Tags » Active Directory

Securing and restricting acces to Office 365 with custom AD FS claimrules

We’ve been working hard with one of our clients to secure access to Office 365 workloads such as Exchange Online. In this specific article we will share our experience how to restrict access to Exchange Online to specific networks and for specific protocols. 1,107 more words

PowerShell

Force PKI and Password authentication simultaneously on Ubuntu

I use AD authentication in my environment (for password-based authentication)

Current Scenario

  1. A valid AD user logs in to the Ubuntu Linux server via SSH…
  2. 151 more words
Ubuntu

Configuring vRA Management Pack for vROps

Before upgrading some of the vRealize components in our lab, I wanted to check the existing operations between some of the components, namely vROps and vRA. 790 more words

Vmware

The Test Environment

One of the main things I have slowly begun to realise is just how important it is to have a test environment you can fall back on. 244 more words

Active Directory

Clean up orphaned Foreign Security Principals

Foreign Security Principals or FSPs have existed since Windows Server 2000. However, you could work as a system administrator for years without even noticing their presence because the mechanism behind them is almost fully transparent—almost. 44 more words

Windows

Taking ADUser validation a step further...

‘Sup PSHomies,

This is me every single time I sit down to use Pester…

Hehe…

While I do enjoy using Pester for operational validation, what do you do with the ones that fail? 383 more words

PowerShell

Disable and Move Computers

This will move active directory computers into another OU if they have been unused for too long.
Thanks, Jason.

# This script will disable and move Active Directory Computer Accounts
# A list of computernames must be provided to the script as a plain text file
# An AD OU must also be created to be the target when your want the computer accounts moved to
# Created by Jason Pearce, 2016 February
 
# ####################
# BEGIN Variables
# ####################
 
# Path to a .txt file containing a list of usernames you wish to disable
$FileListOfComputers = "Disable_Move_Computers_hostlist.txt"
 
# Active Directory OU (unique name) that users will move to
$MoveToOU = "Disabled Computers"
 
# Logs Path: The path to write logs
$LogPath = "."
 
# ####################
# END Variables
# ####################
 
# Import Module: Import the Powershell Active Directory module
Import-Module ActiveDirectory
 
# TimeStamp: Create a timestamp for use as part of a directory or file name
$TimeStampBefore = Get-Date -Format s | foreach {$_ -replace ":", "-"}
 
# Log Folder: Create a log folder IF it does not already exist
IF ( -Not (Test-Path -Path $LogPath)) {New-Item -Path $LogPath -ItemType Directory}
 
# Load Computers: Load list of computers into a variable
$ListOfComputers = Get-Content $FileListOfComputers
 
# Document Before: Document computers settings before making changes
$CsvBeforePath = $LogPath+'\DisableComputers-'+$MoveToOU+'-'+$TimeStampBefore+'-before.csv'
$ListOfComputers | Get-ADComputer | Export-Csv -Path $CsvBeforePath
 
# Disable Computers: Disable these Active Directory computer accounts (remove -WhatIf)
$ListOfComputers | Get-ADComputer | Disable-ADAccount
 
# Pause: Pause 30 seconds for Active Directory to replicate changes
Start-Sleep -s 30
 
# Move Users: Move these Active Directory computer accounts (remove -WhatIf)
$ListOfComputers | Get-ADComputer | Move-ADObject -TargetPath (Get-ADOrganizationalUnit -Filter 'Name -eq $MoveToOU')
 
# Pause: Pause 30 seconds for Active Directory to replicate changes
Start-Sleep -s 30
 
# TimeStamp: Create a timestamp for use as part of a directory or file name
$TimeStampAfter = Get-Date -Format s | foreach {$_ -replace ":", "-"}
 
# Document computers after making changes
$CsvAfterPath = $LogPath+'\DisableComputers-'+$MoveToOU+'-'+$TimeStampAfter+'-after.csv'
$ListOfComputers | Get-ADComputer | Export-Csv -Path $CsvAfterPath
Powershell