01 June 2025

Get certificate used in web request via PowerShell

Get information about the SSL certificate used when accessing example.com/subfolder:

$TheResponse = Invoke-WebRequest https://www.example.com/subfolder/ -UseBasicParsing -TimeoutSec 3 -ErrorAction Stop;$servicePoint = [System.Net.ServicePointManager]::FindServicePoint('https://example.com');$servicePoint.Certificate | Format-Table -Wrap -Autosize;$servicePoint.Certificate.GetCertHashString()

Then to display the certificate hash:

$servicePoint.Certificate.GetCertHashString()

Display the certificate expiration date:

$servicePoint.Certificate.GetExpirationDateString()
No comments:
Filed under:

Get upstream DNS provider

To get the IP address of the server that is making the final DNS request:

nslookup whoami.akamai.net

or

dig whoami.akamai.net

Thanks, Barmar.

No comments:
Filed under:

Get principals in a group Managed Service Account

Get which identities are allowed to retrieve the password for gMSA "MyGMSAAccountName":

Get-ADServiceAccount -identity MyGMSAAccountName -properties principalsallowedtoretrievemanagedpassword
No comments:
Filed under:

Get Service Principal Names for a computer

Get SPNs for computer account "MYSERVER":

setspn -L MYSERVER
No comments:
Filed under:

Set machine-level environment variable using PowerShell

To set a permanent machine-level environment variable:

[Environment]::SetEnvironmentVariable("VARIABLE_NAME","variable_value",'Machine')
No comments:

Create self-signed SSL certificate

Create a certificate for names "MYSERVER1.mycompany.local" and "MYSERVER1" valid for 10 years:

New-SelfSignedCertificate -DnsName MYSERVER1.mycompany.local, MYSERVER1 -CertStoreLocation cert:\LocalMachine\My -NotBefore (Get-Date).AddMonths(-1) -NotAfter (Get-Date).AddYears(10)
No comments:
Filed under:

Get group membership via Microsoft Graph

Get the ID of "My Group":

Get-MgGroup -Filter "displayName eq 'My Group'" | Select-Object Id

Get the members of that group ID and export to CSV:

$groupId = "b123ec9b-7123-4ab4-beaf-0ebe68f123d9"
$allMembers = Get-MgGroupMember -GroupId $groupId -All
$Output = foreach ($member in $allMembers) {
Get-MgUser -UserId $member.Id | Select-Object Id, DisplayName, UserPrincipalName
}
$Output | Export-CSV "C:\Temp\MyGroupMembers.csv"
No comments:

31 May 2025

Fix Disqus comments not loading in Firefox

A couple of years ago, Firefox's Enhanced Tracking Protection prevented Disqus comment sections from loading. At the time, this could be resolved by setting preference urlclassifier.trackingSkipURLs to:

disqus.com, referrer.disqus.com, *.disqus.com, c.disquscdn.com

This stopped working in Firefox version 139. Per Bugzilla, this can be resolved again by adjusting the preference value to the updated format:

*://disqus.com/*,*://*.disqus.com/*,*://referrer.disqus.com/*,*://c.disquscdn.com/*
No comments:
Filed under:

18 August 2024

Fix AD Certificate Authority ignoring SAN attribute

When requesting a new AD CA certifiate via web enrolment, if it's ignoring the SAN attribute in the Attributes field, run this command on the CA:

certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2

Then restart the CA service:

net stop certsvc
net start certsvc

Credit to Terence Luk.

An example of the value to use in the Attributes field to have SANs "MYSERVER" and "MYSERVER.mydomain.com" is:

san:dns=MYSERVER&dns=MYSERVER.mydomain.com

No comments:
Filed under:

Create a Group Managed Service Account

Using PowerShell.

Create a new gMSA account:

New-ADServiceAccount -Name "gMSAuser1" -DNSHostName "gMSAuser1.mybusiness.local" -Enabled $True

Assign it for use by computer 'MYCOMPUTER':

Set-ADServiceAccount -Identity gMSAuser1 -PrincipalsAllowedToRetrieveManagedPassword MYCOMPUTER$

No comments:

Add a block entry to the Exchange Online Tenant Allow/Block List

Exchange Online PowerShell:

New-TenantAllowBlockListItems -ListType Sender -Block -NoExpiration -Entries badperson@example.com -Notes "My description"

No comments:
Filed under:

Change the DNS servers on an ESXi host

This can be done without disruption.

  1. SSH into the ESXi host
  2. Get existing DNS servers: esxcli network ip dns server list
  3. Add a new DNS server: esxcli network ip dns server add --server=10.0.0.7
  4. Remove an existing DNSserver: esxcli network ip dns server remove --server=10.0.0.8
No comments:

Delete large number of files using command line

del /f/s/q "E:\FOLDERTODELETE" > nul & rmdir /s/q "E:\FOLDERTODELETE"

(del should be quicker but might leave things behind. rmdir is slower but should delete things that del can't.

No comments:

Collect Cisco Secure Client DART logs via command line

"C:\Program Files (x86)\Cisco\Cisco Secure Client\DART\dartcli.exe" -dst "C:\temp\DARTBundle.zip"

No comments:
Filed under:

Add entries to a user's Outlook Trusted and Blocked senders

To add "contoso.com" and "fabrikam.com" to jsmith@example.com's Outlook Trusted Senders list, and add "jane@adatum.com" to their Blocked Senders list, without affecting existing entries:

Set-MailboxJunkEmailConfiguration -Identity jsmith@example.com -TrustedSendersAndDomains @{Add="contoso.com","fabrikam.com"} -BlockedSendersAndDomains @{Add=jane@adatum.com}

To view the user's list of Trusted Senders:

(Get-MailboxJunkEmailConfiguration jsmith@example.com).TrustedSendersAndDomains

And to view Blocked Senders:

(Get-MailboxJunkEmailConfiguration jsmith@example.com).BlockedSendersAndDomains

No comments:
Filed under: ,

Connect to Remote Desktop Services database

To connect to the RDS database:

  1. Open SQL Server Management Studio as administrator.
  2. Connect the WID database: np:\\.\pipe\MICROSOFT##WID\tsql\query
  3. Access the 'RDCms' database.
No comments:

Remove a list of domains from all users' Outlook Blocked Senders list

From Exchange PowerShell:

# For every user mailbox, remove blocked senders with domains in $approvedDomainList $approvedDomainList = "gooddomainexample1.com","gooddomainexample2.com","gooddomainexample3" $user= Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox')} | Select Identity $user | ForEach-Object { if ($blockedDomains = ($_ | Get-MailboxJunkEmailConfiguration).BlockedSendersAndDomains | Where-Object {$_.Split('@')[1] -in $approvedDomainList}) { $_ | Set-MailboxJunkEmailConfiguration –BlockedSendersAndDomains @{remove=$blockedDomains} Write-Host "Removed the following address(es) from {0}'s blocked list:`n`t{1}" -f $_.Name,($blockedDomains -join "`n`t") } }

No comments:
Filed under:

Check default printer using Registry

Check these Windows Registry keys to check a user's default printer.

Default printer:

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Session redirected printer:

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\SessionDefaultDevices\X\Device

No comments:

09 May 2023

Download a file using PowerShell

(new-object System.Net.WebClient).DownloadFile('https://dl.dell.com/AwesomeDrivers.EXE','C:\temp\Drivers\AwesomeDrivers.EXE')

And running PowerShell from Command Prompt:

PowerShell -Command "(new-object System.Net.WebClient).DownloadFile('https://dl.dell.com/AwesomeDrivers.EXE','C:\temp\Drivers\AwesomeDrivers.EXE')"

No comments:

Get list of Office 365 licensed users, mailbox login time and licenses

Using MSOL PowerShell, outputting to CSV:

Get-MsolUser -All | Where-Object {($_.IsLicensed)}| Select UserPrincipalName, DisplayName, @{N="LastLogonDate";E={(Get-MailboxStatistics $_.UserPrincipalName).LastLogonTime}},@{n="Licenses Type";e={$_.Licenses.AccountSKUid}} | Export-Csv c:\temp\output.csv -NoTypeInformation
No comments:
Filed under:
Subscribe to: Posts (Atom)