Search This Blog

Tuesday, June 19, 2018

I don’t like mondays… Powershell: Move specific files

Recently had to move files from an archive location. THe archive location was a reasonable large folder structure containing around 60000 files of various sizes (between 1Kb to 100GB+).
The archive was to be cleaned out leaving only files created on a Monday. I won’t go into why this was the case.
Came up with the following script, which works pretty well.


$SourceRootPath = '\\server01\sourceRootFolder\'
$DestinationRootPath = '\\server02\DestinationRootFolder\DesitnationSubFolder'
Set-Location $SourceRootPath

$Count = 0;

#Replicate source folder structure in destination folder
Copy-Item $SourceRootPath $DestinationRootPath -filter {PSIContainer} -Recurse -Force

$allbackups = get-childitem $SourceRootPath -Recurse -filter '*.bak' | Where-Object {!$_.PSIsContainer -and $_.lastwritetime.DayOfWeek -ne 'Monday'}

ForEach ($file in $allbackups)
{
    $Count++;
    $relativePath = Resolve-Path -Path $file.DirectoryName -Relative
    $DestinationPath = Join-Path $DestinationRootPath -childpath $relativePath.replace('.\','')
    Write-Progress -Activity "Moving  $($file.FullName)" -Status 'Progress ->' -PercentComplete (([int]($Count / $allbackups.Count)) * 100)
    Move-Item -Path $file.FullName -Destination $DestinationPath
}


Share/Bookmark

Tuesday, June 12, 2018

AWS–ADFS setup (Federation)–Windows AD

Recently had to setup ADFS federation for access to AWS.

I found an excellent article about setting this up, however I did experience some issues and I will detail them here, there is nothing wrong with the article it was just out environment.

https://aws.amazon.com/blogs/security/aws-federated-authentication-with-active-directory-federation-services-ad-fs/

What happened is that in our domain we setup some groups as  domain local security groups. As it turns out the method in this article that returns the groups for the user (rule: Get AD Groups), uses a LDAP attribute called tokengroups. What is not apparent is that this will not return groups that are distribution groups or domain local groups….

There is no obvious error that indicates this, and it was only why faulting finding that I stumbled across this article, and it has a side note that states this fact.!! Its actually in the real world example.

https://blogs.technet.microsoft.com/askds/2013/05/07/ad-fs-2-0-claims-rule-language-part-2/

So the quickest and easiest solution for us was to change the group to universal. However the second article above does detail that memberOf can be used in tokengroup place, however the result is the full distinguished name and needs to be manipulated before it can be used.

If I get time I will try and see if I can use this method. I will post here if I can.

Update: OK, looking at this further the memberOf feature only includes groups in which the user is a direct member… so nested groups become a problem.

further reference

https://social.technet.microsoft.com/wiki/contents/articles/13829.ad-fs-2-0-domain-local-groups-in-a-claim.aspx

https://www.morgantechspace.com/2015/08/active-directory-tokengroups-vs-memberof.html


Share/Bookmark

Monday, May 07, 2018

Powershell: Format Fixed Width String (-f format operator)

Had to build a table in a text format of a predetermined width. What I found is that the –f operator can assist with building this

I had a variable that I stored the text output in, and then appened the results to it.

Add table header to string variable

$StringOutput += "{0,-80}{1,10}{2,25}" -f 'Filename','Size (KB)','Date';

Then loop through results

foreach (item in list)

{

$sqlStringOutput += "{0,-80}" -f $item.Name + "{0,10}" -f ("{0:n2}" -f ($item.Length/1kb)) + "{0,25}" -f ("{0:yyyy-MM-dd HH:mm:ss}" -f ([datetime]::ParseExact($item.LastWriteTime,'MM/dd/yyyy HH:mm:ss',$null))) + $htmlbr;

}

Output

Filename                                                                         Size (KB)                     Date

filename1.bak                                                                         0.50      2018-04-22 22:37:40
filename2.bak                                                                         0.50      2018-04-23 22:39:35

So I have used different ways to build the string using formatting.

1. "{0,-80}{1,10}{2,25}"  - this is one format string, the first number 0,1,2 are the indexes of the following strings. the –80,10,25 are how wide the end string is (with padding), the – number means align left, positive align right.

2. I used multiple format strings then concatenate them together, I just found it easier to read (due to nested format strings on the numbers and dates.

References

https://blogs.technet.microsoft.com/heyscriptingguy/2013/03/11/understanding-powershell-and-basic-string-formatting/

https://ss64.com/ps/syntax-f-operator.html


Share/Bookmark

Thursday, May 03, 2018

Powershell: reveal hidden/truncated data in output

Things to try

1. $FormatEnumerationLimit = –1

2. Select-Object –ExpandProperty <property>

Output will display everything.

https://blogs.technet.microsoft.com/heyscriptingguy/2011/11/20/change-a-powershell-preference-variable-to-reveal-hidden-data/


Share/Bookmark

Powershell: List basic path info for all folders recursively

Had the need to create one big list of all folders in a folder tree. I could get this using Get-Childitem but it broke it down into a nicely formatted output, which is not what I needed.

I wanted just one path per line.

I came up with the following. Initially the output was being truncated, so long paths were truncated with …

This truncate can be removed by setting the following variable to –1

$FormatEnumerationLimit=-1

Not sure why but $FormatEnumerationLimit didnot work, I have to use the ExpandProperty function of the select-object cmdlet.

Get-ChildItem -path \\server\rootfolderpath -Recurse | ?{ $_.PSIsContainer }| Select -ExpandProperty FullName | Format-table FullName > folders.txt


Share/Bookmark

Wednesday, April 25, 2018

Office 365–Remove Office365 user/contact out of sync

Just had to deal with a hybrid office 365 environment, so on prem AD was syncing to office 365 – no writeback.

Over the time that dirsync/aad connect has been syncing, OUs have been added and removed. As such some issues have occurred with contacts and users. We then had issues when OUs were added back that contacts and users collided on some data (proxyaddresses).

In some cases we were able to make changes to the objects on prem, and these then sync’d in the next run.

However we had some where the office 365 /Azure AD object had become orphaned. Office 365 thought they were sync’d with on prem AD, and as such the gui (web) interface would not allow us to delete these objects.

This is easy to fix, just need to connect to office 365 using powershell to remove the object.

Install the powershell modules if you don’t have them

  • Install-Module -Name AzureRM -AllowClobber –Force
  • Install-Module MSOnline

Connect to Azure/Office365

  • $credential = Get-Credential
  • Connect-MsolService -Credential $credential
  • Get-MsolContact -objectid fad9c2dd-xxxxx-x-xxxx-x-x-x-x-x-x-x
  • Remove-MsolContact -objectid fad9c2dd-xxxxx-x-xxxx-x-x-x-x-x-x-x

Share/Bookmark

Thursday, August 03, 2017

OneDrive for Business - alternative email used in user look up for sharing

Hi All,
 
Just run across this issue, whilst trying to test OneDrive sharing setup.

Was trying to send myself a test share from within OneDrive for Business, however on typing in my home email address OneDrive helpfully looks this up in the Office365 directory, and returns my work email???!! Couldnot understand why this was happening. Tried some other colleagues and used their personal emails, same issue.
In the end I made a support call to Microsoft to understand what was going on.

It turned out to be an alternative email setup on the user account. Why Office365 is using this to look up a user, and then defaulting to the business account is beyond me.
Talking to the engineer MS are aware of the issue, so hopefully they will fix this and remove the alternative email from the lookup.

In the interim, the work around is to go to the user details in Office365, edit the role and then change the alternative email to another email. Yup this is a pain but at the moment there is no way 
to override this.
My community posting about this.
MS Support article for OneDrive Sharing
https://support.office.com/en-us/article/Manage-external-sharing-ee8b91c5-05ec-44c2-9796-78fa27ec8425?ui=en-US&rs=en-US&ad=US


Share/Bookmark