18 August 2024

Fix AD Certificate Authority ignoring SAN attribute

When requesting a new AD CA certifiate via web enrolment, if it's ignoring the SAN attribute in the Attributes field, run this command on the CA:

certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2

Then restart the CA service:

net stop certsvc
net start certsvc

Credit to Terence Luk.

An example of the value to use in the Attributes field to have SANs "MYSERVER" and "MYSERVER.mydomain.com" is:

san:dns=MYSERVER&dns=MYSERVER.mydomain.com

Create a Group Managed Service Account

Using PowerShell.

Create a new gMSA account:

New-ADServiceAccount -Name "gMSAuser1" -DNSHostName "gMSAuser1.mybusiness.local" -Enabled $True

Assign it for use by computer 'MYCOMPUTER':

Set-ADServiceAccount -Identity gMSAuser1 -PrincipalsAllowedToRetrieveManagedPassword MYCOMPUTER$

Add a block entry to the Exchange Online Tenant Allow/Block List

Exchange Online PowerShell:

New-TenantAllowBlockListItems -ListType Sender -Block -NoExpiration -Entries badperson@example.com -Notes "My description"

Change the DNS servers on an ESXi host

This can be done without disruption.

  1. SSH into the ESXi host
  2. Add a new DNS server: esxcli network ip dns server add --server=10.0.0.7
  3. Remove an existing DNSserver: esxcli network ip dns server remove --server=10.0.0.8

Delete large number of files using command line

del /f/s/q "E:\FOLDERTODELETE" > nul & rmdir /s/q "E:\FOLDERTODELETE"

(del should be quicker but might leave things behind. rmdir is slower but should delete things that del can't.

Collect Cisco Secure Client DART logs via command line

"C:\Program Files (x86)\Cisco\Cisco Secure Client\DART\dartcli.exe" -dst "C:\temp\DARTBundle.zip"

Add entries to a user's Outlook Trusted and Blocked senders

To add "contoso.com" and "fabrikam.com" to jsmith@example.com's Outlook Trusted Senders list, and add "jane@adatum.com" to their Blocked Senders list, without affecting existing entries:

Set-MailboxJunkEmailConfiguration -Identity jsmith@example.com -TrustedSendersAndDomains @{Add="contoso.com","fabrikam.com"} -BlockedSendersAndDomains @{Add=jane@adatum.com}

To view the user's list of Trusted Senders:

(Get-MailboxJunkEmailConfiguration jsmith@example.com).TrustedSendersAndDomains

And to view Blocked Senders:

(Get-MailboxJunkEmailConfiguration jsmith@example.com).BlockedSendersAndDomains

Connect to Remote Desktop Services database

To connect to the RDS database:

  1. Open SQL Server Management Studio as administrator.
  2. Connect the WID database: np:\\.\pipe\MICROSOFT##WID\tsql\query
  3. Access the 'RDCms' database.

Remove a list of domains from all users' Outlook Blocked Senders list

From Exchange PowerShell:

# For every user mailbox, remove blocked senders with domains in $approvedDomainList $approvedDomainList = "gooddomainexample1.com","gooddomainexample2.com","gooddomainexample3" $user= Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox')} | Select Identity $user | ForEach-Object { if ($blockedDomains = ($_ | Get-MailboxJunkEmailConfiguration).BlockedSendersAndDomains | Where-Object {$_.Split('@')[1] -in $approvedDomainList}) { $_ | Set-MailboxJunkEmailConfiguration –BlockedSendersAndDomains @{remove=$blockedDomains} Write-Host "Removed the following address(es) from {0}'s blocked list:`n`t{1}" -f $_.Name,($blockedDomains -join "`n`t") } }

Check default printer using Registry

Check these Windows Registry keys to check a user's default printer.

Default printer:

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Session redirected printer:

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\SessionDefaultDevices\X\Device

09 May 2023

Download a file using PowerShell

(new-object System.Net.WebClient).DownloadFile('https://dl.dell.com/AwesomeDrivers.EXE','C:\temp\Drivers\AwesomeDrivers.EXE')

And running PowerShell from Command Prompt:

PowerShell -Command "(new-object System.Net.WebClient).DownloadFile('https://dl.dell.com/AwesomeDrivers.EXE','C:\temp\Drivers\AwesomeDrivers.EXE')"

Get list of Office 365 licensed users, mailbox login time and licenses

Using MSOL PowerShell, outputting to CSV:

Get-MsolUser -All | Where-Object {($_.IsLicensed)}| Select UserPrincipalName, DisplayName, @{N="LastLogonDate";E={(Get-MailboxStatistics $_.UserPrincipalName).LastLogonTime}},@{n="Licenses Type";e={$_.Licenses.AccountSKUid}} | Export-Csv c:\temp\output.csv -NoTypeInformation

Manage Windows Firewall rules with PowerShell and Command Prompt

Display firewall rules that contain the word 'zebra' using PowerShell:

Show-NetFirewallRule | where {$_.DisplayName -Like "*zebra*"} | select DisplayName

Remove a firewall rule using PowerShell:

Remove-NetFirewallRule -DisplayName "Zebra Application"

Add a firewall rule using Command Prompt:

netsh advfirewall firewall add rule name="Zebra Application" dir=in action=allow protocol=TCP program="C:\program files (x86)\zebra\application.exe" profile=any enable=yes

12 April 2023

Create an Azure AD app client secret with long expiration date

After creating the app, note the app's ObjectID and use AzureAD PowerShell:

$StartDate = Get-Date
$EndDate = $StartDate.AddYears(40)
$AppSecret = New-AzureADApplicationPasswordCredential -ObjectId abcdefab-1234-abcd-abcd-123456789012 -StartDate $StartDate -EndDate $EndDate -CustomKeyIdentifier MySecretKey
Write-host $AppSecret.Value

This creates a client secret called "MySecretKey" that's valid for 40 years. The last line outputs the secret itself - take note of it as you won't be able to see it again.

18 February 2023

Redirect a URL to a file using .htaccess

Using Redirect rules:

#Redirect "/thename" "/path/to/file.txt"
#Redirect "/thename" "/path/to/file.txt"

Using a RedirectMatch rule:

RedirectMatch 301 "^/thename/?$" "/path/to/file.txt"

Using Rewrite Rules:

#RewriteEngine on
#RewriteRule "^thename/?$" "/path/to/file.txt" [L]

Import SSL certificate PFX using PowerShell

Import-PFXCertificate -CertStoreLocation Cert:\LocalMachine\My -FilePath 'C:\temp\myfile.pfx' -Password (ConvertTo-SecureString -String '(thepassword)' -AsPlainText -Force)

02 September 2022

Fix cURL error 60 "SSL certificate problem: unable to get local issuer certificate" in PHP

  1. Download the latest PEM file from here.
  2. Put it in PHP's SSL directory e.g. C:\Program Files\PHP\v8.0\extras\ssl\
  3. Edit your PHP configuration file (php.ini) - in the curl section, uncomment line and add the path to the PEM file e.g.:

    curl.cainfo = "C:\Program Files\PHP\v8.0\extras\ssl\cacert-2022-07-19.pem"

  4. Restart PHP.

Grant an MSSQL user permission to read a table

GRANT SELECT ON thedatabase.dbo.thetable TO "theuser"

17 July 2022

Change SharePoint Migration Manager temporary file storage location

If using Migration Manager to migrate on-prem files to SharePoint Online, the tool temporarily caches files on the C drive during the copy process. If there's not enough free space on the C drive, the migration will fail.

To change the storage to a different drive:

  1. In Command Prompt, navigate to the Migration tool folder:

    cd C:\Users\(user)\AppData\Roaming\Microsoft\SPMigration\Logs\Migration

  2. Delete the exiting MigrationToolStorage folder.
  3. Create a directory junction to a folder on a different drive:

    mklink /J MigrationToolStorage E:\MigrationToolStorage

Compare list of SharePoint files with on-prem file share

If you're migrating files from an on-prem file share to SharePoint, you may need to export a list of files on both sides for comparison:

  1. Install PnP PowerShell:

    Install-Module -Name "PnP.PowerShell"

  2. Connect to the SharePoint site URL:

    Connect-PnPOnline -Url https://company-my.sharepoint.com/sites/SharedFiles -Interactive

  3. Export the SharePoint files/folders in specific directory:

    Get-PnPFolderItem -FolderSiteRelativeUrl "Shared Documents/Folder1" -Recursive | Export-Csv -Path C:\temp\Folder1-SharePoint.csv

  4. Export the corresponding on-prem files/folders: In PowerShell on-prem, CD into the directory then:

    dir -Recurse | Export-Csv -Path C:\temp\Folder1-OnPrem.csv