When life gets confusing – check your AzureRM module version

I had to enable disk encryption on some existing Azure VMs this morning but I kept hitting a snag even though I had done this before and was using the same powershell as before. Here's the PowerShell: $rgName = 'MySecureRg'; $vmName = 'MySecureVM'; $KeyVaultName = 'MySecureVault'; $KeyVault = Get-AzureRmKeyVault -VaultName $KeyVaultName -ResourceGroupName $rgname; $diskEncryptionKeyVaultUrl = … Continue reading When life gets confusing – check your AzureRM module version

vNet Peering PowerShell

We have a hub and spoke design in Azure for our vNets and needed to peer the vNets together. This can be done in an ARM template and we could have deployed all three networks in one go and peered them as part of the ARM template deployment.  For various reasons that approach didn't really … Continue reading vNet Peering PowerShell

Querying IIS SMTP Smarthost Settings

Had a request to throw something together to query multiple machines and find the smarthost server that IIS was configured to use.  All I had time for was 'quick and dirty' so this is what I came up with;   get-adcomputer -filter * | Select-Object dnshostname >c:\servers.txt Get-WmiObject -Namespace "root\MicrosoftIISv2" -Class "IISSMTPServerSetting" -Filter "Name ='SmtpSvc/1'" … Continue reading Querying IIS SMTP Smarthost Settings

New Child Domain – Server Core and PowerShell

All of my domain controllers are now server core unless someone can give me a very good reason to install Windows with a GUI, so far no one has given me a good enough reason. When deploying a new child domain this means we can now use some PowerShell goodness to create our new child … Continue reading New Child Domain – Server Core and PowerShell

Restore Computer Object with AD Recycle Bin

Over the Xmas period it would seem that someone deleted a computer account from AD.  This meant that the user of that PC could not log in using that PC.  This is a Windows 2008R2 forest so to restore the computer object;   Get-Adobject -filter {samaccountname -eq "pcname$"} -IncludeDeletedObjects | Restore-Adobject   The $ on … Continue reading Restore Computer Object with AD Recycle Bin

AdminSDHolder and admincount=1 attribute

Certain groups within Active Directory are considered protected groups and are protected by AdminSDHolder.  When a user becomes a member of a protected group it will no longer inherit permissions from its parent object in AD (usually an OU).  This can mess up any carefully laid permission delegations you may have configured.  Much more on … Continue reading AdminSDHolder and admincount=1 attribute

Move users to OU based on description

Trying to keep up with job changes and ensuring users accounts are in the correct OU in AD can be problematic.  In the environment I work in each team has their own OU (I'm not sure why it is like this,  I suspect it's a case of 'that's the way we've always done it'). Anyway … Continue reading Move users to OU based on description

Mailbox Enable all users in an OU

As well as having to Skype enable all users recently (see previous post) I also had to mailbox enable the users.  With Exchange 2010 you can't just import the powershell module.  Using this article as a base I came up with this; $Session = New-Pssession -COnfigurationName Microsoft.Exchange -ConnectionUri http://exchangeservername/powershell Import-Pssession $Session Get-User -OrganizationalUnit "OU=ExampleOU,DC=Example,DC=Com" | … Continue reading Mailbox Enable all users in an OU

Skype/Lync Enable all users in an OU

I recently had to enable all users in a specific OU for Skype for Business 2015.  Easily done with Powershell; Either import the skypeforbusiness module into a normal Powershell window or run the Skype for Business Server Management Shell import-module skypeforbusiness Get-CsAduser -OU "OU=ExampleOU,DC=example,DC=com" | Enable CSuser -RegistrarPool "your pool name" -SipAddressType emailaddress