to do parallel processing, get-forestDomainControlles to get a list of all DCs in the forest and get-LdapData to do direct ldap lookups quickly.